Serndpt

System appears to be operating fine. I'm just a bit paranoid when I see those windows pup up of late and became concerned I'd somehow gotten a virus or something. Is it ok to uninstall the programs we used? Thanks so much for your time and patience. I'm thankful there are people like you in the world willing to help people like me

ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3b64101b0851b94e9051c92afd4d4a53 # end=init # utc_time=2015-10-26 07:08:09 # local_time=2015-10-26 02:08:09 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 Update Init Update Download Update Finalize Updated modules version: 26420 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # EOSSerial=3b64101b0851b94e9051c92afd4d4a53 # end=updated # utc_time=2015-10-26 07:10:09 # local_time=2015-10-26 02:10:09 (-0600, Central Daylight Time) # country="United States" # osver=6.1.7601 NT Service Pack 1 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7777 # api_version=3.1.1 # EOSSerial=3b64101b0851b94e9051c92afd4d4a53 # engine=26420 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-10-26 11:29:52 # local_time=2015-10-26 06:29:52 (-0600, Central Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Microsoft Security Essentials' # compatibility_mode=5895 16777213 100 100 11682565 68774586 0 0 # scanned=1333223 # found=60 # cleaned=0 # scan_time=15582 sh=28B29A0AA2F451EC3837933CE5B1BD353CF0DF3E ft=1 fh=d9a532cac918a019 vn="MSIL/Adware.StrongVault.A application" ac=I fn="C:\AI_RecycleBin\{B89CD067-823C-47B7-BE9A-653EEDF44297}\3\Strongvault\StrongVaultApp.exe" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll" sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnstub.exe" sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe" sh=78D39055963B638142A26F6A1CA0858557F1553D ft=1 fh=22097666a78966a3 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe" sh=E51D31466DA5738E4D029C788B93EF7D428648A3 ft=1 fh=5cf3f026d273c9eb vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup403.exe" sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup404.exe" sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup406.exe" sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup410.exe" sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup416.exe" sh=DFDA3BEB6A8E9899118BBDE16E4DE6878E323A90 ft=1 fh=dc19b4d7d4992970 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup419.exe" sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup500(1).exe" sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup500.exe" sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup501(1).exe" sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup501.exe" sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup502(1).exe" sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup502.exe" sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup503.exe" sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup504.exe" sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup505(1).exe" sh=3032CB5B0066ACB77259EC89E9ECAFDB21C06BE6 ft=1 fh=4cc4f419610b1b22 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup505.exe" sh=012CB3E628C9FAC1159A4BA01F79C6C905757FF9 ft=1 fh=2ab5bfb1b985039b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup506.exe" sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup507(1).exe" sh=BCA0BBDC1ECA7D7049B11DFDF06A731B0DEB0330 ft=1 fh=5d043d2b7dcbb6c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup507.exe" sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup508(1).exe" sh=AA7AFFCBDAF13C3872F32EACCF3BEFB92FD0FA80 ft=1 fh=02ff89afc7fa57e5 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup508.exe" sh=2CF9F87AA2EA689D9B9F5CCED4C51B2595C19027 ft=1 fh=4b16eff5bfe216f3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup510(1).exe" sh=2CF9F87AA2EA689D9B9F5CCED4C51B2595C19027 ft=1 fh=4b16eff5bfe216f3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Kai\Downloads\ccsetup510.exe" sh=5C15DD22371ADF076E0A4C92CE8505B78735F5E5 ft=1 fh=3dcff3cf0eec3a86 vn="a variant of Win32/UniBlue.F potentially unwanted application" ac=I fn="C:\Users\Kai\Downloads\driverscanner.exe" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DSX9429Z\ApnIC[1].0" sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\AppData\Local\Temp\AskSLib.dll" sh=023D56C5A1D2E233CF02C667450D48293071AD8C ft=0 fh=0000000000000000 vn="JS/Redirector.NCL trojan" ac=I fn="J:\!Kai\AppData\Roaming\Mozilla\Firefox\Profiles\651ic4rf.default\extensions\{b781ca5c-f9fa-4709-bfb8-6c9427f57f36}.xpi" sh=57374E3996B9C569588FA3C8775BFD59D90C4C8F ft=1 fh=d244986abfd3fdf4 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Desktop\Downloads\frostwire-4.18.5.windows.exe" sh=E540CB01664014FCFD3454C69B5420926E82DB03 ft=1 fh=56d5d86fa88a76f2 vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="J:\!Kai\Desktop\Downloads\registrybooster.exe" sh=36603EEDEA03EBD207D487261C8D1A0F9A8EA0E7 ft=1 fh=b1182b5f3d104d47 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Desktop\Downloads\videora-ipodclassic-405-setup.exe" sh=57374E3996B9C569588FA3C8775BFD59D90C4C8F ft=1 fh=d244986abfd3fdf4 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\frostwire-4.18.5.windows.exe" sh=E540CB01664014FCFD3454C69B5420926E82DB03 ft=1 fh=56d5d86fa88a76f2 vn="Win32/RegistryBooster potentially unwanted application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\registrybooster.exe" sh=36603EEDEA03EBD207D487261C8D1A0F9A8EA0E7 ft=1 fh=b1182b5f3d104d47 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Desktop Folders from C\Downloads\videora-ipodclassic-405-setup.exe" sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en (1).exe" sh=321D55C88A529D02A44F97BF6498451F7D4C70CE ft=1 fh=97ec66a52017a80c vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en(1).exe" sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\!Kai\Downloads\avira_free_antivirus_en.exe" sh=3F3CA18A0E5DF18184D20F127C364AC5718B8759 ft=1 fh=69dd749ca0e21f7e vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="J:\!Kai\Downloads\ccsetup326pro.exe" sh=642EAE83A0B04822A1A194F3AA8FFD79AE65C1C2 ft=1 fh=61b6c1e0c1208a47 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="J:\!Kai\Downloads\cpu-z_1.57-setup-en.exe" sh=B68F52C80C2FB3D7AA70FF811E349FE1C26D6F11 ft=1 fh=7d620a497d08cf16 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="J:\!Kai\Downloads\Media Player Installer.exe" sh=7074656A5B0F95878CEE5C66064D212D1B0E9ABF ft=1 fh=0dec4c294183a8b7 vn="Win32/FreeInstaller potentially unwanted application" ac=I fn="J:\!Kai\Downloads\OpenOfficeInstaller.exe" sh=5BCBA1C25D5BEB2AD67A91FD407CF2D36710901A ft=1 fh=00640f97360e4fc8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\PhotoScape_V3-6-3.exe" sh=5BCBA1C25D5BEB2AD67A91FD407CF2D36710901A ft=1 fh=00640f97360e4fc8 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\PhotoScape_V3.6.3.exe" sh=C4425890E6D2CB946269A2559DC7AD0E03580EF7 ft=1 fh=e5c2928fd3d3f9a2 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="J:\!Kai\Downloads\Shockwave_Installer_Slim.exe" sh=C778CE6D84EBC30765D03E59354D5A28B7F90CEC ft=1 fh=b86457c69e0ddb72 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5581_full_emusic-7plus_en-us.exe" sh=28D708F1ACA2EC3EEF0A994D02D92C061C2E12D8 ft=1 fh=ade3728bbb74c600 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5601_full_emusic-7plus_en-us.exe" sh=C50327BB9A73FD5EEE419F280A1CAB3710A87EEE ft=1 fh=979cba7a17c4654d vn="Win32/OpenCandy potentially unsafe application" ac=I fn="J:\!Kai\Downloads\winamp5623_full_emusic-7plus_all.exe" sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en (1).exe" sh=321D55C88A529D02A44F97BF6498451F7D4C70CE ft=1 fh=97ec66a52017a80c vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en(1).exe" sh=1767EC6D9A3622D113B935987FCBAE559BE644FC ft=1 fh=30448f7e1b3967ef vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="J:\Downloads\avira_free_antivirus_en.exe"

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-10-2015 02 Ran by Kai (2015-10-25 19:35:23) Running from C:\Users\Kai\Contacts\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2013-05-16 15:27:44) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2855246755-1798518092-654647340-500 - Administrator - Disabled) Guest (S-1-5-21-2855246755-1798518092-654647340-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2855246755-1798518092-654647340-1003 - Limited - Enabled) Kai (S-1-5-21-2855246755-1798518092-654647340-1002 - Administrator - Enabled) => C:\Users\Kai ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.) Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.1.1 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.2.0.129 - Adobe Systems Incorporated) Adobe Extension Manager CC (HKLM-x32\...\{244FD30F-63F1-49B9-9D98-1150FF4FFCB1}) (Version: 7.3.2 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated) Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.1.1 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0.1 - Adobe Systems Incorporated) Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated) Alchemy Beta x64 (HKLM\...\AlchemyBeta) (Version: 3.8.1.35916 - Alchemy Viewer Project) Alchemy Viewer x64 (HKLM\...\AlchemyViewer) (Version: 3.8.2.36473 - Alchemy Viewer Project) Amazon Kindle (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon Kindle) (Version: - Amazon) Amazon Kindle (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Kindle) (Version: - Amazon) Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon MP3 Downloader 1.0.18 (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC) Amazon Music (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC) AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version: - ) Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.170 - Atheros) Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team) Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.13.210 - Avira Operations GmbH & Co. KG) Blender (HKLM\...\Blender) (Version: 2.73 - Blender Foundation) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Corel Painter 13 - IPM (Version: 13.0 - Corel Corporation) Hidden Corel Painter 13 - IPM Content (Version: 13.0 - Corel Corporation) Hidden Corel Painter X3 (HKLM\...\_{EF449371-6B69-49C8-B789-76A0B0E3446B}) (Version: 13.0.0.704 - Corel Corporation) CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) Crazybump (remove only) (HKLM-x32\...\Crazybump) (Version: - ) CtrlAltStudio-Viewer-Alpha (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Alpha) (Version: 1.2.4.43384 - CtrlAltStudio) CtrlAltStudio-Viewer-Release (remove only) (HKLM-x32\...\CtrlAltStudio-Viewer-Release) (Version: 1.2.1.41169 - CtrlAltStudio) CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.5425 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.67 - Dell Inc.) Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.67 - Dell Inc.) Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell) Dell System Detect (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell) Dell System Detect (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\73f463568823ebbe) (Version: 6.6.0.2 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Dell Inc.) Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited) Dropbox (HKLM-x32\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player) Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION) Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation) Epson Event Manager (HKLM-x32\...\{17FA0444-A025-43B9-862C-81AE6307C2F2}) (Version: 3.10.0050 - Seiko Epson Corporation) Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.51.00 - SEIKO EPSON CORPORATION) EPSON NX510 Series Printer Uninstall (HKLM\...\EPSON NX510 Series) (Version: - SEIKO EPSON Corporation) Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - ) EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation) EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.) EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.) EPSON WF-2630 Series Printer Uninstall (HKLM\...\EPSON WF-2630 Series) (Version: - SEIKO EPSON Corporation) Epson WF-2630 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2630 User’s Guide_is1) (Version: 1.0 - ) EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION) EpsonNet Setup (HKLM-x32\...\{FFFAE01B-466F-4C07-9821-A94FD753BDDA}) (Version: 3.1c - SEIKO EPSON CORPORATION) Filter Forge 3.015 (HKLM-x32\...\Filter Forge 3_is1) (Version: - Filter Forge, Inc.) Filter Forge 4.014 (HKLM-x32\...\Filter Forge 4_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 1 - Metals 2.013 (HKLM-x32\...\Filter Forge Freepack 1 - Metals_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 2 - Photo Effects 2.013 (HKLM-x32\...\Filter Forge Freepack 2 - Photo Effects_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 3 - Frames 2.013 (HKLM-x32\...\Filter Forge Freepack 3 - Frames_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 4 - Distortions 2.013 (HKLM-x32\...\Filter Forge Freepack 4 - Distortions_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 5 - Hearts 2.013 (HKLM-x32\...\Filter Forge Freepack 5 - Hearts_is1) (Version: - Filter Forge, Inc.) Filter Forge Freepack 6 - Patterns 2.013 (HKLM-x32\...\Filter Forge Freepack 6 - Patterns_is1) (Version: - Filter Forge, Inc.) Firebird 2.5.0.26074 (Win32) (HKLM-x32\...\FBDBServer_2_5_is1) (Version: 2.5.0.26074 - Firebird Project) Firestorm SecondLife and OpenSim viewer (Version: 4.7.47323 - Phoenix Viewer Project) Hidden Firestorm-Releasex64 x64 (HKLM-x32\...\{87a36c50-4766-41e3-b23b-2354a2ff60bf}) (Version: 4.7.47323 - Phoenix Firestorm Project Inc) Flame Painter 2.5.0 Personal (64bit) (HKLM\...\Flame Painter 2.5.0 Personal (64bit)_is1) (Version: 2.5.0 - Escape Motions, s.r.o) GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden Gyazo 3.1.6 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) IconHandler 64 bit (Version: 2.0 - Corel Corporation) Hidden Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation) iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.) Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation) Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation) Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden KokuaViewer (remove only) (HKLM-x32\...\KokuaViewer) (Version: - ) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla) MSI to redistribute MS VS2005 CRT libraries (HKLM-x32\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project) Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Multimedia Card Reader (x32 Version: 1.7.915.93 - Fitipower) Hidden NexusFont 2.5 (ver 2.5.8.1582) (HKLM-x32\...\{EFEDD205-43FE-4208-B682-0937E803E19E}_is1) (Version: - xiles) NVIDIA 3D Vision Controller Driver 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation) NVIDIA 3D Vision Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 350.12 - NVIDIA Corporation) NVIDIA GeForce Experience 2.4.5.57 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.57 - NVIDIA Corporation) NVIDIA Graphics Driver 350.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 350.12 - NVIDIA Corporation) NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - ) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OnLive (HKLM-x32\...\OnLive) (Version: - OnLive) onOne Panel for Photoshop CS6 (HKLM-x32\...\{B6556F56-796F-42F1-A761-AA02584F1E06}) (Version: - ) OpenGL Extensions Viewer 4.1 (HKLM-x32\...\GLVIEW3) (Version: 412 - ) OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation) OpenRL Runtime 1.3.1000.14 x64 (HKLM\...\{250C8D22-1757-11E3-818E-1803734DBB4F}) (Version: 1.3.1000.14 - Caustic Graphics, Inc.) Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC) Painter 13 - Contentx64 (Version: 13.0 - Corel Corporation) Hidden Painter 13 - Core (Version: 13.0 - Corel Corporation) Hidden Painter 13 - Corex64 (Version: 13.0 - Corel Corporation) Hidden Painter 13 - EN (Version: 13.0 - Corel Corporation) Hidden Painter 13 - Setup Files (Version: 13.0 - Corel Corporation) Hidden ParticleShop - Core (Version: 1.1 - Corel Corporation) Hidden ParticleShop - IPM (Version: 1.1 - Corel Corporation) Hidden ParticleShop - IPM Content (Version: 1.1 - Corel Corporation) Hidden ParticleShop (HKLM\...\_{6F224046-E164-4B78-9867-3AE494271D29}) (Version: 1.1.0.549 - Corel Corporation) ParticleShop (Version: 1.1 - Corel Corporation) Hidden Perfect Effects 8 (HKLM-x32\...\{C982ACFF-5997-4B7D-B3E1-CF7273A06FB2}) (Version: 8.1.0 - onOne Software) Portrait Professional 11.3 Trial (HKLM-x32\...\PortraitProfessional11Trial_is1) (Version: 11.3 - Anthropics Technology Ltd.) puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.) Radegast 2.16 (HKLM-x32\...\Radegast) (Version: 2.16 - Radegast Development Team) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6537 - Realtek Semiconductor Corp.) SAM Broadcaster (remove only) (HKLM-x32\...\SAM3) (Version: - ) SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 2.4.5.57 - NVIDIA Corporation) Hidden Singularity (64 bit) (remove only) (HKLM-x32\...\Singularity (64 bit)) (Version: - ) Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.) Smart Photo Editor (HKLM\...\SmartPhotoEditor1_is1) (Version: 1.20 - Anthropics Technology Ltd.) Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION) <==== ATTENTION Sound Blaster Recon3D PCIe (HKLM-x32\...\{CA0A90CB-F659-4E0B-B2A2-C8CF4B752AEC}) (Version: 1.01.26 - Creative Technology Limited) Sound Blaster Recon3D PCIe Extras (HKLM-x32\...\{EC1D58F3-BD94-4CF2-87C2-832985F73E39}) (Version: 1.0 - Creative Technology Limited) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Spotify (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB) Spotify (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB) Stellarium 0.13.1 (HKLM\...\Stellarium_is1) (Version: 0.13.1 - Stellarium team) Topaz Adjust 5 (HKLM-x32\...\Topaz Adjust 5) (Version: 5.1.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.1.1 - Topaz Labs) Topaz Fusion Express 2 (HKLM-x32\...\Topaz Fusion Express 2) (Version: 2.1.1 - Topaz Labs) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6w3 - Wacom Technology Corp.) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.) Winamp (HKLM-x32\...\Winamp) (Version: 5.65 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Winamp Detector Plug-in (HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation) Wunderlist (HKLM-x32\...\{05005782-A2CD-4EF9-B838-C3B00FED2412}) (Version: 3.2.1.1 - 6 Wunderkinder GmbH) x264vfw - H.264/MPEG-4 AVC codec for x64 (remove only) (HKLM-x32\...\x264vfw64) (Version: - ) Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll () CustomCLSID: HKU\S-1-5-21-2855246755-1798518092-654647340-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Restore Points ========================= 23-10-2015 16:47:22 Installed EPSON Scan OCR Component 23-10-2015 16:48:26 Installed EPSON Scan PDF Extensions 23-10-2015 17:12:21 Installed FAX Utility 23-10-2015 17:14:32 Installed EPSON Scan OCR Component 23-10-2015 17:15:54 Installed EPSON Scan PDF Extensions 23-10-2015 17:45:01 Installed Software Updater 23-10-2015 17:56:09 Installed Epson Event Manager ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {087CE8FE-19D2-40CF-9B70-DCF8E46EA0F7} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.) Task: {0B65482B-F934-46DE-A518-6F71198A7C2E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.) Task: {270AB908-EF83-45F7-9C70-8A4E9B9C4764} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation) Task: {2B961315-8475-4ACE-9BEE-95E63E5BC08A} - System32\Tasks\EPSON WF-2630 Series Update {EF84BE60-9DB9-4823-BB8B-584BAEE577FA} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {336F0952-64D2-480D-AD22-08053BCBAE44} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {3D34C430-9E95-4D20-B9DD-7966C71CCF07} - System32\Tasks\EPSON WF-2630 Series Update {500ED1AA-3CE0-40E5-87FE-F6055980A63A} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE [2013-11-21] (SEIKO EPSON CORPORATION) Task: {5E56C298-B9B8-45A0-82F1-1CC68418ACE5} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] () Task: {61609710-9FBE-4E3D-88D2-0D015F1DD6F8} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2015-08-19] () Task: {79986268-4566-4CB4-BFD2-042D2EEA5131} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-09-14] (Adobe Systems Incorporated) Task: {81300A8E-2CC8-40E0-B838-C3BA402E438F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-09-16] (Piriform Ltd) Task: {894BEF31-A1CE-4F68-865A-384FF7476CB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {9314EA16-F47C-4A75-84E3-78E784D5274C} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-25] (PC-Doctor, Inc.) Task: {D5CC51E7-792B-46B3-8BE3-753E59485CBB} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-06-01] (Dropbox, Inc.) Task: {DF52CA2F-825E-442A-A7CF-95F6729BD4A5} - System32\Tasks\{DD749819-BE3A-47A3-858C-ED75FB98F3CF} => pcalua.exe -a C:\Users\Kai\Downloads\Get_There.exe -d C:\Users\Kai\Downloads Task: {E88A03B9-51C1-4170-9140-27E824C282C6} - System32\Tasks\AdobeAAMUpdater-1.0-Kai-PC-Kai => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated) Task: {F5BF9310-3F78-4C02-BD0E-16763BB4403E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-25] (PC-Doctor, Inc.) Task: {FA79D552-0175-4A82-809E-24F0CEEC8503} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {500ED1AA-3CE0-40E5-87FE-F6055980A63A}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{500ED1AA-3CE0-40E5-87FE-F6055980A63A} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\EPSON WF-2630 Series Update {EF84BE60-9DB9-4823-BB8B-584BAEE577FA}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSMDE.EXE:/EXE:{EF84BE60-9DB9-4823-BB8B-584BAEE577FA} /F:UpdateSYSTEMĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2014-10-22 23:03 - 2015-04-08 16:30 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2013-08-14 17:00 - 2013-06-06 12:31 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll 2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2013-05-22 13:17 - 2013-05-22 13:17 - 00400704 _____ () C:\Users\Kai\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 2014-07-13 17:46 - 2015-07-21 00:02 - 05887808 _____ () C:\Users\Kai\AppData\Local\Amazon Music\Amazon Music Helper.exe 2013-05-10 02:28 - 2012-01-26 21:49 - 02751808 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE 2012-01-10 15:41 - 2015-03-29 20:24 - 00568392 _____ () C:\Program Files (x86)\puush\puush.exe 2015-07-22 01:02 - 2015-07-22 01:02 - 31535264 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2015-03-16 11:28 - 2015-03-16 11:28 - 00155528 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll 2013-05-10 02:21 - 2012-01-21 06:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2015-04-21 09:20 - 2015-06-24 06:37 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll 2015-05-15 16:27 - 2015-05-15 16:27 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-07-22 15:32 - 2015-07-22 15:32 - 36732592 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2015-10-25 18:51 - 2015-10-25 18:51 - 00071168 _____ () c:\users\kai\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpza0iyo.dll 2015-06-01 01:13 - 2015-09-23 18:07 - 00012800 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick.2\qtquick2plugin.dll 2015-06-01 01:13 - 2015-09-23 18:07 - 00779776 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-07-30 18:31 - 2015-09-23 18:07 - 00056320 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-01 01:13 - 2015-09-23 18:07 - 00012288 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Window.2\windowplugin.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns1 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns2 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns3 AlternateDataStreams: C:\ProgramData\Nalpeiron:user.ns4 ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2855246755-1798518092-654647340-1002\...\dell.com -> dell.com IE trusted site: HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\dell.com -> dell.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2855246755-1798518092-654647340-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg HKU\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{DF773D2B-98AE-42D6-BD13-1B2B395B12F8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{7688A8C3-D735-4939-81D8-4E1BD244E13C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{DCFA442A-320A-4EA3-BEBD-407C27A4ED10}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE FirewallRules: [{421F8408-2BD6-43DF-B012-EECFF6931973}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{E9484F68-4CE0-49AB-938E-FB003C978D9C}] => (Allow) LPort=2869 FirewallRules: [{DF350843-82B9-409D-930F-BFE0AE17F111}] => (Allow) LPort=1900 FirewallRules: [TCP Query User{32BF67FE-409A-4078-8060-617DE1B8B9D5}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{F91743ED-96D8-4A4A-9507-E3A7506DE613}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe FirewallRules: [{EDB70108-815D-466E-B7C9-B874DB5CFAB0}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{00C357BC-AAA3-4760-AFAD-BBD0DF71F0D4}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{C8E3B306-29C2-4526-B6E9-6A4D168E0A2D}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe FirewallRules: [{A1EEDD90-9346-46D0-8028-112F786E64BC}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe FirewallRules: [{4CB22A91-E878-4D3D-847F-920032A1D685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9DE3D66B-E335-45FA-A156-8A959D49AC0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{6BCBF2CA-204C-4542-8E21-50AC8CD219FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{0A241B17-A5B9-409C-A2DD-4362D4CC09C4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{88616D6D-4EA4-4289-97F3-EAB9D75713E9}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe FirewallRules: [uDP Query User{A123A4A5-F803-4CCE-A4B1-6E6C27A8C08B}C:\users\kai\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\kai\appdata\roaming\spotify\spotify.exe FirewallRules: [TCP Query User{24D69C52-815E-4040-A17A-8B7B52A7F697}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [uDP Query User{F5332E06-7718-4208-B97C-E349F6FC8F44}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Allow) C:\program files (x86)\epson software\event manager\eeventmanager.exe FirewallRules: [{CCAEED73-092E-4787-A6DE-B7AEB6572F36}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [{6B4A12BD-F1AB-4C84-968E-E1F19DE079B7}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe FirewallRules: [TCP Query User{9B9F1B50-F208-4103-A643-27FB2D3494AE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe FirewallRules: [uDP Query User{768524E5-D5E5-4FE1-B766-F0654B8B8FC9}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe FirewallRules: [TCP Query User{4EA83DD6-4BDA-4C11-B26F-C6505659D4C6}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [uDP Query User{C4BF64AC-D3CB-42BD-99D5-B1BE6A35BEF0}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe FirewallRules: [TCP Query User{0DC7BBB6-DF1E-4D33-8635-FD9A39E9C5F8}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe FirewallRules: [uDP Query User{A838B295-2B4D-41DB-ABDB-BAC2227762A0}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe FirewallRules: [TCP Query User{0439B8E7-09A0-43F9-88B2-7FF59CDFD083}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe FirewallRules: [uDP Query User{2727002C-06F6-4D42-B6AD-E98A6635BF05}C:\program files (x86)\black dragon\slvoice.exe] => (Allow) C:\program files (x86)\black dragon\slvoice.exe FirewallRules: [TCP Query User{404E8A62-C781-4F6D-A1D6-AC256331F5BE}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe FirewallRules: [uDP Query User{6FDF99FB-1441-419F-A680-EB44DE942726}C:\program files\singularity\slvoice.exe] => (Allow) C:\program files\singularity\slvoice.exe FirewallRules: [{5CFD3831-B07D-489B-AB08-38AF6C3DE01B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{1687535C-7F73-40DB-9490-C94EF0E5D42F}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [TCP Query User{7147C229-5379-4647-9436-FEBC2639138D}C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe] => (Allow) C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe FirewallRules: [uDP Query User{5CC6D9B3-724C-42AC-9D38-E99169AE4722}C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe] => (Allow) C:\program files (x86)\ctrlaltstudio-viewer-release\slvoice.exe FirewallRules: [TCP Query User{82E9EE6F-401F-4C6E-992D-16627193B21B}C:\program files\alchemybeta\slvoice.exe] => (Allow) C:\program files\alchemybeta\slvoice.exe FirewallRules: [uDP Query User{6648781C-EFF2-4B6C-975C-D8196D3870E0}C:\program files\alchemybeta\slvoice.exe] => (Allow) C:\program files\alchemybeta\slvoice.exe FirewallRules: [TCP Query User{F4040725-9704-4706-805D-FCA7A42B010B}C:\program files (x86)\kokuaviewer\slvoice.exe] => (Allow) C:\program files (x86)\kokuaviewer\slvoice.exe FirewallRules: [uDP Query User{4462FCE1-597B-4506-89A2-9499CC8892C3}C:\program files (x86)\kokuaviewer\slvoice.exe] => (Allow) C:\program files (x86)\kokuaviewer\slvoice.exe FirewallRules: [{172F4063-1CAF-4786-BE55-FC17694199B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{52787C91-2D19-48FB-92F1-FDC1B40D3A5F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{53FC6423-DD77-4820-A7FA-9CEE27B92B8C}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe FirewallRules: [{E52A3B5B-035F-42A2-802D-83924E864661}] => (Allow) C:\Program Files (x86)\Crazybump\CrazyBump.exe FirewallRules: [TCP Query User{AEAA6E71-BD36-4927-BB2F-190ECBA40AFD}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [uDP Query User{8C7BFF29-7A58-4B68-8D60-B703C3A212C4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{5A507CCA-2981-4BBA-823E-88716BF2AD62}C:\program files (x86)\exodusviewer\slvoice.exe] => (Allow) C:\program files (x86)\exodusviewer\slvoice.exe FirewallRules: [uDP Query User{770A1B47-5C84-4DF7-B581-FE1186CBADE2}C:\program files (x86)\exodusviewer\slvoice.exe] => (Allow) C:\program files (x86)\exodusviewer\slvoice.exe FirewallRules: [TCP Query User{9637CB10-7A31-4BF8-949E-F42D918704E2}C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe] => (Allow) C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe FirewallRules: [uDP Query User{2B0517FB-0CD8-43A0-A087-6BDA207B55A9}C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe] => (Allow) C:\program files\onone software\perfect effects free 9\perfect effects free 9.exe FirewallRules: [TCP Query User{F66E6900-F467-4446-A40C-10AB33ED3D7D}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe FirewallRules: [uDP Query User{46F0838C-11B0-496C-9DF5-1B0A7610EEC3}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe FirewallRules: [TCP Query User{E38A56A4-CDFB-414D-B372-D223C1A307C8}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe FirewallRules: [uDP Query User{6128465C-D331-4387-86EA-638D5A8EDEAB}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe FirewallRules: [{33F59500-3337-43C3-996F-687375620E31}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe FirewallRules: [{5F413D6B-B4DA-453B-A860-481E0EC27A16}] => (Allow) C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool09\ENEasyApp.exe FirewallRules: [{CA90443E-834A-4B7C-8347-321621C773EB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{69542DB2-9A24-4545-9A81-183CA9DEDBF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe FirewallRules: [{96762F0B-A6B9-47EA-9A72-EF8155156DBC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F8FA2F06-BEE4-47C5-894F-8F69217C8A39}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [TCP Query User{8902D993-1C68-4528-B7A6-ED95CA08B062}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe FirewallRules: [uDP Query User{D47F2AE7-54E2-4E61-864A-65D300A550B6}C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe] => (Allow) C:\program files\onone software\perfect photo suite 9\perfect photo suite 9.exe FirewallRules: [TCP Query User{DBF708F1-67E4-42DC-B294-15AF188EA485}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe FirewallRules: [uDP Query User{C3F56148-158D-44F6-9586-B0A14D496820}C:\program files (x86)\spacialaudio\sambc\sambc.exe] => (Allow) C:\program files (x86)\spacialaudio\sambc\sambc.exe FirewallRules: [{BB98F583-674A-4D47-823E-692A1CC15F26}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{1F98854B-E834-4E70-8DAF-BBB950C9A446}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe FirewallRules: [uDP Query User{6E533258-7C6A-4CEF-832F-726C6E86EEEC}C:\program files\firestorm-releasex64\slvoice.exe] => (Allow) C:\program files\firestorm-releasex64\slvoice.exe FirewallRules: [{3F067076-813D-41D9-A219-814F842B6608}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{ED5B60D8-126F-4FEF-87EA-4093D7EA59FA}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{96CB62D0-1EE6-4DFC-8D96-4B92A1E9A30A}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe FirewallRules: [{C8B57067-2853-40F1-933B-869BA175048A}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{388BA3C3-C946-46A0-A18C-F70B83FA572F}] => (Allow) C:\Program Files (x86)\Epson Software\ECPrinterSetup\ENPApp.exe FirewallRules: [{0B416001-50C1-4538-A31A-4829591529E9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{A9DABA57-9E82-4348-A8C8-2E5AE35E455B}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe FirewallRules: [{588B4742-CA9A-466A-BCFD-9E5844F4EE2A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/25/2015 06:47:01 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/25/2015 03:20:33 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (10/24/2015 04:38:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/24/2015 02:12:40 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (10/23/2015 06:00:51 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2015 05:11:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: Kai-PC) Description: Product: EpsonNet Print -- The same version of EpsonNet Print is already installed. Installation will close. Error: (10/23/2015 05:07:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/23/2015 02:00:06 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (10/22/2015 02:11:31 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (10/21/2015 12:41:06 AM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Error: (10/25/2015 07:23:02 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 07:22:42 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 07:22:16 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 07:00:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for FailureCommand with the following error: %%5 Error: (10/25/2015 06:56:43 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for Start with the following error: %%5 Error: (10/25/2015 06:56:35 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 06:56:33 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 06:56:32 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 06:54:57 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. Error: (10/25/2015 06:54:53 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY) Description: There was an error while attempting to read the local hosts file. ==================== Memory info =========================== Processor: Intel® Core i7-3770 CPU @ 3.40GHz Percentage of memory in use: 41% Total physical RAM: 12248.88 MB Available physical RAM: 7189.55 MB Total Virtual: 24495.95 MB Available Virtual: 19101.23 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:1841.3 GB) (Free:1646.89 GB) NTFS Drive d: (WF-2630) (CDROM) (Total:0.26 GB) (Free:0 GB) CDFS Drive i: (USB DISK) (Removable) (Total:7.2 GB) (Free:5.41 GB) FAT32 Drive j: (My Book) (Fixed) (Total:931.48 GB) (Free:369.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 346670F2) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1841.3 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 00073856) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: BFC06415) Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C) ==================== End of Addition.txt ============================

I had to google bittorrent-- did not know what it was. To my knowledge, I don't have pirated software on this computer. Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 10/25/2015 Scan Time: 6:53 PM Logfile: Administrator: Yes Version: 2.2.0.1024 Malware Database: v2015.10.25.04 Rootkit Database: v2015.10.23.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Kai Scan Type: Threat Scan Result: Completed Objects Scanned: 501934 Time Elapsed: 34 min, 17 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) =============== Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-10-2015 02 Ran by Kai (administrator) on KAI-PC (25-10-2015 19:34:53) Running from C:\Users\Kai\Contacts\Desktop Loaded Profiles: Kai & (Available Profiles: Kai) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://dell13.msn.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2855246755-1798518092-654647340-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://dell13.msn.com -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST2000DM001-1CH SCSI Disk Device +++++ --- User --- [MBR] c16c09748c25b06da7d6f24e7ad8a28e [bSP] 3814cc8c18e68ed04ac8a7ee9cacf6cc : HP|VT.Unknown MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 MB 1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 81920 | Size: 22188 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 45522944 | Size: 1885492 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: WD My Book 1130 USB Device +++++ --- User --- [MBR] 239b5737c9ccec8839686058d9a1eff8 [bSP] fcdf32c80a56a79906373c34b09dd153 : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 953836 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. )

I have recently noticed a small pop up window appear and was able yesterday to actually see the header on the window. It was "schtasks.exe". This is a new bit of oddity for me so I googled and discovered it could be some type of malware or trojan. I've run a complete scan with Malwarebytes and Avira. Neither detected any issues. Searching my harddrive for the 'schtasks.exe' file I see 4 with that file name and 4 'schtasks.exe.mui', located in various folders on my C: drive, and with various file sizes. This is a Gyazo screen capture of the search results: https://gyazo.com/7f2ac3d20fc2be16036e603cb925e2d7 Am I infected? if so, how does one go about cleaning this up? Thanks for any assistance.

Thank you, MrC. No popups from MBam and everything is running smoothly. Can't figure out where on earth I got such a nasty little 'bug' but so very thanksful for your help in squashing it.

OTL Report: All processes killed ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Kai ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 1933829 bytes ->Java cache emptied: 12398988 bytes ->FireFox cache emptied: 563042221 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 57647 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56502 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 378021 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 551.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 03302012_120406 Files\Folders moved on Reboot... Registry entries deleted on Reboot... MBAM Quick Scan Results: Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.30.06 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.19120 Kai :: KAI-PC [administrator] Protection: Enabled 3/30/2012 12:14:08 PM mbam-log-2012-03-30 (12-14-08).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 214588 Time elapsed: 6 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Results report after running Combofix: ComboFix 12-03-30.06 - Kai 03/30/2012 11:14:49.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3327.2073 [GMT -5:00] Running from: c:\users\Kai\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Public\Desktop\Security Protection.lnk c:\windows\Update.bat . . ((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-30 ))))))))))))))))))))))))))))))) . . 2012-03-30 16:24 . 2012-03-30 16:25 -------- d-----w- c:\users\Kai\AppData\Local\temp 2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-03-30 16:24 . 2012-03-30 16:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-30 14:42 . 2012-03-30 14:42 -------- d-----w- C:\TDSSKiller_Quarantine 2012-03-30 11:45 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0D60E6-177B-4073-B320-E90616CC73AC}\mpengine.dll 2012-03-21 03:56 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Local\Spotify 2012-03-21 03:55 . 2012-03-30 16:01 -------- d-----w- c:\users\Kai\AppData\Roaming\Spotify 2012-03-20 02:21 . 2012-03-20 02:21 -------- d-----w- c:\users\Kai\AppData\Roaming\Firestorm 2012-03-20 02:20 . 2012-03-30 12:40 -------- d-----w- c:\users\Kai\AppData\Local\Firestorm 2012-03-20 02:17 . 2012-03-20 02:20 -------- d-----w- c:\program files\Firestorm-Release 2012-03-20 01:57 . 2012-03-30 12:18 -------- d-----w- c:\users\Kai\AppData\Local\PhoenixViewer 2012-03-20 01:57 . 2012-03-28 20:38 -------- d-----w- c:\users\Kai\AppData\Roaming\SecondLife 2012-03-20 01:56 . 2012-03-20 01:57 -------- d-----w- c:\program files\Phoenix Viewer 2012-03-17 19:25 . 2012-03-17 19:25 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-17 19:25 . 2012-03-17 19:25 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll 2012-03-14 17:06 . 2012-03-14 17:06 -------- d-----w- C:\pbtemp9 2012-03-12 20:09 . 2012-03-12 20:09 -------- d-----w- c:\program files\Right Hemisphere 2012-03-12 20:08 . 2012-03-12 20:08 -------- d-----w- C:\temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-23 14:18 . 2010-03-26 16:40 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-02-18 19:44 . 2011-05-17 21:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-15 18:04 . 2011-10-23 18:35 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-03-17 19:25 . 2011-03-24 02:56 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2007-04-17 184320] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832] "CTxfiHlp"="CTXFIHLP.EXE" [2009-06-03 25600] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888] "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432] "MemDefrag"="c:\program files\MemDefrag\mdefrag.exe" [2003-03-18 303104] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-10 421736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4085484821-2894652817-819203291-1001] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . --- Other Services/Drivers In Memory --- . *Deregistered* - TrueSight . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] torlfsc REG_MULTI_SZ TermServices . Contents of the 'Scheduled Tasks' folder . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53] . 2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-26 15:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en&source=mpes mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX540XV uInternet Settings,ProxyOverride = <local>;*.local IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\651ic4rf.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-03-30 11:25 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . [0] 0xCE39277C [0] 0x00000B58 scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . . c:\users\Kai\AppData\Local\Temp\catchme.dll 53248 bytes executable . scan completed successfully hidden files: 1 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\64c7762c] "imagepath"="\??\c:\windows\TEMP\ABD6.tmp" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4085484821-2894652817-819203291-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AF05A570-0A72-565F-EA88-EF07E740ACAD}*] "hanmgcjghacdbadd"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63, 6b,6b,00,01 "iahkabocbpalfiepbd"=hex:63,61,65,65,6b,67,00,7f "iadligjfpifbnjmijo"=hex:6a,61,68,65,6d,6e,6b,6c,62,6f,70,6f,6b,6d,69,61,67,63, 6b,6b,00,01 "dbfekcpohifenhphcoeehnpccbmifpffigengecd"=hex:6a,62,68,65,6e,6e,65,67,65,6d, 65,69,68,6f,6e,69,68,6f,64,69,67,65,66,62,69,6f,6b,6c,69,6b,63,70,61,64,6c,\ "jbfekcpohifenhphcoeeemdojekgnlehljfbidcmahlkfjhopmfe"=hex:6f,61,64,6c,65,6b, 6f,6e,6f,6e,6e,66,6e,6f,65,68,67,61,62,6f,61,6d,62,6f,62,63,6f,70,62,62,00,\ . Completion time: 2012-03-30 11:33:56 ComboFix-quarantined-files.txt 2012-03-30 16:33 . Pre-Run: 731,154,173,952 bytes free Post-Run: 731,834,781,696 bytes free . - - End Of File - - E52E0C4DAA7E5AEDDFC2BACFA4A3C732

As instructed...contents of TDSKiller report: 09:39:50.0442 4316 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 09:39:51.0122 4316 ============================================================ 09:39:51.0122 4316 Current date / time: 2012/03/30 09:39:51.0122 09:39:51.0122 4316 SystemInfo: 09:39:51.0122 4316 09:39:51.0122 4316 OS Version: 6.0.6002 ServicePack: 2.0 09:39:51.0122 4316 Product type: Workstation 09:39:51.0123 4316 ComputerName: KAI-PC 09:39:51.0123 4316 UserName: Kai 09:39:51.0123 4316 Windows directory: C:\Windows 09:39:51.0123 4316 System windows directory: C:\Windows 09:39:51.0123 4316 Processor architecture: Intel x86 09:39:51.0123 4316 Number of processors: 4 09:39:51.0123 4316 Page size: 0x1000 09:39:51.0123 4316 Boot type: Normal boot 09:39:51.0123 4316 ============================================================ 09:39:51.0764 4316 Drive \Device\Harddisk0\DR0 - Size: 0xE8E1800000 (931.52 Gb), SectorSize: 0x200, Cylinders: 0x1DB02, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:39:51.0776 4316 \Device\Harddisk0\DR0: 09:39:51.0776 4316 MBR used 09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x15B98CB 09:39:51.0776 4316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x15BA000, BlocksNum 0x73150000 09:39:51.0874 4316 Initialize success 09:39:51.0874 4316 ============================================================ 09:41:00.0700 4956 ============================================================ 09:41:00.0700 4956 Scan started 09:41:00.0700 4956 Mode: Manual; SigCheck; TDLFS; 09:41:00.0700 4956 ============================================================ 09:41:00.0911 4956 64c7762c - ok 09:41:00.0984 4956 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys 09:41:01.0373 4956 ac97intc - ok 09:41:01.0431 4956 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe 09:41:01.0636 4956 ACDaemon - ok 09:41:01.0678 4956 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 09:41:01.0697 4956 ACPI - ok 09:41:01.0721 4956 adfs - ok 09:41:01.0766 4956 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 09:41:01.0800 4956 adp94xx - ok 09:41:01.0874 4956 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 09:41:01.0889 4956 adpahci - ok 09:41:01.0952 4956 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 09:41:01.0966 4956 adpu160m - ok 09:41:02.0012 4956 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 09:41:02.0025 4956 adpu320 - ok 09:41:02.0060 4956 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 09:41:02.0133 4956 AeLookupSvc - ok 09:41:02.0172 4956 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 09:41:02.0228 4956 AFD - ok 09:41:02.0258 4956 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 09:41:02.0270 4956 agp440 - ok 09:41:02.0308 4956 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 09:41:02.0320 4956 aic78xx - ok 09:41:02.0349 4956 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 09:41:02.0456 4956 ALG - ok 09:41:02.0469 4956 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 09:41:02.0480 4956 aliide - ok 09:41:02.0507 4956 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 09:41:02.0519 4956 amdagp - ok 09:41:02.0539 4956 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 09:41:02.0549 4956 amdide - ok 09:41:02.0578 4956 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 09:41:02.0628 4956 AmdK7 - ok 09:41:02.0653 4956 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 09:41:02.0699 4956 AmdK8 - ok 09:41:02.0767 4956 AntiVirSchedulerService (72709089a54bdc1c5b16bc4a4b926567) C:\Program Files\Avira\AntiVir Desktop\sched.exe 09:41:02.0803 4956 AntiVirSchedulerService - ok 09:41:02.0859 4956 AntiVirService (42f88bfbb76f7a63e381829479b18518) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 09:41:02.0895 4956 AntiVirService - ok 09:41:02.0957 4956 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 09:41:02.0978 4956 Appinfo - ok 09:41:03.0040 4956 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:41:03.0074 4956 Apple Mobile Device - ok 09:41:03.0125 4956 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 09:41:03.0137 4956 arc - ok 09:41:03.0154 4956 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 09:41:03.0166 4956 arcsas - ok 09:41:03.0199 4956 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 09:41:03.0239 4956 AsyncMac - ok 09:41:03.0262 4956 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 09:41:03.0274 4956 atapi - ok 09:41:03.0342 4956 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 09:41:03.0367 4956 AudioEndpointBuilder - ok 09:41:03.0384 4956 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 09:41:03.0403 4956 Audiosrv - ok 09:41:03.0429 4956 AVer88xHD (ee02618bbb1df4a6decb524a502ed61e) C:\Windows\system32\drivers\AVer88xHD.sys 09:41:03.0481 4956 AVer88xHD - ok 09:41:03.0560 4956 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys 09:41:03.0582 4956 avgntflt - ok 09:41:03.0623 4956 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys 09:41:03.0637 4956 avipbb - ok 09:41:03.0645 4956 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 09:41:03.0657 4956 avkmgr - ok 09:41:03.0685 4956 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys 09:41:03.0740 4956 bcm4sbxp - ok 09:41:03.0774 4956 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 09:41:03.0809 4956 Beep - ok 09:41:03.0856 4956 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 09:41:03.0909 4956 BFE - ok 09:41:04.0029 4956 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll 09:41:04.0165 4956 BITS - ok 09:41:04.0173 4956 blbdrive - ok 09:41:04.0378 4956 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 09:41:04.0439 4956 Bonjour Service - ok 09:41:04.0619 4956 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 09:41:04.0646 4956 bowser - ok 09:41:04.0676 4956 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 09:41:04.0699 4956 BrFiltLo - ok 09:41:04.0723 4956 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 09:41:04.0741 4956 BrFiltUp - ok 09:41:04.0776 4956 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 09:41:04.0814 4956 Browser - ok 09:41:04.0848 4956 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 09:41:04.0925 4956 Brserid - ok 09:41:04.0953 4956 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 09:41:04.0993 4956 BrSerWdm - ok 09:41:05.0014 4956 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 09:41:05.0059 4956 BrUsbMdm - ok 09:41:05.0079 4956 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 09:41:05.0122 4956 BrUsbSer - ok 09:41:05.0148 4956 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 09:41:05.0200 4956 BTHMODEM - ok 09:41:05.0232 4956 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 09:41:05.0270 4956 cdfs - ok 09:41:05.0318 4956 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 09:41:05.0349 4956 cdrom - ok 09:41:05.0386 4956 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 09:41:05.0444 4956 CertPropSvc - ok 09:41:05.0467 4956 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 09:41:05.0522 4956 circlass - ok 09:41:05.0537 4956 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 09:41:05.0563 4956 CLFS - ok 09:41:05.0621 4956 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:41:05.0653 4956 clr_optimization_v2.0.50727_32 - ok 09:41:05.0706 4956 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:41:05.0743 4956 clr_optimization_v4.0.30319_32 - ok 09:41:05.0799 4956 CmBatt (0fed59edb4a83ff17f1778827b88ab1a) C:\Windows\system32\DRIVERS\CmBatt.sys 09:41:05.0848 4956 CmBatt - ok 09:41:05.0869 4956 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 09:41:05.0880 4956 cmdide - ok 09:41:05.0902 4956 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 09:41:05.0914 4956 Compbatt - ok 09:41:05.0921 4956 COMSysApp - ok 09:41:05.0965 4956 cpuz135 (6bada94085b6709694f8327c211d12e1) C:\Windows\system32\drivers\cpuz135_x32.sys 09:41:05.0977 4956 cpuz135 - ok 09:41:05.0985 4956 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 09:41:05.0998 4956 crcdisk - ok 09:41:06.0022 4956 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 09:41:06.0077 4956 Crusoe - ok 09:41:06.0121 4956 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 09:41:06.0147 4956 CryptSvc - ok 09:41:06.0177 4956 CT20XUT (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\system32\drivers\CT20XUT.SYS 09:41:06.0190 4956 CT20XUT - ok 09:41:06.0205 4956 CT20XUT.DLL - ok 09:41:06.0226 4956 CT20XUT.SYS (51a4c2c6d3ac2c275a1b93c34d4e87c6) C:\Windows\System32\drivers\CT20XUT.SYS 09:41:06.0234 4956 CT20XUT.SYS - ok 09:41:06.0249 4956 ctac32k (7ec5c5f0b0c14ec186074fd095f0f370) C:\Windows\system32\drivers\ctac32k.sys 09:41:06.0271 4956 ctac32k - ok 09:41:06.0348 4956 ctaud2k (8dc02de5321499e6c1fe87e43d86a73b) C:\Windows\system32\drivers\ctaud2k.sys 09:41:06.0369 4956 ctaud2k - ok 09:41:06.0430 4956 CTEXFIFX (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\system32\drivers\CTEXFIFX.SYS 09:41:06.0467 4956 CTEXFIFX - ok 09:41:06.0475 4956 CTEXFIFX.DLL - ok 09:41:06.0550 4956 CTEXFIFX.SYS (d4c74f7228a2162171dee3087cc22fbf) C:\Windows\System32\drivers\CTEXFIFX.SYS 09:41:06.0580 4956 CTEXFIFX.SYS - ok 09:41:06.0869 4956 CTHWIUT (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\system32\drivers\CTHWIUT.SYS 09:41:06.0880 4956 CTHWIUT - ok 09:41:06.0887 4956 CTHWIUT.DLL - ok 09:41:06.0898 4956 CTHWIUT.SYS (1d5bf4f26b27c5eba08f4d0fe96bff12) C:\Windows\System32\drivers\CTHWIUT.SYS 09:41:06.0905 4956 CTHWIUT.SYS - ok 09:41:07.0198 4956 ctprxy2k (920b45bc9191f4e880ea2b75524d96ab) C:\Windows\system32\drivers\ctprxy2k.sys 09:41:07.0209 4956 ctprxy2k - ok 09:41:07.0218 4956 ctsfm2k (eac70ef0b40df7b8178bf5e80b5f4277) C:\Windows\system32\drivers\ctsfm2k.sys 09:41:07.0231 4956 ctsfm2k - ok 09:41:07.0271 4956 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 09:41:07.0420 4956 DcomLaunch - ok 09:41:07.0454 4956 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 09:41:07.0481 4956 DfsC - ok 09:41:07.0541 4956 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 09:41:08.0211 4956 DFSR - ok 09:41:08.0247 4956 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 09:41:08.0273 4956 Dhcp - ok 09:41:08.0305 4956 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 09:41:08.0319 4956 disk - ok 09:41:08.0364 4956 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 09:41:08.0433 4956 Dnscache - ok 09:41:08.0472 4956 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 09:41:08.0495 4956 dot3svc - ok 09:41:08.0519 4956 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 09:41:08.0563 4956 DPS - ok 09:41:08.0594 4956 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 09:41:08.0634 4956 drmkaud - ok 09:41:08.0660 4956 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys 09:41:08.0693 4956 DXGKrnl - ok 09:41:08.0892 4956 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 09:41:08.0957 4956 E1G60 - ok 09:41:08.0981 4956 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 09:41:09.0044 4956 EapHost - ok 09:41:09.0056 4956 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 09:41:09.0075 4956 Ecache - ok 09:41:09.0164 4956 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 09:41:09.0191 4956 ehRecvr - ok 09:41:09.0211 4956 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 09:41:09.0246 4956 ehSched - ok 09:41:09.0252 4956 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 09:41:09.0304 4956 ehstart - ok 09:41:09.0343 4956 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 09:41:09.0359 4956 elxstor - ok 09:41:09.0416 4956 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 09:41:09.0666 4956 EMDMgmt - ok 09:41:09.0698 4956 emupia (8b41f776beafda612cdf8ffa997b201e) C:\Windows\system32\drivers\emupia2k.sys 09:41:09.0711 4956 emupia - ok 09:41:09.0796 4956 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 09:41:09.0848 4956 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning 09:41:09.0848 4956 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1) 09:41:09.0878 4956 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 09:41:09.0941 4956 EventSystem - ok 09:41:09.0995 4956 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 09:41:10.0051 4956 exfat - ok 09:41:10.0087 4956 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 09:41:10.0122 4956 fastfat - ok 09:41:10.0156 4956 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 09:41:10.0199 4956 fdc - ok 09:41:10.0213 4956 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 09:41:10.0240 4956 fdPHost - ok 09:41:10.0261 4956 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 09:41:10.0338 4956 FDResPub - ok 09:41:10.0376 4956 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 09:41:10.0389 4956 FileInfo - ok 09:41:10.0409 4956 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 09:41:10.0445 4956 Filetrace - ok 09:41:10.0519 4956 FirebirdGuardianDefaultInstance (1a18ebd87aa9fbf6efe8cfada08d0275) C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe 09:41:10.0539 4956 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning 09:41:10.0539 4956 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1) 09:41:10.0602 4956 FirebirdServerDefaultInstance (53c740150c082aaf3c7d21c1d6a9ff98) C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe 09:41:11.0287 4956 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning 09:41:11.0287 4956 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1) 09:41:11.0435 4956 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 09:41:11.0475 4956 flpydisk - ok 09:41:11.0895 4956 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 09:41:11.0912 4956 FltMgr - ok 09:41:11.0963 4956 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 09:41:11.0976 4956 FontCache3.0.0.0 - ok 09:41:11.0997 4956 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 09:41:12.0016 4956 Fs_Rec - ok 09:41:12.0039 4956 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 09:41:12.0051 4956 gagp30kx - ok 09:41:12.0081 4956 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 09:41:12.0092 4956 GEARAspiWDM - ok 09:41:12.0133 4956 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 09:41:12.0212 4956 gpsvc - ok 09:41:12.0331 4956 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 09:41:12.0363 4956 gupdate - ok 09:41:12.0391 4956 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe 09:41:12.0398 4956 gupdatem - ok 09:41:12.0438 4956 ha20x2k (eda33b1d4721470bb924f082cf66d06a) C:\Windows\system32\drivers\ha20x2k.sys 09:41:12.0473 4956 ha20x2k - ok 09:41:12.0851 4956 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 09:41:12.0883 4956 HdAudAddService - ok 09:41:12.0927 4956 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 09:41:12.0988 4956 HDAudBus - ok 09:41:13.0041 4956 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 09:41:13.0097 4956 HidBth - ok 09:41:13.0117 4956 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 09:41:13.0152 4956 HidIr - ok 09:41:13.0174 4956 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll 09:41:13.0204 4956 hidserv - ok 09:41:13.0223 4956 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 09:41:13.0243 4956 HidUsb - ok 09:41:13.0267 4956 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 09:41:13.0293 4956 hkmsvc - ok 09:41:13.0320 4956 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 09:41:13.0327 4956 HpCISSs - ok 09:41:13.0370 4956 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 09:41:13.0476 4956 HTTP - ok 09:41:13.0488 4956 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 09:41:13.0496 4956 i2omp - ok 09:41:13.0536 4956 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 09:41:13.0560 4956 i8042prt - ok 09:41:13.0614 4956 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys 09:41:13.0969 4956 ialm - ok 09:41:13.0989 4956 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 09:41:13.0999 4956 iaStorV - ok 09:41:14.0055 4956 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 09:41:14.0110 4956 idsvc - ok 09:41:14.0224 4956 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 09:41:14.0232 4956 iirsp - ok 09:41:14.0501 4956 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 09:41:14.0574 4956 IKEEXT - ok 09:41:14.0589 4956 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys 09:41:14.0600 4956 intelide - ok 09:41:14.0663 4956 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 09:41:14.0694 4956 intelppm - ok 09:41:14.0721 4956 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 09:41:14.0755 4956 IPBusEnum - ok 09:41:14.0786 4956 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 09:41:14.0816 4956 IpFilterDriver - ok 09:41:14.0847 4956 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 09:41:14.0906 4956 iphlpsvc - ok 09:41:14.0913 4956 IpInIp - ok 09:41:14.0942 4956 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 09:41:15.0019 4956 IPMIDRV - ok 09:41:15.0045 4956 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 09:41:15.0066 4956 IPNAT - ok 09:41:15.0123 4956 iPod Service (33642c17c232aa272c68e446a2619899) C:\Program Files\iPod\bin\iPodService.exe 09:41:15.0225 4956 iPod Service - ok 09:41:15.0396 4956 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 09:41:15.0421 4956 IRENUM - ok 09:41:15.0438 4956 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 09:41:15.0450 4956 isapnp - ok 09:41:15.0489 4956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 09:41:15.0500 4956 iScsiPrt - ok 09:41:15.0522 4956 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 09:41:15.0529 4956 iteatapi - ok 09:41:15.0542 4956 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 09:41:15.0550 4956 iteraid - ok 09:41:15.0580 4956 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 09:41:15.0588 4956 kbdclass - ok 09:41:15.0610 4956 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 09:41:15.0638 4956 kbdhid - ok 09:41:15.0673 4956 KeyIso (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 09:41:15.0714 4956 KeyIso - ok 09:41:15.0754 4956 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 09:41:15.0780 4956 KSecDD - ok 09:41:15.0916 4956 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 09:41:15.0996 4956 KtmRm - ok 09:41:16.0076 4956 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll 09:41:16.0133 4956 LanmanServer - ok 09:41:16.0168 4956 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 09:41:16.0212 4956 LanmanWorkstation - ok 09:41:16.0232 4956 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 09:41:16.0258 4956 lltdio - ok 09:41:16.0319 4956 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 09:41:16.0413 4956 lltdsvc - ok 09:41:16.0427 4956 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 09:41:16.0469 4956 lmhosts - ok 09:41:16.0487 4956 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 09:41:16.0495 4956 LSI_FC - ok 09:41:16.0513 4956 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 09:41:16.0521 4956 LSI_SAS - ok 09:41:16.0540 4956 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 09:41:16.0548 4956 LSI_SCSI - ok 09:41:16.0560 4956 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 09:41:16.0598 4956 luafv - ok 09:41:16.0633 4956 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 09:41:16.0644 4956 MBAMProtector - ok 09:41:16.0715 4956 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 09:41:16.0751 4956 MBAMService - ok 09:41:16.0920 4956 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 09:41:16.0937 4956 Mcx2Svc - ok 09:41:16.0974 4956 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 09:41:16.0985 4956 megasas - ok 09:41:17.0001 4956 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 09:41:17.0052 4956 MMCSS - ok 09:41:17.0087 4956 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 09:41:17.0117 4956 Modem - ok 09:41:17.0150 4956 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 09:41:17.0170 4956 monitor - ok 09:41:17.0196 4956 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 09:41:17.0205 4956 mouclass - ok 09:41:17.0218 4956 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 09:41:17.0252 4956 mouhid - ok 09:41:17.0261 4956 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 09:41:17.0276 4956 MountMgr - ok 09:41:17.0350 4956 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 09:41:17.0363 4956 mpio - ok 09:41:17.0400 4956 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 09:41:17.0425 4956 mpsdrv - ok 09:41:17.0452 4956 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 09:41:17.0589 4956 MpsSvc - ok 09:41:17.0618 4956 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 09:41:17.0625 4956 Mraid35x - ok 09:41:17.0651 4956 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 09:41:17.0670 4956 MRxDAV - ok 09:41:17.0692 4956 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 09:41:17.0728 4956 mrxsmb - ok 09:41:17.0768 4956 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 09:41:17.0791 4956 mrxsmb10 - ok 09:41:17.0811 4956 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 09:41:17.0839 4956 mrxsmb20 - ok 09:41:17.0857 4956 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 09:41:17.0864 4956 msahci - ok 09:41:17.0885 4956 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 09:41:17.0898 4956 msdsm - ok 09:41:17.0913 4956 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 09:41:17.0942 4956 MSDTC - ok 09:41:17.0979 4956 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 09:41:18.0004 4956 Msfs - ok 09:41:18.0035 4956 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 09:41:18.0047 4956 msisadrv - ok 09:41:18.0081 4956 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 09:41:18.0145 4956 MSiSCSI - ok 09:41:18.0151 4956 msiserver - ok 09:41:18.0175 4956 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 09:41:18.0214 4956 MSKSSRV - ok 09:41:18.0237 4956 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 09:41:18.0269 4956 MSPCLOCK - ok 09:41:18.0308 4956 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 09:41:18.0331 4956 MSPQM - ok 09:41:18.0351 4956 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 09:41:18.0367 4956 MsRPC - ok 09:41:18.0385 4956 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 09:41:18.0397 4956 mssmbios - ok 09:41:18.0413 4956 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 09:41:18.0442 4956 MSTEE - ok 09:41:18.0453 4956 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 09:41:18.0467 4956 Mup - ok 09:41:18.0495 4956 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 09:41:18.0543 4956 napagent - ok 09:41:18.0592 4956 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 09:41:18.0617 4956 NativeWifiP - ok 09:41:18.0646 4956 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 09:41:18.0663 4956 NDIS - ok 09:41:18.0753 4956 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 09:41:18.0780 4956 NdisTapi - ok 09:41:18.0807 4956 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 09:41:18.0831 4956 Ndisuio - ok 09:41:18.0844 4956 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 09:41:18.0871 4956 NdisWan - ok 09:41:18.0899 4956 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 09:41:18.0916 4956 NDProxy - ok 09:41:18.0932 4956 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 09:41:18.0963 4956 NetBIOS - ok 09:41:18.0983 4956 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 09:41:19.0000 4956 netbt - ok 09:41:19.0017 4956 Netlogon (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 09:41:19.0059 4956 Netlogon - ok 09:41:19.0234 4956 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 09:41:19.0278 4956 Netman - ok 09:41:19.0314 4956 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 09:41:19.0401 4956 netprofm - ok 09:41:19.0471 4956 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:41:19.0487 4956 NetTcpPortSharing - ok 09:41:19.0576 4956 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys 09:41:19.0985 4956 NETw2v32 - ok 09:41:20.0268 4956 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 09:41:20.0280 4956 nfrd960 - ok 09:41:20.0307 4956 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 09:41:20.0387 4956 NlaSvc - ok 09:41:20.0425 4956 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 09:41:20.0453 4956 Npfs - ok 09:41:20.0468 4956 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 09:41:20.0501 4956 nsi - ok 09:41:20.0520 4956 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 09:41:20.0543 4956 nsiproxy - ok 09:41:20.0579 4956 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 09:41:20.0615 4956 Ntfs - ok 09:41:20.0634 4956 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 09:41:20.0901 4956 ntrigdigi - ok 09:41:20.0917 4956 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 09:41:20.0941 4956 Null - ok 09:41:21.0005 4956 NVHDA (93c0f383b39b1f5fe7203e3270d4cf52) C:\Windows\system32\drivers\nvhda32v.sys 09:41:21.0012 4956 NVHDA - ok 09:41:21.0207 4956 nvlddmkm (66b4bf606fcc7f0622d4a21bb1461089) C:\Windows\system32\DRIVERS\nvlddmkm.sys 09:41:23.0044 4956 nvlddmkm - ok 09:41:24.0114 4956 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 09:41:24.0135 4956 nvraid - ok 09:41:24.0173 4956 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\DRIVERS\NVRD32.SYS 09:41:24.0180 4956 nvrd32 - ok 09:41:24.0207 4956 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 09:41:24.0214 4956 nvstor - ok 09:41:24.0236 4956 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\DRIVERS\NVSTOR32.SYS 09:41:24.0244 4956 nvstor32 - ok 09:41:24.0302 4956 NVSvc (d122f7c5f79c68868f5dc28cefeb2ecf) C:\Windows\system32\nvvsvc.exe 09:41:24.0515 4956 NVSvc - ok 09:41:24.0738 4956 nvUpdatusService (003cb0a155568b4a53a301f07c734233) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 09:41:25.0198 4956 nvUpdatusService - ok 09:41:25.0434 4956 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 09:41:25.0442 4956 nv_agp - ok 09:41:25.0450 4956 NwlnkFlt - ok 09:41:25.0459 4956 NwlnkFwd - ok 09:41:25.0552 4956 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 09:41:25.0612 4956 odserv - ok 09:41:25.0652 4956 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 09:41:25.0673 4956 ohci1394 - ok 09:41:25.0737 4956 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:41:25.0753 4956 ose - ok 09:41:25.0789 4956 ossrv (ea7563de822696f1b9be9e589d33fa96) C:\Windows\system32\drivers\ctoss2k.sys 09:41:25.0801 4956 ossrv - ok 09:41:25.0837 4956 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 09:41:25.0882 4956 p2pimsvc - ok 09:41:26.0018 4956 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 09:41:26.0038 4956 p2psvc - ok 09:41:26.0200 4956 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 09:41:26.0240 4956 Parport - ok 09:41:26.0261 4956 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 09:41:26.0277 4956 partmgr - ok 09:41:26.0291 4956 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 09:41:26.0336 4956 Parvdm - ok 09:41:26.0364 4956 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 09:41:26.0432 4956 PcaSvc - ok 09:41:26.0462 4956 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 09:41:26.0480 4956 pci - ok 09:41:26.0495 4956 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 09:41:26.0510 4956 pciide - ok 09:41:26.0538 4956 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys 09:41:26.0547 4956 pcmcia - ok 09:41:26.0592 4956 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 09:41:26.0913 4956 PEAUTH - ok 09:41:26.0962 4956 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 09:41:27.0421 4956 pla - ok 09:41:27.0442 4956 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 09:41:27.0481 4956 PlugPlay - ok 09:41:27.0495 4956 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 09:41:27.0515 4956 PNRPAutoReg - ok 09:41:27.0525 4956 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 09:41:27.0545 4956 PNRPsvc - ok 09:41:27.0708 4956 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 09:41:28.0021 4956 PolicyAgent - ok 09:41:28.0042 4956 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 09:41:28.0071 4956 PptpMiniport - ok 09:41:28.0094 4956 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 09:41:28.0145 4956 Processor - ok 09:41:28.0170 4956 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 09:41:28.0222 4956 ProfSvc - ok 09:41:28.0253 4956 ProtectedStorage (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 09:41:28.0284 4956 ProtectedStorage - ok 09:41:28.0310 4956 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 09:41:28.0335 4956 PSched - ok 09:41:28.0411 4956 PSI_SVC_2 (543a4ef0923bf70d126625b034ef25af) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 09:41:28.0456 4956 PSI_SVC_2 - ok 09:41:28.0511 4956 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 09:41:28.0534 4956 ql2300 - ok 09:41:28.0762 4956 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 09:41:28.0771 4956 ql40xx - ok 09:41:28.0814 4956 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 09:41:28.0843 4956 QWAVE - ok 09:41:28.0857 4956 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 09:41:28.0879 4956 QWAVEdrv - ok 09:41:28.0904 4956 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 09:41:28.0929 4956 RasAcd - ok 09:41:28.0986 4956 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 09:41:29.0017 4956 RasAuto - ok 09:41:29.0039 4956 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 09:41:29.0061 4956 Rasl2tp - ok 09:41:29.0080 4956 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 09:41:29.0105 4956 RasMan - ok 09:41:29.0123 4956 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 09:41:29.0147 4956 RasPppoe - ok 09:41:29.0171 4956 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 09:41:29.0189 4956 RasSstp - ok 09:41:29.0204 4956 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 09:41:29.0232 4956 rdbss - ok 09:41:29.0252 4956 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 09:41:29.0278 4956 RDPCDD - ok 09:41:29.0303 4956 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 09:41:29.0364 4956 rdpdr - ok 09:41:29.0373 4956 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 09:41:29.0398 4956 RDPENCDD - ok 09:41:29.0436 4956 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 09:41:29.0453 4956 RDPWD - ok 09:41:29.0501 4956 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 09:41:29.0526 4956 RemoteAccess - ok 09:41:29.0543 4956 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 09:41:29.0567 4956 RemoteRegistry - ok 09:41:29.0594 4956 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 09:41:29.0654 4956 RpcLocator - ok 09:41:29.0685 4956 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 09:41:29.0722 4956 RpcSs - ok 09:41:29.0836 4956 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 09:41:29.0872 4956 rspndr - ok 09:41:29.0887 4956 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 09:41:29.0918 4956 RTL8169 - ok 09:41:29.0946 4956 SamSs (3978f3540329e16c0ac3bcf677e5669f) C:\Windows\system32\lsass.exe 09:41:29.0957 4956 SamSs - ok 09:41:29.0988 4956 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 09:41:29.0996 4956 sbp2port - ok 09:41:30.0029 4956 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 09:41:30.0052 4956 SCardSvr - ok 09:41:30.0079 4956 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 09:41:30.0321 4956 Schedule - ok 09:41:30.0347 4956 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 09:41:30.0363 4956 SCPolicySvc - ok 09:41:30.0390 4956 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys 09:41:30.0439 4956 sdbus - ok 09:41:30.0466 4956 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 09:41:30.0507 4956 SDRSVC - ok 09:41:30.0515 4956 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 09:41:30.0562 4956 secdrv - ok 09:41:30.0578 4956 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 09:41:30.0604 4956 seclogon - ok 09:41:30.0620 4956 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll 09:41:30.0654 4956 SENS - ok 09:41:30.0667 4956 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 09:41:30.0705 4956 Serenum - ok 09:41:30.0732 4956 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 09:41:30.0782 4956 Serial - ok 09:41:30.0828 4956 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 09:41:30.0852 4956 sermouse - ok 09:41:30.0884 4956 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 09:41:30.0945 4956 SessionEnv - ok 09:41:30.0964 4956 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 09:41:31.0003 4956 sffdisk - ok 09:41:31.0022 4956 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 09:41:31.0060 4956 sffp_mmc - ok 09:41:31.0081 4956 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 09:41:31.0141 4956 sffp_sd - ok 09:41:31.0154 4956 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 09:41:31.0193 4956 sfloppy - ok 09:41:31.0215 4956 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 09:41:31.0245 4956 SharedAccess - ok 09:41:31.0294 4956 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 09:41:31.0370 4956 ShellHWDetection - ok 09:41:31.0392 4956 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 09:41:31.0400 4956 sisagp - ok 09:41:31.0421 4956 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 09:41:31.0429 4956 SiSRaid2 - ok 09:41:31.0455 4956 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 09:41:31.0464 4956 SiSRaid4 - ok 09:41:31.0535 4956 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 09:41:32.0540 4956 slsvc - ok 09:41:32.0568 4956 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 09:41:32.0599 4956 SLUINotify - ok 09:41:32.0621 4956 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 09:41:32.0637 4956 Smb - ok 09:41:32.0657 4956 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 09:41:32.0673 4956 SNMPTRAP - ok 09:41:32.0695 4956 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 09:41:32.0707 4956 spldr - ok 09:41:32.0743 4956 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 09:41:32.0821 4956 Spooler - ok 09:41:32.0859 4956 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 09:41:32.0914 4956 srv - ok 09:41:32.0931 4956 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 09:41:32.0957 4956 srv2 - ok 09:41:32.0980 4956 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 09:41:32.0997 4956 srvnet - ok 09:41:33.0015 4956 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 09:41:33.0054 4956 SSDPSRV - ok 09:41:33.0081 4956 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 09:41:33.0087 4956 ssmdrv - ok 09:41:33.0125 4956 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 09:41:33.0145 4956 SstpSvc - ok 09:41:33.0230 4956 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 09:41:33.0313 4956 Stereo Service - ok 09:41:33.0427 4956 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 09:41:33.0512 4956 stisvc - ok 09:41:33.0588 4956 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 09:41:33.0599 4956 swenum - ok 09:41:33.0670 4956 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 09:41:33.0733 4956 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 09:41:33.0733 4956 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 09:41:33.0753 4956 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 09:41:33.0784 4956 swprv - ok 09:41:33.0811 4956 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 09:41:33.0819 4956 Symc8xx - ok 09:41:33.0844 4956 SymIM - ok 09:41:33.0853 4956 SymIMMP - ok 09:41:33.0879 4956 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 09:41:33.0886 4956 Sym_hi - ok 09:41:33.0910 4956 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 09:41:33.0918 4956 Sym_u3 - ok 09:41:33.0964 4956 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 09:41:34.0050 4956 SysMain - ok 09:41:34.0147 4956 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 09:41:34.0178 4956 TabletInputService - ok 09:41:34.0214 4956 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 09:41:34.0252 4956 TapiSrv - ok 09:41:34.0275 4956 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 09:41:34.0339 4956 TBS - ok 09:41:34.0381 4956 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys 09:41:34.0430 4956 Tcpip - ok 09:41:34.0450 4956 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys 09:41:34.0476 4956 Tcpip6 - ok 09:41:34.0711 4956 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 09:41:34.0963 4956 tcpipreg - ok 09:41:34.0992 4956 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 09:41:35.0026 4956 TDPIPE - ok 09:41:35.0047 4956 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 09:41:35.0067 4956 TDTCP - ok 09:41:35.0088 4956 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 09:41:35.0109 4956 tdx - ok 09:41:35.0137 4956 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 09:41:35.0146 4956 TermDD - ok 09:41:35.0164 4956 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 09:41:35.0335 4956 TermService - ok 09:41:35.0377 4956 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 09:41:35.0391 4956 Themes - ok 09:41:35.0407 4956 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 09:41:35.0429 4956 THREADORDER - ok 09:41:35.0447 4956 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 09:41:35.0513 4956 TrkWks - ok 09:41:35.0526 4956 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 09:41:35.0586 4956 TrustedInstaller - ok 09:41:35.0605 4956 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 09:41:35.0626 4956 tssecsrv - ok 09:41:35.0651 4956 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 09:41:35.0681 4956 tunmp - ok 09:41:35.0695 4956 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 09:41:35.0707 4956 tunnel - ok 09:41:35.0740 4956 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 09:41:35.0747 4956 uagp35 - ok 09:41:35.0783 4956 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 09:41:35.0800 4956 udfs - ok 09:41:35.0841 4956 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 09:41:35.0869 4956 UI0Detect - ok 09:41:35.0892 4956 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 09:41:35.0900 4956 uliagpkx - ok 09:41:35.0926 4956 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 09:41:35.0941 4956 uliahci - ok 09:41:35.0960 4956 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 09:41:35.0969 4956 UlSata - ok 09:41:35.0992 4956 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 09:41:36.0001 4956 ulsata2 - ok 09:41:36.0035 4956 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 09:41:36.0063 4956 umbus - ok 09:41:36.0097 4956 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 09:41:36.0131 4956 upnphost - ok 09:41:36.0168 4956 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys 09:41:36.0218 4956 USBAAPL - ok 09:41:36.0286 4956 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 09:41:36.0302 4956 usbaudio - ok 09:41:36.0336 4956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 09:41:36.0364 4956 usbccgp - ok 09:41:36.0382 4956 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 09:41:36.0417 4956 usbcir - ok 09:41:36.0437 4956 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 09:41:36.0453 4956 usbehci - ok 09:41:36.0483 4956 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 09:41:36.0511 4956 usbhub - ok 09:41:36.0524 4956 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 09:41:36.0553 4956 usbohci - ok 09:41:36.0566 4956 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 09:41:36.0605 4956 usbprint - ok 09:41:36.0622 4956 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 09:41:36.0639 4956 USBSTOR - ok 09:41:36.0656 4956 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 09:41:36.0691 4956 usbuhci - ok 09:41:36.0714 4956 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 09:41:36.0756 4956 UxSms - ok 09:41:36.0796 4956 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 09:41:36.0834 4956 vds - ok 09:41:36.0857 4956 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 09:41:36.0878 4956 vga - ok 09:41:36.0917 4956 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 09:41:36.0944 4956 VgaSave - ok 09:41:36.0967 4956 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 09:41:36.0975 4956 viaagp - ok 09:41:36.0993 4956 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 09:41:37.0029 4956 ViaC7 - ok 09:41:37.0053 4956 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 09:41:37.0064 4956 viaide - ok 09:41:37.0094 4956 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 09:41:37.0107 4956 volmgr - ok 09:41:37.0135 4956 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 09:41:37.0161 4956 volmgrx - ok 09:41:37.0172 4956 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 09:41:37.0184 4956 volsnap - ok 09:41:37.0201 4956 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 09:41:37.0211 4956 vsmraid - ok 09:41:37.0252 4956 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 09:41:37.0402 4956 VSS - ok 09:41:37.0577 4956 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 09:41:37.0649 4956 W32Time - ok 09:41:37.0675 4956 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 09:41:37.0710 4956 WacomPen - ok 09:41:37.0733 4956 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 09:41:37.0750 4956 Wanarp - ok 09:41:37.0753 4956 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 09:41:37.0769 4956 Wanarpv6 - ok 09:41:37.0787 4956 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 09:41:37.0892 4956 wcncsvc - ok 09:41:37.0913 4956 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 09:41:37.0943 4956 WcsPlugInService - ok 09:41:37.0967 4956 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 09:41:37.0979 4956 Wd - ok 09:41:38.0005 4956 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys 09:41:38.0037 4956 WDC_SAM - ok 09:41:38.0126 4956 WDDMService (dbbab783009fbdf69b222641bb7831ae) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe 09:41:38.0142 4956 WDDMService ( UnsignedFile.Multi.Generic ) - warning 09:41:38.0142 4956 WDDMService - detected UnsignedFile.Multi.Generic (1) 09:41:38.0173 4956 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 09:41:38.0202 4956 Wdf01000 - ok 09:41:38.0349 4956 WDFME (a787a567b3470c91c487ece90cf7509c) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 09:41:38.0423 4956 WDFME ( UnsignedFile.Multi.Generic ) - warning 09:41:38.0424 4956 WDFME - detected UnsignedFile.Multi.Generic (1) 09:41:38.0518 4956 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 09:41:38.0708 4956 WdiServiceHost - ok 09:41:38.0712 4956 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 09:41:38.0735 4956 WdiSystemHost - ok 09:41:38.0755 4956 WDSC (b30940e39d5b3218958dbd2ea3d13bcb) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 09:41:38.0842 4956 WDSC ( UnsignedFile.Multi.Generic ) - warning 09:41:38.0842 4956 WDSC - detected UnsignedFile.Multi.Generic (1) 09:41:38.0951 4956 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 09:41:39.0005 4956 WebClient - ok 09:41:39.0035 4956 Wecsvc (905214925a88311fce52f66153de7610) C:\Windows\system32\wecsvc.dll 09:41:39.0067 4956 Wecsvc - ok 09:41:39.0092 4956 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 09:41:39.0115 4956 wercplsupport - ok 09:41:39.0143 4956 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 09:41:39.0175 4956 WerSvc - ok 09:41:39.0202 4956 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 09:41:39.0236 4956 WinDefend - ok 09:41:39.0240 4956 WinHttpAutoProxySvc - ok 09:41:39.0271 4956 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 09:41:39.0296 4956 Winmgmt - ok 09:41:39.0330 4956 WinRM (01874d4689c212460fbabf0ecd7cb7f7) C:\Windows\system32\WsmSvc.dll 09:41:39.0402 4956 WinRM - ok 09:41:39.0533 4956 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 09:41:39.0663 4956 Wlansvc - ok 09:41:39.0700 4956 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 09:41:39.0739 4956 WmiAcpi - ok 09:41:39.0771 4956 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 09:41:39.0804 4956 wmiApSrv - ok 09:41:39.0839 4956 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 09:41:40.0171 4956 WMPNetworkSvc - ok 09:41:40.0228 4956 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 09:41:40.0263 4956 WPCSvc - ok 09:41:40.0292 4956 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll 09:41:40.0368 4956 WPDBusEnum - ok 09:41:40.0427 4956 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 09:41:40.0453 4956 WPFFontCache_v0400 - ok 09:41:40.0610 4956 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 09:41:40.0634 4956 ws2ifsl - ok 09:41:40.0653 4956 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll 09:41:40.0676 4956 wscsvc - ok 09:41:40.0682 4956 WSearch - ok 09:41:40.0749 4956 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 09:41:41.0076 4956 wuauserv - ok 09:41:41.0345 4956 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 09:41:41.0366 4956 WUDFRd - ok 09:41:41.0374 4956 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 09:41:41.0403 4956 wudfsvc - ok 09:41:41.0474 4956 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe 09:41:41.0515 4956 YahooAUService - ok 09:41:41.0747 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\CyberLink\PowerDVD\000.fcl 09:41:41.0760 4956 {95808DC4-FA4A-4C74-92FE-5B863F82066B} - ok 09:41:41.0764 4956 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0 09:41:41.0784 4956 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected 09:41:41.0784 4956 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 09:41:41.0804 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 09:41:41.0804 4956 \Device\Harddisk0\DR0 - detected TDSS File System (1) 09:41:41.0807 4956 Boot (0x1200) (0ed24c7e9e13e5c99a5b0f5f07f4c612) \Device\Harddisk0\DR0\Partition0 09:41:41.0808 4956 \Device\Harddisk0\DR0\Partition0 - ok 09:41:41.0831 4956 Boot (0x1200) (fcada43a43d773a1c758389130c7a04e) \Device\Harddisk0\DR0\Partition1 09:41:41.0832 4956 \Device\Harddisk0\DR0\Partition1 - ok 09:41:41.0833 4956 ============================================================ 09:41:41.0833 4956 Scan finished 09:41:41.0833 4956 ============================================================ 09:41:41.0841 3612 Detected object count: 9 09:41:41.0841 3612 Actual detected object count: 9 09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0489 3612 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0490 3612 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0491 3612 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0492 3612 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0493 3612 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0494 3612 WDFME ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - skipped by user 09:42:23.0495 3612 WDSC ( UnsignedFile.Multi.Generic ) - User select action: Skip 09:42:23.0582 3612 \Device\Harddisk0\DR0\# - copied to quarantine 09:42:23.0768 3612 \Device\Harddisk0\DR0 - copied to quarantine 09:42:23.0784 3612 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine 09:42:23.0787 3612 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine 09:42:23.0800 3612 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 09:42:23.0893 3612 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 09:42:23.0926 3612 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 09:42:23.0939 3612 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 09:42:23.0953 3612 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 09:42:23.0967 3612 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 09:42:24.0041 3612 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 09:42:24.0085 3612 \Device\Harddisk0\DR0\TDLFS\lsflt7.ver - copied to quarantine 09:42:24.0091 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot 09:42:24.0092 3612 \Device\Harddisk0\DR0 - ok 09:42:24.0771 3612 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure 09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 09:42:24.0772 3612 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 09:43:12.0129 4852 Deinitialize success

Results of RogueKiller: RogueKiller V7.3.2 [03/20/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: Kai [Admin rights] Mode: Scan -- Date: 03/30/2012 07:42:49 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 80.79.117.220 search.yahoo.com 80.79.117.220 www.bing.com ¤¤¤ MBR Check: ¤¤¤ Finished : << RKreport[1].txt >> RKreport[1].txt

It did list 5 items under the Registry tab. All 5 were Key Type HJ. The paths were as follows: SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/ClassicStartMenu SOFTWARE/Microsoft/Windows/CurrentVersion/Explorer/HideDesktopIcons/NewStartPanel I was not able to capture the data under 'Values'.

Tried to run RogueKiller three times. Each time the program closed once it started 'Reading MBR...." I removed my external harddrive prior to running the program as instructed. The text of the program failure window: Problem signature: Problem Event Name: APPCRASH Application Name: RogueKiller.exe Application Version: 7.3.2.0 Application Timestamp: 4f6c5752 Fault Module Name: StackHash_d8be Fault Module Version: 6.0.6002.18327 Fault Module Timestamp: 4cb73436 Exception Code: c0000374 Exception Offset: 000b06fc OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: d8be Additional Information 2: c794af452499d25aeda6b84b259f36de Additional Information 3: 11c4 Additional Information 4: 2073a460db91e89da2991f0fb208a945 Problem signature: Problem Event Name: APPCRASH Application Name: RogueKiller.exe Application Version: 7.3.2.0 Application Timestamp: 4f6c5752 Fault Module Name: StackHash_7e76 Fault Module Version: 6.0.6002.18327 Fault Module Timestamp: 4cb73436 Exception Code: c0000374 Exception Offset: 000b06fc OS Version: 6.0.6002.2.2.0.768.3 Locale ID: 1033 Additional Information 1: 7e76 Additional Information 2: 6f899f77992aa57f9def0db50788250f Additional Information 3: f4ba Additional Information 4: 4410e7bcee751616166d8e940d943a18 (did not bother copying the third time)

Per instructions, I've attached the .txt files created by running dds.com after receiving repeated notices that Malwarebytes has blocked IP 208.210.73.29 This has been happening periodically for some time even though I run an AV deep scan daily and have Malwarebytes running all the time and scan with it weekly. Attach.txt DDS.txt