Jump to content

Lorgeo

Honorary Members
  • Posts

    165
  • Joined

  • Last visited

Reputation

0 Neutral

About Lorgeo

  • Birthday 02/09/1956
  1. Everything looks good.....much thanks for the help.
  2. Downloaded Delfix. When attempting to run I get the following: C:\users\sharon\desktop\delfix_10.7.exe " The specified service does not exist as an installed service." Also, these is a red slash and a administrator shield with the red/green/blue/yellow squares.
  3. Everything looks great. What do we need to do to cleanup?
  4. RogueKiller Report: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Remove -- Date : 06/08/2014 12:01:11 ¤¤¤ Bad processes : 1 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12] ¤¤¤ Registry Entries : 38 ¤¤¤[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> DELETED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> DELETED[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> DELETED[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> ERROR [2][PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> DELETED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> ERROR [2][PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> REPLACED (1)[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REPLACED (1)[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> REPLACED (1)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_D502\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> REPLACED (0)[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> REPLACED (0)[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> REPLACED (C:\Windows\Web\Wallpaper\img2.jpg)[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> REPLACED (C:\Windows\Web\Wallpaper\img2.jpg) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 173 ¤¤¤[EAT:Addr] (explorer.exe) WINMM.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd3bde8[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7fefbd50968[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7fefbd3a558[EAT:Addr] (explorer.exe) WINMM.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x7fefbd49360[EAT:Addr] (explorer.exe) WINMM.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50bdc[EAT:Addr] (explorer.exe) WINMM.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b9b8[EAT:Addr] (explorer.exe) WINMM.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x7fefbd49780[EAT:Addr] (explorer.exe) WINMM.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b8d8[EAT:Addr] (explorer.exe) WINMM.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x7fefbd3adf4[EAT:Addr] (explorer.exe) WINMM.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd34840[EAT:Addr] (explorer.exe) WINMM.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50998[EAT:Addr] (explorer.exe) WINMM.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd50738[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7fefbd50824[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7fefbd5089c[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd508dc[EAT:Addr] (explorer.exe) WINMM.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd4ed30[EAT:Addr] (explorer.exe) WINMM.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7fefbd506c0[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c844[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c8b0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cd0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7fefbd508f0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49ce0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cf0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49d00[EAT:Addr] (explorer.exe) WINMM.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7fefbd507a0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd35fe0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f8e0[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7fefbd3fb3c[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x7fefbd40660[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7fefbd41040[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd32370[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f804[EAT:Addr] (explorer.exe) WINMM.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd4a9f4[EAT:Addr] (explorer.exe) WINMM.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd33070[EAT:Addr] (explorer.exe) WINMM.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7fefbd31948[EAT:Addr] (explorer.exe) WINMM.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x7fefbd3ddf8[EAT:Addr] (explorer.exe) WINMM.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7fefbd505b4[EAT:Addr] (explorer.exe) WINMM.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50d60[EAT:Addr] (explorer.exe) WINMM.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd50094[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd36d80[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4fdb8[EAT:Addr] (explorer.exe) WINMM.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7fefbd3a4a4[EAT:Addr] (explorer.exe) WINMM.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4f9a0[EAT:Addr] (explorer.exe) WINMM.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3d628[EAT:Addr] (explorer.exe) WINMM.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50e24[EAT:Addr] (explorer.exe) WINMM.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7fefbd493a0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd503f8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd37154[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd42f40[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f4e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38d14[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd504e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd371ec[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd31dd0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7fefbd34af0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4f6dc[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f2e4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f0e8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7fefbd501b4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd42c6c[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd354dc[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd433d0[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fae0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7fefbd50ff0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x7fefbd31d10[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7fefbd50f7c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7fefbd3daa4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7fefbd512dc[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7fefbd5118c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7fefbd510a4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7fefbd51318[EAT:Addr] (explorer.exe) WINMM.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7fefbd50b18[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ebc4[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd391d0[EAT:Addr] (explorer.exe) WINMM.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd32bb8[EAT:Addr] (explorer.exe) WINMM.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd4eec0[EAT:Addr] (explorer.exe) WINMM.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7fefbd4ee40[EAT:Addr] (explorer.exe) WINMM.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7fefbd3ba20[EAT:Addr] (explorer.exe) WINMM.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd51610[EAT:Addr] (explorer.exe) WINMM.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x7fefbd4426c[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd4fb78[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fc14[EAT:Addr] (explorer.exe) WINMM.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50a44[EAT:Addr] (explorer.exe) WINMM.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50ca0[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3e49c[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3e654[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd4fecc[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3b5b0[EAT:Addr] (explorer.exe) WINMM.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50ed4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4264c[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f5d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7fefbd4eff4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x7fefbd41f50[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38dec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x7fefbd3d784[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd35348[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7fefbd502a4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x7fefbd34d20[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3bad0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd34980[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd399d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f3ec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f1e0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd34390[EAT:Addr] (explorer.exe) WINMM.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ec78[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcfc[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd5000c[EAT:Addr] (explorer.exe) WINMM.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7fefbd51380[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7fefbd51528[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7fefbd5154c[EAT:Addr] (explorer.exe) WINMM.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7fefbd51558[EAT:Addr] (explorer.exe) WINMM.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7fefbd51324[EAT:Addr] (explorer.exe) WINMM.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcac[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced594c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced6340[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec24fc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced55b8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5f14[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced5128[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec44bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDecrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3484[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeleteContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced52c8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeriveKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4124[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4904[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4338[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroySecret : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4420[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4998[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4270[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEncrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3168[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumAlgorithms : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2564[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctionProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced6718[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctions : C:\Windows\system32\bcrypt.dll @ 0x7fefced5cdc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContexts : C:\Windows\system32\bcrypt.dll @ 0x7fefced5454[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2970[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumRegisteredProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced5050[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptExportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3770[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinalizeKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec30f8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinishHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4860[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFreeBuffer : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c44[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenRandom : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5034[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2fe0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateSymmetricKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2eec[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetFipsAlgorithmMode : C:\Windows\system32\bcrypt.dll @ 0x7fefced7250[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c70[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptHashData : C:\Windows\system32\bcrypt.dll @ 0x7fefcec481c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec39bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3adc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec20f0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced574c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced60e0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced6bb0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryProviderRegistration : C:\Windows\system32\bcrypt.dll @ 0x7fefced4e00[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6e38[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4a74[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5b20[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced653c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptResolveProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced7030[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSecretAgreement : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4000[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetAuditingInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5510[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced699c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2e2c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSignHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4af0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6f50[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4cbc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptVerifySignature : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4de4[EAT:Addr] (explorer.exe) ncrypt.dll - GetAsymmetricEncryptionInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5400[EAT:Addr] (explorer.exe) ncrypt.dll - GetCipherInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5364[EAT:Addr] (explorer.exe) ncrypt.dll - GetHashInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec53d0[EAT:Addr] (explorer.exe) ncrypt.dll - GetRngInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec55e8[EAT:Addr] (explorer.exe) ncrypt.dll - GetSecretAgreementInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5490[EAT:Addr] (explorer.exe) ncrypt.dll - GetSignatureInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5410 ¤¤¤ Web browsers : 15 ¤¤¤[iE:Addon] System : McAfee SiteAdvisor Toolbar [{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}] -> DELETED[iE:Addon] System : Google Toolbar [{2318C2B1-4965-11d4-9B18-009027A5CD4F}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : Microsoft .NET Framework Assistant [{20a82645-c095-46ed-80e3-08825760534b}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : Browse For Change [browseforchange@browseforchange.com] -> DELETED[FIREFX:Addon] 7adqiqrj.default : ArcadeWeb [textlinks@arcadeweb.com] -> DELETED[FIREFX:Addon] 7adqiqrj.default : McAfee SiteAdvisor [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] -> DELETED[FIREFX:Addon] 7adqiqrj.default : RealDownloader [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] -> DELETED[CHROME:Addon] Default : Google Voice Search Hotword (Beta) [bepbmhgboaologfdajaanbcjmnhjmhfn] -> DELETED[CHROME:Addon] Default : YouTube [blpcfgokakmgnkcojhhkbfbldkacnbeo] -> ERROR [2][CHROME:Addon] Default : Google Search [coobgpohoikkiipiblmjeljniedjpjpf] -> ERROR [2][CHROME:Addon] Default : SiteAdvisor [fheoggkfdfchfphceeifdbepaooicaho] -> ERROR [2][CHROME:Addon] Default : RealDownloader [idhngdhcfkoamngbedgpaokgjbnpdiji] -> ERROR [2][CHROME:Addon] Default : Facebook Unseen [iicapmagmhahddefgokbabbgieiogjop] -> ERROR [2][CHROME:Addon] Default : Google Wallet [nmmhkkegccagdldgiimedpiccmgmieda] -> ERROR [2][CHROME:Addon] Default : Gmail [pjkljhegncpnkpknbcohdijeoejaedia] -> ERROR [2] ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_DEL_06072014_195818.log - RKreport_SCN_06062014_221939.log - RKreport_SCN_06072014_195735.log - RKreport_SCN_06082014_115601.log
  5. Here's the rest: 06:30:16.0204 0x2acc [ 5080E59ECEE0BC923F14018803AA7A01, 2E201511821AECCF056962399AFA3533ED765A3E7FD30E7B38A6D13837367E69 ] Processor C:\Windows\system32\drivers\processr.sys06:30:16.0207 0x2acc Processor - ok06:30:16.0235 0x2acc [ E058CE4FC2449D8BFA14739C83B7FF2A, 6ACA086D5E0EF3C3EAEBD78010E50739BBA7CA05E937FFF3A4F2AD22FD57B54A ] ProfSvc C:\Windows\system32\profsvc.dll06:30:16.0241 0x2acc ProfSvc - ok06:30:16.0271 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] ProtectedStorage C:\Windows\system32\lsass.exe06:30:16.0272 0x2acc ProtectedStorage - ok06:30:16.0283 0x2acc [ C5AB7F0809392D0DA027F4A2A81BFA31, B5BC9712AD93661A77AF4D67DB5F05C58A93CF7CDD6F7BA20568C0A9F4630321 ] PSched C:\Windows\system32\DRIVERS\pacer.sys06:30:16.0286 0x2acc PSched - ok06:30:16.0298 0x2acc [ FBF4DB6D53585437E41A113300002A2B, A0145CE87A95DA3775B28A00E741660C26ADE34BBCC7FC502ED809931482C8F2 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys06:30:16.0300 0x2acc PxHlpa64 - ok06:30:16.0355 0x2acc [ 0B83F4E681062F3839BE2EC1D98FD94A, 47E1B8014C59981693F5544872AF00383528AAEF0C6FE9AE8C45A6359EFB067D ] ql2300 C:\Windows\system32\drivers\ql2300.sys06:30:16.0385 0x2acc ql2300 - ok06:30:16.0409 0x2acc [ E1C80F8D4D1E39EF9595809C1369BF2A, 5C18F8366049C690FC8AA4A992AA0765A6607F72E0EF889A5F3757E59FB1C143 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys06:30:16.0417 0x2acc ql40xx - ok06:30:16.0431 0x2acc [ E8D76EDAB77EC9C634C27B8EAC33ADC5, 171A3C5D5C3C5845C3BF9A4BCD88E744B025C910AC2F528D0E7D66F173FF0BED ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys06:30:16.0433 0x2acc QWAVEdrv - ok06:30:16.0728 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys06:30:16.0896 0x2acc R300 - ok06:30:16.0951 0x2acc [ 1013B3B663A56D3DDD784F581C1BD005, 36B83F234C2D6A6112BC8B5EF0AB5075EE98AC0BED702C37E4C1C3D17EB49956 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys06:30:16.0952 0x2acc RasAcd - ok06:30:17.0022 0x2acc [ B2AE18F847D07F0044404DDF7CB04497, 24B1D5E1D0621160640264656E3D447C611DEE1B0EE308971EF85F0AC3D9F7DD ] RasAuto C:\Windows\System32\rasauto.dll06:30:17.0040 0x2acc RasAuto - ok06:30:17.0075 0x2acc [ AC7BC4D42A7E558718DFDEC599BBFC2C, E059EB9472FDDB73AF09FFEBA58D8284AFCDAB1516E0C5759980E60C892F8126 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys06:30:17.0079 0x2acc Rasl2tp - ok06:30:17.0108 0x2acc [ 3AD83E4046C43BE510DE681588ACB8AF, C5445A23F35395B3EA3974C0D5E314E23D900C694D31F7B7A83FE9027D95A91C ] RasMan C:\Windows\System32\rasmans.dll06:30:17.0118 0x2acc RasMan - ok06:30:17.0145 0x2acc [ 4517FBF8B42524AFE4EDE1DE102AAE3E, F01C8A773A637B66192BD16DDE467CAECC6E62853DBDB507FF3FC67B4B388988 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys06:30:17.0147 0x2acc RasPppoe - ok06:30:17.0154 0x2acc [ C6A593B51F34C33E5474539544072527, 8182C1D15CDC164363D3DD355197160167A00BA9FA833AA444317D06344EF7CE ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys06:30:17.0157 0x2acc RasSstp - ok06:30:17.0192 0x2acc [ 322DB5C6B55E8D8EE8D6F358B2AAABB1, 07B89F701594F680F50A885B923521763A6131104CEE63D422E1C359C23AE2F6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys06:30:17.0228 0x2acc rdbss - ok06:30:17.0252 0x2acc [ 603900CC05F6BE65CCBF373800AF3716, 83B010D51D1087673CF15FD0A992FD91CC910A073FEA9A8F20F6124B6E5489F2 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys06:30:17.0254 0x2acc RDPCDD - ok06:30:17.0287 0x2acc [ C045D1FB111C28DF0D1BE8D4BDA22C06, 572986C93B982387EE94797A1EDE1C6C444B0F1078AC8201099452BFA021458F ] rdpdr C:\Windows\system32\drivers\rdpdr.sys06:30:17.0296 0x2acc rdpdr - ok06:30:17.0301 0x2acc [ CAB9421DAF3D97B33D0D055858E2C3AB, 66C353CD310A91FAB0D0871ACCE71110595B63536560D0331DA70B1E33AC45BE ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys06:30:17.0303 0x2acc RDPENCDD - ok06:30:17.0333 0x2acc [ AE4BD9E1C33D351D8E607FC81F15160C, AD785CA72B7C6EB9F94B2E797C758C0F804DB26EE056DDC6D4F85BB562A02EA4 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys06:30:17.0337 0x2acc RDPWD - ok06:30:17.0427 0x2acc [ B2D01290C0E0465ACA54C2088E947823, 6FB6E6CFAF3F2F948B753A0CFF6F9058BF3ED0E421204EE58848F0DFD694A747 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe06:30:17.0429 0x2acc RealNetworks Downloader Resolver Service - ok06:30:17.0464 0x2acc [ C612B9557DA73F70D41F8A6FBC8E5344, D7D11F202066F848FBD3F26D9FF915C7F3D68F30631393B2049F3AC5A40FD108 ] RemoteAccess C:\Windows\System32\mprdim.dll06:30:17.0468 0x2acc RemoteAccess - ok06:30:17.0499 0x2acc [ 44B9D8EC2F3EF3A0EFB00857AF70D861, A45D8024A242456A73337C91663A3E1633BF163234CDFD5DF86840F31FFFE84D ] RemoteRegistry C:\Windows\system32\regsvc.dll06:30:17.0507 0x2acc RemoteRegistry - ok06:30:17.0544 0x2acc [ CF1EEE81FD32238FC51ADCA9F2266B7D, A807593B83163B4EC1E5344A2A9C6E7B07353E765790C96753258B804FB58231 ] RLDesignVirtualAudioCableWdm C:\Windows\system32\DRIVERS\livecamv.sys06:30:17.0546 0x2acc RLDesignVirtualAudioCableWdm - ok06:30:17.0633 0x2acc [ FDED778DAF09235E4580F1B9046946B6, E6DCFF75617B1F23967CF19533AA554A45012AF9B6FD6AD9BD7AC29DCF3D7B6A ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe06:30:17.0657 0x2acc RoxLiveShare10 - ok06:30:17.0697 0x2acc [ E054A2CAF0E2A55C9AAC0BF1CCC558A5, F7C637DB45E834813E04DBAC2F918FD897CAC3C1DD20B8087BEE39C3BEEACA61 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe06:30:17.0725 0x2acc RoxMediaDB10 - ok06:30:17.0745 0x2acc [ C75FDA9AB3314E555123673E08F9D86D, 97B8DB1AD3DFDDAACE14500EB2497B72C83702F6CA3C2A7E417AA9B0B45BBBF0 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe06:30:17.0751 0x2acc RoxWatch10 - ok06:30:17.0779 0x2acc [ F46C457840D4B7A4DAAFEE739CE04102, 94E946036240B3BAFF17C4A49745E29E492ABBC7BE5110741B212DF4D7F45B84 ] RpcLocator C:\Windows\system32\locator.exe06:30:17.0781 0x2acc RpcLocator - ok06:30:17.0835 0x2acc [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] RpcSs C:\Windows\System32\rpcss.dll06:30:17.0849 0x2acc RpcSs - ok06:30:17.0872 0x2acc [ 22A9CB08B1A6707C1550C6BF099AAE73, 46A9D40A03DC0B6C93274C0C1CDB132B2339E76E77CAB0F12AEDAD4C31822B91 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys06:30:17.0875 0x2acc rspndr - ok06:30:17.0896 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] SamSs C:\Windows\system32\lsass.exe06:30:17.0897 0x2acc SamSs - ok06:30:17.0905 0x2acc [ CD9C693589C60AD59BBBCFB0E524E01B, F9EBD4FF4C712A563B1120D123012E41105D31402BE45D6F8C8DA71155D64ECB ] sbp2port C:\Windows\system32\drivers\sbp2port.sys06:30:17.0908 0x2acc sbp2port - ok06:30:17.0933 0x2acc [ FD1CDCF108D5EF3366F00D18B70FB89B, 5BCE3A9D5DC0B6937A734264C5B8DE0E6B8F77A869A118F94D57E662AAB28FE2 ] SCardSvr C:\Windows\System32\SCardSvr.dll06:30:17.0938 0x2acc SCardSvr - ok06:30:17.0979 0x2acc [ 0F838C811AD295D2A4489B9993096C63, 3DF2F973359249735810CB5AD52E05126A93A1C7D9F6274ACB018A0A125846BD ] Schedule C:\Windows\system32\schedsvc.dll06:30:18.0001 0x2acc Schedule - ok06:30:18.0040 0x2acc [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] SCPolicySvc C:\Windows\System32\certprop.dll06:30:18.0042 0x2acc SCPolicySvc - ok06:30:18.0058 0x2acc [ 4FF71B076A7760FE75EA5AE2D0EE0018, DDDBC9530120F8C1AB449076F6F06F74354149B4C458E6682F957628EE795DE8 ] SDRSVC C:\Windows\System32\SDRSVC.dll06:30:18.0063 0x2acc SDRSVC - ok06:30:18.0077 0x2acc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys06:30:18.0079 0x2acc secdrv - ok06:30:18.0090 0x2acc [ 5ACDCBC67FCF894A1815B9F96D704490, FE0247A8BEDB860EBD46A9D49C641D0B9AA24EE34132CDDADC9F5A605238FDA7 ] seclogon C:\Windows\system32\seclogon.dll06:30:18.0093 0x2acc seclogon - ok06:30:18.0101 0x2acc [ F71BFE7AC6C52273B7C82CBF1BB2A222, 8C7F0E426B266DBBFE4BBE3333A33C338209BD8BE0E434A98D0D2CFD78D3F758 ] Serenum C:\Windows\system32\drivers\serenum.sys06:30:18.0102 0x2acc Serenum - ok06:30:18.0110 0x2acc [ E62FAC91EE288DB29A9696A9D279929C, 9B6A420556532F7F8D55FB6580A592A43BEA579A068B970C741A23DB079ECAD1 ] Serial C:\Windows\system32\drivers\serial.sys06:30:18.0113 0x2acc Serial - ok06:30:18.0119 0x2acc [ A842F04833684BCEEA7336211BE478DF, 9D964AEA237C44898098AC9C2D043F00C66EDA7D73C381D616737C01A9D0FF45 ] sermouse C:\Windows\system32\drivers\sermouse.sys06:30:18.0121 0x2acc sermouse - ok06:30:18.0144 0x2acc [ 14D4B4465193A87C127933978E8C4106, A5C3F2F09E9A0715529B05AC1020EF0F432121E129447795257087E0D6A812FC ] sffdisk C:\Windows\system32\drivers\sffdisk.sys06:30:18.0146 0x2acc sffdisk - ok06:30:18.0152 0x2acc [ 7073AEE3F82F3D598E3825962AA98AB2, 82A959A0970CBA8CC16D44736ED12158E59E138484F3F53EBDD3A4C02DA3700D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys06:30:18.0153 0x2acc sffp_mmc - ok06:30:18.0167 0x2acc [ 35E59EBE4A01A0532ED67975161C7B82, 4F4296B8903FCD06439CC8BF93C703852E523834F09CF9121FDA729A988AF11B ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys06:30:18.0169 0x2acc sffp_sd - ok06:30:18.0175 0x2acc [ 6B7838C94135768BD455CBDC23E39E5F, 868E054ED546479DEAD7C2834C7AB080820522C16F5B4BEF0F3B279A33ABA9C8 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys06:30:18.0176 0x2acc sfloppy - ok06:30:18.0219 0x2acc [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34, 9659C7B5046DE2C0416A74FDE6F798C3E78D38327CB71BAE49D57A8347A9097D ] SharedAccess C:\Windows\System32\ipnathlp.dll06:30:18.0230 0x2acc SharedAccess - ok06:30:18.0286 0x2acc [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] ShellHWDetection C:\Windows\System32\shsvcs.dll06:30:18.0308 0x2acc ShellHWDetection - ok06:30:18.0339 0x2acc [ 7A5DE502AEB719D4594C6471060A78B3, E8E16DF8AFFC230FBB1A5938925D464A1BA776184B8C020B37669EE2105DB9F2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys06:30:18.0341 0x2acc SiSRaid2 - ok06:30:18.0348 0x2acc [ 3A2F769FAB9582BC720E11EA1DFB184D, 83EEBCE37E8709FCE15FB44F546C727C56064ED49B73A471EA33480573558419 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys06:30:18.0351 0x2acc SiSRaid4 - ok06:30:18.0448 0x2acc [ A9A27A8E257B45A604FDAD4F26FE7241, C5A1056522EE2BA7B70D34E391477A0E9351569CEF28B875172F4B363F6D4177 ] slsvc C:\Windows\system32\SLsvc.exe06:30:18.0495 0x2acc slsvc - ok06:30:18.0518 0x2acc [ 290B6F6A0EC4FCDFC90F5CB6D7020473, 971888FE760641FF86165B9876E6FC12DBC309C0FED2734C60B9E0EBC078AAE0 ] Smb C:\Windows\system32\DRIVERS\smb.sys06:30:18.0522 0x2acc Smb - ok06:30:18.0537 0x2acc [ F8F47F38909823B1AF28D60B96340CFF, EFD948EE09F22F9F373A98BA6D9BC519FD9244986E4BE7B2BACD92D3C145AD1D ] SNMPTRAP C:\Windows\System32\snmptrap.exe06:30:18.0540 0x2acc SNMPTRAP - ok06:30:18.0552 0x2acc [ 386C3C63F00A7040C7EC5E384217E89D, DD8766BCBD77EC6F67979A8B37B943A3A0E5478CE3FB129BF8FCA29B66529721 ] spldr C:\Windows\system32\drivers\spldr.sys06:30:18.0553 0x2acc spldr - ok06:30:18.0598 0x2acc [ F66FF751E7EFC816D266977939EF5DC3, 689BDD0B442830E162F2F9A8EFBD0E137F518C7F0CD92EDF4A43EFBA188B69F4 ] Spooler C:\Windows\System32\spoolsv.exe06:30:18.0607 0x2acc Spooler - ok06:30:18.0630 0x2acc [ 880A57FCCB571EBD063D4DD50E93E46D, D46BA584D1C33F17C4156127742FA470AA044C4BCE9E6A209E5B1F3A44C73350 ] srv C:\Windows\system32\DRIVERS\srv.sys06:30:18.0642 0x2acc srv - ok06:30:18.0673 0x2acc [ A1AD14A6D7A37891FFFECA35EBBB0730, AE00950D330EE4C05F5AA9BC7E63E974766D8E93B607CB3E683C727E8A65049D ] srv2 C:\Windows\system32\DRIVERS\srv2.sys06:30:18.0678 0x2acc srv2 - ok06:30:18.0687 0x2acc [ 4BED62F4FA4D8300973F1151F4C4D8A7, 1835895B3E837F8862F7F669DFBDF5EAB627E5656377624474C17E92CF440D2A ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys06:30:18.0692 0x2acc srvnet - ok06:30:18.0724 0x2acc [ 192C74646EC5725AEF3F80D19FF75F6A, 8F24FF139A46B1F837356B9D682526107D7BADCFA510842FEACB6F06C02D93D9 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll06:30:18.0730 0x2acc SSDPSRV - ok06:30:18.0767 0x2acc [ 2EE3FA0308E6185BA64A9A7F2E74332B, EC6A15281685E6CDEADABDFD08C4AF980AD3B404C945EB121D7F90AFCA3D6849 ] SstpSvc C:\Windows\system32\sstpsvc.dll06:30:18.0772 0x2acc SstpSvc - ok06:30:18.0895 0x2acc [ DC4A7A067508470838D2D2336BFEB1E1, F9CFF8A1B60D4A94AA610E1E2CA130E765D640C4BB4B9A51580FF50E09354BE2 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_4b8037c7\STacSV64.exe06:30:18.0902 0x2acc STacSV - ok06:30:18.0966 0x2acc [ 6299F206F17E34EAD0EF63DAD8CD4272, A37DD618F74F91CB1259A6B1602D9743AAED4C8468B074FF5B50698EFB674E20 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys06:30:18.0978 0x2acc STHDA - ok06:30:19.0040 0x2acc [ 15825C1FBFB8779992CB65087F316AF5, E9431C016D209A7322C0586F11EEF0AB461AB5822960287BB1D0FBC30183614D ] stisvc C:\Windows\System32\wiaservc.dll06:30:19.0056 0x2acc stisvc - ok06:30:19.0127 0x2acc [ 1D0063597C3666404FCF97698ABEB019, 352A63C97F930499BC598C2A398663377D7CCD4A42770E35635C90EDC4DA530A ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe06:30:19.0131 0x2acc stllssvr - ok06:30:19.0153 0x2acc [ 8A851CA908B8B974F89C50D2E18D4F0C, 27EA13E50B5B72ABF6C5B7B7D34A7154A12BB27B1C1B2EEFCAA36A96010DB4DC ] swenum C:\Windows\system32\DRIVERS\swenum.sys06:30:19.0155 0x2acc swenum - ok06:30:19.0201 0x2acc [ 6DE37F4DE19D4EFD9C48C43ADDBC949A, 9C3714238571704CEE2AD4F1E15029243E00B494345C41F74EFDF3F0328CC9EA ] swprv C:\Windows\System32\swprv.dll06:30:19.0238 0x2acc swprv - ok06:30:19.0255 0x2acc [ 2F26A2C6FC96B29BEFF5D8ED74E6625B, 0227EAF144BC35AA4FF2535E8C9974C0609B7634EE45F4166B9F88F79B17BBF1 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys06:30:19.0258 0x2acc Symc8xx - ok06:30:19.0272 0x2acc [ A909667976D3BCCD1DF813FED517D837, 0874DD4C1CA7AE2E519EBB45433BC9F11A574408F5D2F9E23A340CA76512F5CE ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys06:30:19.0274 0x2acc Sym_hi - ok06:30:19.0285 0x2acc [ 36887B56EC2D98B9C362F6AE4DE5B7B0, 7349FABACB633A9EEE3D4E241A5F443C28D23CC87F21EAAB3F1711644AA21D7C ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys06:30:19.0287 0x2acc Sym_u3 - ok06:30:19.0313 0x2acc [ 005CE42567F9113A3BCCB3B20073B029, B1831D71410AD6E7DEB59D26BF6D2D07D2F6112936D6A6FDA57E9296ADA4076D ] TabletInputService C:\Windows\System32\TabSvc.dll06:30:19.0317 0x2acc TabletInputService - ok06:30:19.0339 0x2acc [ CC2562B4D55E0B6A4758C65407F63B79, C6AD05B345C699A715EC13830D8EA6EE9822F4B713D15B1F29AC044674A0F498 ] TapiSrv C:\Windows\System32\tapisrv.dll06:30:19.0349 0x2acc TapiSrv - ok06:30:19.0397 0x2acc [ CDBE8D7C1E201B911CDC346D06617FB5, 16D5965E32A109DA38D77F4B6281081569D78371B2F522DE51100967F8776C7A ] TBS C:\Windows\System32\tbssvc.dll06:30:19.0400 0x2acc TBS - ok06:30:19.0464 0x2acc [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip C:\Windows\system32\drivers\tcpip.sys06:30:19.0499 0x2acc Tcpip - ok06:30:19.0541 0x2acc [ EA8623BDD511A1ACD18DA4883860ADDE, A3BE60B3DBFF783111B1AD5D070F376ABFA94D61378D32EDA714E4E90043DE4D ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys06:30:19.0567 0x2acc Tcpip6 - ok06:30:19.0600 0x2acc [ 24D7686A4A0323FB987654BD228C1F39, 46F464BDA89944A4F1DFF61B80FE99819BD98BFF441BACCDDF0429EEB24C5E20 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys06:30:19.0602 0x2acc tcpipreg - ok06:30:19.0638 0x2acc [ 1D8BF4AAA5FB7A2761475781DC1195BC, A28E972E9331BAD685D4C786FDE221565E0AD3E222B24B9182B7FA916BFCD9C8 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys06:30:19.0639 0x2acc TDPIPE - ok06:30:19.0657 0x2acc [ 7F7E00CDF609DF657F4CDA02DD1C9BB1, 42A408E82D4017D27D3B0BBBA02BF4B21DEC060C89849785ED65962D18029B65 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys06:30:19.0659 0x2acc TDTCP - ok06:30:19.0678 0x2acc [ 458919C8C42E398DC4802178D5FFEE27, E38828411DCE0AE2E2BF0D270FD80E47B46EDE4B44DAFD1DF11F54D427EACEB5 ] tdx C:\Windows\system32\DRIVERS\tdx.sys06:30:19.0681 0x2acc tdx - ok06:30:19.0705 0x2acc [ 8C19678D22649EC002EF2282EAE92F98, 551E7EBA54C2345F2B7FD7AAA7ADA4C852C94F1B35E6E4BBEF883BAFA34F6262 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys06:30:19.0708 0x2acc TermDD - ok06:30:19.0736 0x2acc [ 5CDD30BC217082DAC71A9878D9BFD566, 260D40973F9EEAE9A1890B813D8DCC01A9434D17DCE5DA1D16B72A57DCF59194 ] TermService C:\Windows\System32\termsrv.dll06:30:19.0747 0x2acc TermService - ok06:30:19.0778 0x2acc [ 56793271ECDEDD350C5ADD305603E963, 7A29407C1C550FF3A6A3544811ABD971E9C760B984A7E64D5A1440C69D6AF483 ] Themes C:\Windows\system32\shsvcs.dll06:30:19.0785 0x2acc Themes - ok06:30:19.0817 0x2acc [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] THREADORDER C:\Windows\system32\mmcss.dll06:30:19.0819 0x2acc THREADORDER - ok06:30:19.0846 0x2acc [ F4689F05AF472A651A7B1B7B02D200E7, 3D34B8879DBC69013D1A87A3F47B8A622A60B57F2E962E9F5925C5A01F44640F ] TrkWks C:\Windows\System32\trkwks.dll06:30:19.0851 0x2acc TrkWks - ok06:30:19.0901 0x2acc [ 66328B08EF5A9305D8EDE36B93930369, FD8136BF15AB8D2DB15D011C4F813737D68EED1178462DB8CE40606C16185A30 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe06:30:19.0903 0x2acc TrustedInstaller - ok06:30:19.0930 0x2acc [ B2388462329ACD17AF50D8701E0C1B18, 959D7B7CCB526367645BAA11C56C88C9AD741EE338BAD6513C54FC7ED43F3AC0 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys06:30:19.0931 0x2acc tssecsrv - ok06:30:19.0943 0x2acc [ 89EC74A9E602D16A75A4170511029B3C, AACD82A6F5FE31FF1315F5CA69E5EB6BD172DD86610F0641177CCC131B542034 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys06:30:19.0945 0x2acc tunmp - ok06:30:19.0961 0x2acc [ 30A9B3F45AD081BFFC3BCAA9C812B609, 57204F1F72FEFA086FF1D8A14487D56F4DEDD3C50FBB6903E0C4AC749EA720DE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys06:30:19.0963 0x2acc tunnel - ok06:30:19.0979 0x2acc [ FEC266EF401966311744BD0F359F7F56, 6EE0223AEFA7A81BEB155FC0CD4421C2BEBCDCBC9663C23064B0445101114BF8 ] uagp35 C:\Windows\system32\drivers\uagp35.sys06:30:19.0982 0x2acc uagp35 - ok06:30:20.0011 0x2acc [ FAF2640A2A76ED03D449E443194C4C34, CC2517DCFE6962EB2EDEB93E44CB53B113974C9C69A050E3F36385C8D78E810B ] udfs C:\Windows\system32\DRIVERS\udfs.sys06:30:20.0020 0x2acc udfs - ok06:30:20.0047 0x2acc [ 060507C4113391394478F6953A79EEDC, 5D0AE5F1184165289DC8E8CD493607FCB68512CF90F748E3BFD2250655D784D4 ] UI0Detect C:\Windows\system32\UI0Detect.exe06:30:20.0050 0x2acc UI0Detect - ok06:30:20.0076 0x2acc [ 4EC9447AC3AB462647F60E547208CA00, F304125321B1ECA915EDDBDB6A71EAEF3123DCB5604C9497D72F12E0C1BD5315 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys06:30:20.0079 0x2acc uliagpkx - ok06:30:20.0108 0x2acc [ 697F0446134CDC8F99E69306184FBBB4, A741882B8FE403E3A5DECED5D4A2254B14AF40ACECD4DAA3D00D71C2205C2C5F ] uliahci C:\Windows\system32\drivers\uliahci.sys06:30:20.0115 0x2acc uliahci - ok06:30:20.0144 0x2acc [ 31707F09846056651EA2C37858F5DDB0, A619AC4B32EA77AC29458894614870086C4DDB81525ADBCFF1AB8970FC5C257A ] UlSata C:\Windows\system32\drivers\ulsata.sys06:30:20.0149 0x2acc UlSata - ok06:30:20.0158 0x2acc [ 85E5E43ED5B48C8376281BAB519271B7, DBDA4216553F7C5EA0C579346D0A638E62766D5B8FCB1BFF3149BB37BBF978D3 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys06:30:20.0164 0x2acc ulsata2 - ok06:30:20.0179 0x2acc [ 46E9A994C4FED537DD951F60B86AD3F4, 256F93ED3BD43B50F0D4489164D959F95AB070CC25A80A46355D2B387D336224 ] umbus C:\Windows\system32\DRIVERS\umbus.sys06:30:20.0181 0x2acc umbus - ok06:30:20.0241 0x2acc [ A565B509000BD3E42A9B93B9FFD40D3D, A22734F2DDAAD743D479D40EA91024F1A16A18D9D6C9FC4F90F3930AD040BFA3 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys06:30:20.0244 0x2acc usbaudio - ok06:30:20.0294 0x2acc [ 858CC93477F9A9383E07861892600FF9, C72B25E7F6AF46AC22F8D2A1FA0345B290AAE642442C8A388EA75944334BB289 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys06:30:20.0298 0x2acc usbccgp - ok06:30:20.0315 0x2acc [ 9247F7E0B65852C1F6631480984D6ED2, E3360A0EE891B8BADEF5FF53F796C79D6AD218961087F866E451F3B6F278672A ] usbcir C:\Windows\system32\drivers\usbcir.sys06:30:20.0318 0x2acc usbcir - ok06:30:20.0337 0x2acc [ 82C3790E4E6F35087EF00994C7A72988, 95FA022BDAC65DCD2DA52C8FCC1F2C186B321F4599F40CB90262E24FD10AE16C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys06:30:20.0339 0x2acc usbehci - ok06:30:20.0364 0x2acc [ BE2EB33AF6EE2E5DA07EB987E0A321F5, 0FCFABA080C553451AE4FAFB54DFE57639251D97DA204C07EC66F469826F3B46 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys06:30:20.0372 0x2acc usbhub - ok06:30:20.0385 0x2acc [ EBA14EF0C07CEC233F1529C698D0D154, FBA35D53A90FD6C3F91DA5ECE10EF29858CB4CB512AA20548225F83E9FE0A23D ] usbohci C:\Windows\system32\drivers\usbohci.sys06:30:20.0387 0x2acc usbohci - ok06:30:20.0399 0x2acc [ 28B693B6D31E7B9332C1BDCEFEF228C1, 6B756E6D7459F755C76BC3F497643F6818F107304B789952B233C6585434F3A8 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys06:30:20.0401 0x2acc usbprint - ok06:30:20.0430 0x2acc [ C024814884CE9E6C2E6ED76A63AC3B9A, 39C9EB54998547B0B65EEE6391AA326B02C7CA52FAE9CEB98D538FEC8D9F1858 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys06:30:20.0432 0x2acc usbscan - ok06:30:20.0457 0x2acc [ B854C1558FCA0C269A38663E8B59B581, 08CC36B33FA2281FC88671BE051863AA8CA911446D24596049DB77FB4CB09EA6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS06:30:20.0461 0x2acc USBSTOR - ok06:30:20.0480 0x2acc [ 308F6DDC052C970D679DA37D8A305279, E0F4C3C8F27E21C186289B115ECAB771777BC7E848F29D683C53C9F936F30848 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys06:30:20.0482 0x2acc usbuhci - ok06:30:20.0511 0x2acc [ D76E231E4850BB3F88A3D9A78DF191E3, 98CAD31C41AD155EA853DF850D94FA29543C3A7D26262D1B6881281D033CEBAF ] UxSms C:\Windows\System32\uxsms.dll06:30:20.0514 0x2acc UxSms - ok06:30:20.0549 0x2acc [ 294945381DFA7CE58CECF0A9896AF327, 67414C6D79D2826BC86BB37349C9D74DB4B667310CBC1ABFD103E26332AE4A00 ] vds C:\Windows\System32\vds.exe06:30:20.0563 0x2acc vds - ok06:30:20.0592 0x2acc [ 916B94BCF1E09873FFF2D5FB11767BBC, 072007FED4EF30C4D7AF8628CBEB2AC99EEAD99D7AB533E90E3748E3D4F11C28 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys06:30:20.0593 0x2acc vga - ok06:30:20.0599 0x2acc [ B83AB16B51FEDA65DD81B8C59D114D63, 97D39AA763037752D87216B83896AFD2AD6DFEBB3BCDCED7A9ABFE5706B804C5 ] VgaSave C:\Windows\System32\drivers\vga.sys06:30:20.0602 0x2acc VgaSave - ok06:30:20.0620 0x2acc [ 8294B6C3FDB6C33F24E150DE647ECDAA, FEBD9536EF61F700DFD5D9CB815808C8415D5B23590B3CE17B12D84F4670EA4D ] viaide C:\Windows\system32\drivers\viaide.sys06:30:20.0622 0x2acc viaide - ok06:30:20.0639 0x2acc [ 2B7E885ED951519A12C450D24535DFCA, 249009EBC1D306D51FDFA4A89588462AA2D8B6DF0A20BE250B60DD73200CB7F3 ] volmgr C:\Windows\system32\drivers\volmgr.sys06:30:20.0642 0x2acc volmgr - ok06:30:20.0677 0x2acc [ CEC5AC15277D75D9E5DEC2E1C6EAF877, EA989E257C4409F9AF3B35C4D7ED9134D930FE3733B077C4F3AA5497796F2CB0 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys06:30:20.0688 0x2acc volmgrx - ok06:30:20.0712 0x2acc [ 582F710097B46140F5A89A19A6573D4B, 6F695B17BF476D027D3012352F3D4DFD0E0815823DA51A136767ECEF6D64A1CA ] volsnap C:\Windows\system32\drivers\volsnap.sys06:30:20.0720 0x2acc volsnap - ok06:30:20.0745 0x2acc [ A68F455ED2673835209318DD61BFBB0E, 8B2B255E8E2F8B415F7AC0F7F4C423F639DD47737F7CEE0F7C816D9A6893C5F7 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys06:30:20.0750 0x2acc vsmraid - ok06:30:20.0819 0x2acc [ B75232DAD33BFD95BF6F0A3E6BFF51E1, A8120040F144AD42A39347A615F31BF752634994D4D134E2FAD23FEA9C1D71DF ] VSS C:\Windows\system32\vssvc.exe06:30:20.0856 0x2acc VSS - ok06:30:20.0880 0x2acc [ F14A7DE2EA41883E250892E1E5230A9A, EBCB74BE26437F6FE84A3B41AD034F451D4BD12CA77D4C7A433DB912E7D31593 ] W32Time C:\Windows\system32\w32time.dll06:30:20.0891 0x2acc W32Time - ok06:30:20.0922 0x2acc [ FEF8FE5923FEAD2CEE4DFABFCE3393A7, D682FBF78CF987609AF35A019E7C90CBE02800D7DFC272FFDD71D82AA362FA7A ] WacomPen C:\Windows\system32\drivers\wacompen.sys06:30:20.0923 0x2acc WacomPen - ok06:30:20.0943 0x2acc [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys06:30:20.0946 0x2acc Wanarp - ok06:30:20.0952 0x2acc [ B8E7049622300D20BA6D8BE0C47C0CFD, 57CF218D1F7D505E354A15C552D94E3C5A68C2B07D7A76EBB0C87A0BFF5772D9 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys06:30:20.0954 0x2acc Wanarpv6 - ok06:30:20.0960 0x2acc [ 0C17A0816F65B89E362E682AD5E7266E, 6233213D07B234056A1EC6FE1166A65371645269132B428FF3A29DDC0000301A ] Wd C:\Windows\system32\drivers\wd.sys06:30:20.0962 0x2acc Wd - ok06:30:21.0004 0x2acc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys06:30:21.0024 0x2acc Wdf01000 - ok06:30:21.0063 0x2acc [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiServiceHost C:\Windows\system32\wdi.dll06:30:21.0067 0x2acc WdiServiceHost - ok06:30:21.0073 0x2acc [ C5EFDA73EBFCA8B02A094898DE0A9276, DE54E06CBE20EB27D88B29C3AE19CDFA0AE4933D6DCD640912C74A1065C9391C ] WdiSystemHost C:\Windows\system32\wdi.dll06:30:21.0077 0x2acc WdiSystemHost - ok06:30:21.0103 0x2acc [ BD9A749F36710FFA02E0E530F7451936, B57A80CA9D689C0122771205F16E1458BEAC7A68B9C2B492FE5EF329FD0DFAFE ] Wecsvc C:\Windows\system32\wecsvc.dll06:30:21.0111 0x2acc Wecsvc - ok06:30:21.0139 0x2acc [ 9C980351D7E96288EA0C23AE232BD065, BA627B04C4259716B451F421F5310A69D8DE9407DE496AA0489139125E9DC16A ] wercplsupport C:\Windows\System32\wercplsupport.dll06:30:21.0144 0x2acc wercplsupport - ok06:30:21.0169 0x2acc [ 66B9ECEBC46683F47EDC06333C075FEF, 35C33596D97DB65DE0A687644E9AD924AD5FCBAFD83FE4D23E7E58EF4BC4CC87 ] WerSvc C:\Windows\System32\WerSvc.dll06:30:21.0174 0x2acc WerSvc - ok06:30:21.0204 0x2acc WinDefend - ok06:30:21.0210 0x2acc WinHttpAutoProxySvc - ok06:30:21.0279 0x2acc [ D2E7296ED1BD26D8DB2799770C077A02, B494719C2DEB7B9D2505866868143C4E4F59B88461920AA49BD9F1251B6571B8 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll06:30:21.0286 0x2acc Winmgmt - ok06:30:21.0378 0x2acc [ 42717DB2BE3A075D0F0CD5C927C27A43, 7CC116B2F6F2911E05A1E7AAE790D2D75F388438AF050B1A7E7C595ABF5F16A4 ] WinRM C:\Windows\system32\WsmSvc.dll06:30:21.0421 0x2acc WinRM - ok06:30:21.0482 0x2acc [ 7F2F9E48566B2087F2AAAD258CB2A8D4, E6A34DF879F6D9F24C8CE5F131B4A104BCDF8720B0F4C6211FF4C9BD567EFB77 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.SYS06:30:21.0484 0x2acc WinUsb - ok06:30:21.0525 0x2acc [ EC339C8115E91BAED835957E9A677F16, 3BBE6D4F1731198E8F0CFEE67C4CCA5C31E6968F8E02EF9E029C1847A26F513B ] Wlansvc C:\Windows\System32\wlansvc.dll06:30:21.0550 0x2acc Wlansvc - ok06:30:21.0567 0x2acc [ E18AEBAAA5A773FE11AA2C70F65320F5, 9E2F6FC0F46D0EEEBF4BC1E3D8800B3D268079ABF8EDDD70CD21B789883D7390 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys06:30:21.0568 0x2acc WmiAcpi - ok06:30:21.0598 0x2acc [ 21FA389E65A852698B6A1341F36EE02D, 2D60911EAAE26C4CE3DEF4FAD1EDE093F912209AA90741AAA8B93F06B37DF605 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe06:30:21.0605 0x2acc wmiApSrv - ok06:30:21.0628 0x2acc WMPNetworkSvc - ok06:30:21.0659 0x2acc [ CBC156C913F099E6680D1DF9307DB7A8, FD8B227F445679E31048CA41442A978A98F267FED96E22C235F63C72AEEE2AB0 ] WPCSvc C:\Windows\System32\wpcsvc.dll06:30:21.0666 0x2acc WPCSvc - ok06:30:21.0689 0x2acc [ 6329D1990DB931073B86AB5946D8E317, F33581D21659A274BF5C0762E24A7DBEEB6380AB6ED0FACD76F1BD2858C4DA49 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys06:30:21.0692 0x2acc WpdUsb - ok06:30:21.0707 0x2acc [ 8A900348370E359B6BFF6A550E4649E1, 3EAD0B951EAF8E940ED6A79FAAAB7D22ACCF3985795F80206A3A07161D319B39 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys06:30:21.0709 0x2acc ws2ifsl - ok06:30:21.0735 0x2acc [ 9EA3E6D0EF7A5C2B9181961052A4B01A, F39BAF1FC7DD1600C0052C2A6AA3BCBC8CA3DA96D1AC7B42B0F2810D051EE1B0 ] wscsvc C:\Windows\system32\wscsvc.dll06:30:21.0739 0x2acc wscsvc - ok06:30:21.0744 0x2acc WSearch - ok06:30:21.0830 0x2acc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll06:30:21.0893 0x2acc wuauserv - ok06:30:21.0922 0x2acc [ 501A65252617B495C0F1832F908D54D8, CB18A80EAB2F23579D1D38B12CD04CF579C6D0B73127A1E88305CC0488D40B2C ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys06:30:21.0926 0x2acc WUDFRd - ok06:30:21.0954 0x2acc [ 6CBD51FF913C851D56ED9DC7F2A27DDE, 736C66A944F3D37464052211B2728AD53D31CB631CD33B9E094C00D76BF17399 ] wudfsvc C:\Windows\System32\WUDFSvc.dll06:30:21.0958 0x2acc wudfsvc - ok06:30:21.0963 0x2acc ================ Scan global ===============================06:30:21.0997 0x2acc [ 060DC3A7A9A2626031EB23D90151428D, 4AADA06E83603E9D4894D6CFC8DADB018307B384F438C809D4BC8E22BD937C3B ] C:\Windows\system32\basesrv.dll06:30:22.0032 0x2acc [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll06:30:22.0056 0x2acc [ D665D594B7E11133D29D726BDDC7A5B0, 8EE45E719ACB23F388F2BE7E4311588E90DE7CF50988927CF0FED36DE380FACB ] C:\Windows\system32\winsrv.dll06:30:22.0110 0x2acc [ 934E0B7D77FF78C18D9F8891221B6DE3, BB1ACD3CD6482D8B7C5931E8733B8094D2CE59C4FBC4012BD0799C8DC367FB74 ] C:\Windows\system32\services.exe06:30:22.0122 0x2acc [ Global ] - ok06:30:22.0122 0x2acc ================ Scan MBR ==================================06:30:22.0146 0x2acc [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR006:30:22.0371 0x2acc \Device\Harddisk0\DR0 - ok06:30:22.0371 0x2acc ================ Scan VBR ==================================06:30:22.0374 0x2acc [ 3E312F46E1CE63EF6FA0360C4F3A6239 ] \Device\Harddisk0\DR0\Partition106:30:22.0405 0x2acc \Device\Harddisk0\DR0\Partition1 - ok06:30:22.0408 0x2acc [ 485FF70FFCF07181594FB446573B4C20 ] \Device\Harddisk0\DR0\Partition206:30:22.0446 0x2acc \Device\Harddisk0\DR0\Partition2 - ok06:30:22.0446 0x2acc ================ Scan generic autorun ======================06:30:22.0473 0x2acc [ 64951155A608D063CC57716EB6918279, 9384A1F5E087AFD16D6AA5DAC7695FD1C03AD8F9958D25BFB474FAF12418ED93 ] C:\Windows\system32\WpcUmi.exe06:30:22.0480 0x2acc WPCUMI - ok06:30:22.0579 0x2acc [ 569AC1376B12D4083FC66CC7A304F234, DD209F09573F10A77D710E30EF3D0461D2E8F4E5F18106B18EFB587C88393460 ] C:\Program Files\Microsoft Security Client\msseces.exe06:30:22.0609 0x2acc MSC - ok06:30:22.0612 0x2acc SysTrayApp - ok06:30:22.0673 0x2acc [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe06:30:22.0687 0x2acc mcui_exe - ok06:30:22.0772 0x2acc [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe06:30:22.0795 0x2acc Adobe ARM - ok06:30:22.0872 0x2acc [ DAC9B43BBFA0359E252DDB0CB91DEA6D, 2A109ABECF757567735C439663ED618B49EF7749ABEE6AEF8A100B2028C31A38 ] C:\Program Files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe06:30:22.0875 0x2acc DELL Webcam Manager - ok06:30:22.0930 0x2acc [ EE1111977B9995D5E8CBB72C0591EA0E, E96503B78041412EEBE639FFCFBEF81EF900EA5AA4D8D8744CF5711007CEDF56 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe06:30:22.0932 0x2acc APSDaemon - ok06:30:23.0007 0x2acc [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe06:30:23.0018 0x2acc QuickTime Task - ok06:30:23.0084 0x2acc [ 225518F190EDBC37CA32197A3E94B498, 9208BDEFCF6DC18291C74C147DC17061FC8C040E068D4D4020E8E2AE64CF99BB ] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe06:30:23.0092 0x2acc TkBellExe - ok06:30:23.0109 0x2acc [ 04679E0DC30077EC1164BE82F2A2ADC9, E0193F0AE484DED0DD7F81407F0D98AC071F34358B9EA554DE3ADFC3BA1CBD60 ] C:\Program Files\McAfee.com\Agent\mcagent.exe06:30:23.0118 0x2acc mcpltui_exe - ok06:30:23.0171 0x2acc [ 085BE68B52CE5A5FA4621507AD518CF3, A1761157760F68FE00F34B0182D1D8629EFE7753F4582C6F5ECD422627A8489E ] C:\Program Files (x86)\iTunes\iTunesHelper.exe06:30:23.0176 0x2acc iTunesHelper - ok06:30:23.0307 0x2acc [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe06:30:23.0334 0x2acc Sidebar - ok06:30:23.0397 0x2acc [ 3609A9830FB127EE1066EA7A744DC479, 78D4223937DC2E6FA28C32459F059A02D1BE0DCB7A49E3CF14FF350A9DC4AF0A ] C:\Program Files (x86)\Microsoft Money\System\Money Express.exe06:30:23.0401 0x2acc MoneyAgent - ok06:30:23.0466 0x2acc [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe06:30:23.0467 0x2acc swg - ok06:30:23.0585 0x2acc [ C13B42E5692C98A2660135E4BEB26A1A, 13E5B4BEAE604BDCD514A6A960D9FBC5927A8AD1BB1BD0EA0049BA1B7165D939 ] C:\Users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe06:30:23.0610 0x2acc SansaDispatch - ok06:30:23.0669 0x2acc [ 65437DAD4F238EA9549408A783002222, 756C846C2DD8209E9161C2DD701E46DF73E1C757F2B66CAE7A579ADF8EF7E000 ] C:\Windows\ehome\ehTray.exe06:30:23.0673 0x2acc ehTray.exe - ok06:30:23.0740 0x2acc [ 2204A26AC363ABD5CE37461A36637807, 61B3F07CB7376872999871521B5B0E585FFCC100FF6515BF187AD676D1C3B621 ] C:\ProgramData\sysiwp\sysiwp.exe06:30:23.0771 0x2acc sysiwp - ok06:30:23.0838 0x2acc [ 9C5A0F070196B601D629F5BA9AA921F8, BB77BAD24B44A3CB32CD1FACB758E347BE2F5C49C11E494797635D741867AF2B ] C:\Program Files\Windows Sidebar\sidebar.exe06:30:23.0865 0x2acc Sidebar - ok06:30:23.0895 0x2acc [ 9ACCBC5891BA51B5B29C1A88F80D4CE3, 4EA3D9CB239874232AE0D7F824AF8CC7AD9BB4657CB9978B41067B4447FBE71B ] C:\Program Files (x86)\QuickTime\QTTask.exe06:30:23.0902 0x2acc QuickTime Task - ok06:30:23.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:24.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:25.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:26.0904 0x2acc Waiting for KSN requests completion. In queue: 31306:30:28.0092 0x2acc AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled : outofdate )06:30:28.0093 0x2acc AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.5.216.0 ), 0x61000 ( enabled : updated )06:30:28.0095 0x2acc FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 12.8.0.0 ), 0x52010 ( disabled )06:30:28.0188 0x2acc Win FW state via NFP2: enabled06:30:30.0647 0x2acc ============================================================06:30:30.0647 0x2acc Scan finished06:30:30.0647 0x2acc ============================================================06:30:30.0656 0x1774 Detected object count: 006:30:30.0657 0x1774 Actual detected object count: 0
  6. Here is the first 1/2 of the report. (post was too long)No threats were found. 06:29:21.0559 0x2668 TDSS rootkit removing tool 3.0.0.39 Jun 5 2014 20:35:5406:29:40.0519 0x2668 ============================================================06:29:40.0519 0x2668 Current date / time: 2014/06/08 06:29:40.051906:29:40.0519 0x2668 SystemInfo:06:29:40.0519 0x2668 06:29:40.0519 0x2668 OS Version: 6.0.6002 ServicePack: 2.006:29:40.0519 0x2668 Product type: Workstation06:29:40.0520 0x2668 ComputerName: SHARON-PC06:29:40.0520 0x2668 UserName: Sharon06:29:40.0520 0x2668 Windows directory: C:\Windows06:29:40.0520 0x2668 System windows directory: C:\Windows06:29:40.0520 0x2668 Running under WOW6406:29:40.0520 0x2668 Processor architecture: Intel x6406:29:40.0520 0x2668 Number of processors: 406:29:40.0520 0x2668 Page size: 0x100006:29:40.0520 0x2668 Boot type: Normal boot06:29:40.0520 0x2668 ============================================================06:29:40.0822 0x2668 KLMD registered as C:\Windows\system32\drivers\20314002.sys06:29:41.0416 0x2668 System UUID: {0D6D4161-6539-CD1D-1ED9-C70EB82C9E8F}06:29:43.0826 0x2668 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004006:29:43.0834 0x2668 ============================================================06:29:43.0834 0x2668 \Device\Harddisk0\DR0:06:29:43.0834 0x2668 MBR partitions:06:29:43.0834 0x2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E0000006:29:43.0834 0x2668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x48A3800006:29:43.0834 0x2668 ============================================================06:29:43.0840 0x2668 C: <-> \Device\Harddisk0\DR0\Partition206:29:43.0870 0x2668 D: <-> \Device\Harddisk0\DR0\Partition106:29:43.0870 0x2668 ============================================================06:29:43.0870 0x2668 Initialize success06:29:43.0870 0x2668 ============================================================06:29:54.0180 0x2acc ============================================================06:29:54.0180 0x2acc Scan started06:29:54.0180 0x2acc Mode: Manual; 06:29:54.0181 0x2acc ============================================================06:29:54.0181 0x2acc KSN ping started06:30:02.0571 0x2acc KSN ping finished: true06:30:03.0500 0x2acc ================ Scan system memory ========================06:30:03.0500 0x2acc System memory - ok06:30:03.0500 0x2acc ================ Scan services =============================06:30:03.0686 0x2acc [ 1965AAFFAB07E3FB03C77F81BEBA3547, 351A1EBB1B95C8E03ED125C8F997DEE810B4DF36AD290E7685FC01963B522BFC ] ACPI C:\Windows\system32\drivers\acpi.sys06:30:03.0695 0x2acc ACPI - ok06:30:03.0821 0x2acc [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe06:30:03.0823 0x2acc AdobeARMservice - ok06:30:03.0978 0x2acc [ 09E7C37DF4A911C8A9AA8BF88ACD10AA, E881E0BBDCED58F28E0BA8DC27372EDFFFF2C57EE31CD13A032FDC9F7C831B5A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe06:30:03.0985 0x2acc AdobeFlashPlayerUpdateSvc - ok06:30:04.0136 0x2acc [ F14215E37CF124104575073F782111D2, 7F624F7F0FE9909C07AB2E4C74727686FDA9DF33778A9CBBE35027D6579E4F71 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys06:30:04.0149 0x2acc adp94xx - ok06:30:04.0178 0x2acc [ 7D05A75E3066861A6610F7EE04FF085C, 406F2CE539C306BA60C233FBCDB029153588F0499BBE91E66FC915E5C5D7D2A5 ] adpahci C:\Windows\system32\drivers\adpahci.sys06:30:04.0216 0x2acc adpahci - ok06:30:04.0238 0x2acc [ 820A201FE08A0C345B3BEDBC30E1A77C, 3170B308724CAA0AD50B74D045C837C48BD6A3A11ABA222670BEA82192A861BF ] adpu160m C:\Windows\system32\drivers\adpu160m.sys06:30:04.0242 0x2acc adpu160m - ok06:30:04.0263 0x2acc [ 9B4AB6854559DC168FBB4C24FC52E794, 83CD75DE0A16AE66586837565ECA8B98BA9309519139C4C2032474B8DDF5A1AD ] adpu320 C:\Windows\system32\drivers\adpu320.sys06:30:04.0268 0x2acc adpu320 - ok06:30:04.0319 0x2acc [ 0F421175574BFE0BF2F4D8E910A253BB, CEABE3A4F546EB6ACA079931AB532DC88FF757DEEF6F434991802220328A9CD6 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll06:30:04.0321 0x2acc AeLookupSvc - ok06:30:04.0359 0x2acc [ 2BA159E1F9FD75F6A496742B20F1D9CF, 50094F6E8415ACDBC0DA9C24EDAB3F9B192D2F0D6A820C18E8DBC6D72849D612 ] AFD C:\Windows\system32\drivers\afd.sys06:30:04.0371 0x2acc AFD - ok06:30:04.0410 0x2acc [ F6F6793B7F17B550ECFDBD3B229173F7, 7EB12A9372B7966440E39F1B567A43C21231D67DDFAA9C1DECC7E68627F82346 ] agp440 C:\Windows\system32\drivers\agp440.sys06:30:04.0412 0x2acc agp440 - ok06:30:04.0472 0x2acc [ 222CB641B4B8A1D1126F8033F9FD6A00, 8C7FD4BF87DC00893B99E64344C0E6A3F321DAD9BE60A99763629260E7C6312C ] aic78xx C:\Windows\system32\drivers\djsvs.sys06:30:04.0475 0x2acc aic78xx - ok06:30:04.0492 0x2acc [ 5922F4F59B7868F3D74BBBBEB7B825A3, 71504BC8B596F540BF059059670BC0C138D8759C1DD9F99F1EC368FD5C53F573 ] ALG C:\Windows\System32\alg.exe06:30:04.0496 0x2acc ALG - ok06:30:04.0511 0x2acc [ 9544C2C55541C0C6BFD7B489D0E7D430, E242A7632BB51C965A7D2E2B0112C75018C0BB4B9A574920E44756E3AC1D8E77 ] aliide C:\Windows\system32\drivers\aliide.sys06:30:04.0512 0x2acc aliide - ok06:30:04.0568 0x2acc [ 5EBA5E837D6635AEA999BAE47E186C6F, F185EAB171B8298ABCAE61B8265F57580AE8A2F424D5BD51E56C6AB482D26FCE ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe06:30:04.0574 0x2acc AMD External Events Utility - ok06:30:04.0593 0x2acc [ 970FA5059E61E30D25307B99903E991E, CFB241803A63EA3469B2596462A42DDCA813B3ACF96E56BB34F5979BB34DDC32 ] amdide C:\Windows\system32\drivers\amdide.sys06:30:04.0595 0x2acc amdide - ok06:30:04.0608 0x2acc [ CDC3632A3A5EA4DBB83E46076A3165A1, 40BE3451A3F29CD3352360FF72165C54237E44D01006390805D493B0D06F51DB ] AmdK8 C:\Windows\system32\drivers\amdk8.sys06:30:04.0611 0x2acc AmdK8 - ok06:30:04.0914 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys06:30:05.0136 0x2acc amdkmdag - ok06:30:05.0186 0x2acc [ 7FE67D107329DC2CF89136A8E19BCEB7, B8048BF857E52CB5CACC1503F6246F12302DC43FA7B814EE169D2EAD3294C8D1 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys06:30:05.0202 0x2acc amdkmdap - ok06:30:05.0336 0x2acc [ F518545E5B7623AD49ABE7F8776EFA46, CD39B6EC0D80C6DB857F34D4AC5C31085271B51B8851A56FEFC052B20B7CC40C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe06:30:05.0338 0x2acc Apple Mobile Device - ok06:30:05.0382 0x2acc [ BA8417D4765F3988FF921F30F630E303, 876A8F34E578020DD9EDD64F7F77A0A3B4592EC568830B500D7EA844D3159C72 ] arc C:\Windows\system32\drivers\arc.sys06:30:05.0385 0x2acc arc - ok06:30:05.0425 0x2acc [ 9D41C435619733B34CC16A511E644B11, DEFFBBB5ECE33B7DF949DF979188AF3B6674E7580FC069397AB756EA84E24822 ] arcsas C:\Windows\system32\drivers\arcsas.sys06:30:05.0436 0x2acc arcsas - ok06:30:05.0482 0x2acc [ 22D13FF3DAFEC2A80634752B1EAA2DE6, 503F7E5F1B14D3F7AEAB0982E812B19DABE38FD4104D93922F50F0B2D19BECFB ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys06:30:05.0483 0x2acc AsyncMac - ok06:30:05.0534 0x2acc [ F988BB0690CD660318037908E9B8DBF7, E536F371AB31B69FB0AA619C0C04B031A17C89064E90D3C57ED45E280A117C65 ] atapi C:\Windows\system32\drivers\atapi.sys06:30:05.0536 0x2acc atapi - ok06:30:05.0834 0x2acc [ DCC8177244FE79C61C4E73C65E63922A, 1AF6FB52FD7499F1E1C0530C9A75BDC62A2D2EEBC138496DA28E941454708E1E ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys06:30:06.0002 0x2acc atikmdag - ok06:30:06.0086 0x2acc [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll06:30:06.0098 0x2acc AudioEndpointBuilder - ok06:30:06.0112 0x2acc [ 79318C744693EC983D20E9337A2F8196, 94226786EF8A101C2E805C6BA3C1CF46628BAF1AFCECBC1FAB7A7E7E5E642608 ] AudioSrv C:\Windows\System32\Audiosrv.dll06:30:06.0121 0x2acc AudioSrv - ok06:30:06.0143 0x2acc Beep - ok06:30:06.0173 0x2acc [ FFB96C2589FFA60473EAD78B39FBDE29, 6A2792753E2CB580672B3107C0DBB9D26B6DAA14B37D5EC314BD0E304197E03E ] BFE C:\Windows\System32\bfe.dll06:30:06.0186 0x2acc BFE - ok06:30:06.0281 0x2acc [ 6D316F4859634071CC25C4FD4589AD2C, 73F69AC9E505F3B11A3CCFF8571930229A9058E672CD008A4BF26C0189564EAE ] BITS C:\Windows\system32\qmgr.dll06:30:06.0354 0x2acc BITS - ok06:30:06.0385 0x2acc [ 79FEEB40056683F8F61398D81DDA65D2, 5EA3016194F71A2A2177C2B5129E82738EC621ACAD269809F4C131B72CFEB6C6 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys06:30:06.0387 0x2acc blbdrive - ok06:30:06.0491 0x2acc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe06:30:06.0513 0x2acc Bonjour Service - ok06:30:06.0540 0x2acc [ 2348447A80920B2493A9B582A23E81E1, 50F9242B7104607E633ABAF4E0A213C1C1226BF81F7FB4E216A9E878247B868C ] bowser C:\Windows\system32\DRIVERS\bowser.sys06:30:06.0543 0x2acc bowser - ok06:30:06.0583 0x2acc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys06:30:06.0585 0x2acc BrFiltLo - ok06:30:06.0597 0x2acc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys06:30:06.0598 0x2acc BrFiltUp - ok06:30:06.0627 0x2acc [ A1B39DE453433B115B4EA69EE0343816, 61441E7E9D5259A5987DBD3FC8D4E3221A57F42C7CC0F94DB48E80EEF96CA5D4 ] Browser C:\Windows\System32\browser.dll06:30:06.0631 0x2acc Browser - ok06:30:06.0649 0x2acc [ F0F0BA4D815BE446AA6A4583CA3BCA9B, E0A5DB5A0C7D6AF93ED45F34D2597F77982DFF41E4FDAC827FE5D80323ADED60 ] Brserid C:\Windows\system32\drivers\brserid.sys06:30:06.0652 0x2acc Brserid - ok06:30:06.0673 0x2acc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys06:30:06.0675 0x2acc BrSerWdm - ok06:30:06.0690 0x2acc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys06:30:06.0692 0x2acc BrUsbMdm - ok06:30:06.0704 0x2acc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys06:30:06.0706 0x2acc BrUsbSer - ok06:30:06.0718 0x2acc [ E0777B34E05F8A82A21856EFC900C29F, A7ACE3C65D1773C50ACD98A13B3ADBDD2A6052D7F5D124CB6EE6E7C22151A424 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys06:30:06.0721 0x2acc BTHMODEM - ok06:30:06.0747 0x2acc catchme - ok06:30:06.0755 0x2acc [ B4D787DB8D30793A4D4DF9FEED18F136, 2A956F7DCFE61E556F30BDA6D45592A05533541D6ED321C251C1C05F6CEA6DDC ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys06:30:06.0759 0x2acc cdfs - ok06:30:06.0775 0x2acc [ C025AA69BE3D0D25C7A2E746EF6F94FC, F4754B23CC256ADF92FDD42A9BA80F1ACB74834A58FCBEA2C52650FAFC7F9483 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys06:30:06.0777 0x2acc cdrom - ok06:30:06.0804 0x2acc [ 5A268127633C7EE2A7FB87F39D748D56, 45C530A0EE0108543A75B9427F77EBB5E8350AE16C235763B6F32E72CE15C449 ] CertPropSvc C:\Windows\System32\certprop.dll06:30:06.0806 0x2acc CertPropSvc - ok06:30:06.0876 0x2acc [ 0C48BDA498B0109F21729A556F1B21FF, 81392C6D585D5BA048E4D9616CAE316B334687456394BEF847FBD04D3F5E3F88 ] cfwids C:\Windows\system32\drivers\cfwids.sys06:30:06.0879 0x2acc cfwids - ok06:30:06.0907 0x2acc [ 02EA568D498BBDD4BA55BF3FCE34D456, 5A418B156CBB48D14E0F6B6AE6E03B8CD97AABE838F260757014479566C63F17 ] circlass C:\Windows\system32\drivers\circlass.sys06:30:06.0909 0x2acc circlass - ok06:30:06.0943 0x2acc [ 3DCA9A18B204939CFB24BEA53E31EB48, 73CEDE020A6C8269EE8847A4E43071FD231179DA9430DE2983263B8345AD92B7 ] CLFS C:\Windows\system32\CLFS.sys06:30:06.0966 0x2acc CLFS - ok06:30:07.0053 0x2acc [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe06:30:07.0056 0x2acc clr_optimization_v2.0.50727_32 - ok06:30:07.0128 0x2acc [ CE07A466201096F021CD09D631B21540, 1A11DDAB7000569A89F3FA26BDEE4D527FA6D57D3F91CDABAA9C02CACDDE5F6D ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe06:30:07.0131 0x2acc clr_optimization_v2.0.50727_64 - ok06:30:07.0149 0x2acc [ E5D5499A1C50A54B5161296B6AFE6192, 20A8A0478918063A9EE81565F21F4ACCAA7B6A8B2E9E084099879D85574BAB3E ] cmdide C:\Windows\system32\drivers\cmdide.sys06:30:07.0151 0x2acc cmdide - ok06:30:07.0156 0x2acc [ 7FB8AD01DB0EABE60C8A861531A8F431, E19353C686B07A0DBBA92CFCC88AB9B6BEBAF389416B78F4470BA673E7CD73C3 ] Compbatt C:\Windows\system32\drivers\compbatt.sys06:30:07.0158 0x2acc Compbatt - ok06:30:07.0163 0x2acc COMSysApp - ok06:30:07.0233 0x2acc [ 7150E3708FB489E7941F7A6A7A0DB282, 2D521FCF3CC75C86FF74B885490000A94468FC68113785B700FF62C912511843 ] CouponPrinterService C:\Program Files (x86)\Coupons\CouponPrinterService.exe06:30:07.0242 0x2acc CouponPrinterService - ok06:30:07.0254 0x2acc [ A8585B6412253803CE8EFCBD6D6DC15C, C3906B080D3BB06CB976FD98C62CBA97DAE74970A5559D51EF5111D773949322 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys06:30:07.0256 0x2acc crcdisk - ok06:30:07.0314 0x2acc [ 5AAC48EAF8EACF247DB44FB61B900D89, D20FCD5C71CA18F284D3DFD0CED37F6888A296E76B7B0563F2F4668CF90FE752 ] CryptSvc C:\Windows\system32\cryptsvc.dll06:30:07.0319 0x2acc CryptSvc - ok06:30:07.0370 0x2acc [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF, 3BE4B8EE22FA55D3A17D3718781C8BCA631C78F7928092561F6B79BB60E7D7FE ] DcomLaunch C:\Windows\system32\rpcss.dll06:30:07.0385 0x2acc DcomLaunch - ok06:30:07.0431 0x2acc [ 8B722BA35205C71E7951CDC4CDBADE19, 39720A60DFD0532F7E1A1976240E9828559BF9E0C6D1CFBF4D911965BFD94158 ] DfsC C:\Windows\system32\Drivers\dfsc.sys06:30:07.0435 0x2acc DfsC - ok06:30:07.0604 0x2acc [ C647F468F7DE343DF8C143655C5557D4, E2D35FE49C408B952D8FE0C7EF70D42798229D30B89CEF9858BAC9F4F9E98EF2 ] DFSR C:\Windows\system32\DFSR.exe06:30:07.0689 0x2acc DFSR - ok06:30:07.0741 0x2acc [ 3ED0321127CE70ACDAABBF77E157C2A7, 10973BD0AEF9597A4EA0A4947BDE922F9168F33D6ED97BFFEE6176AADAD78980 ] Dhcp C:\Windows\System32\dhcpcsvc.dll06:30:07.0746 0x2acc Dhcp - ok06:30:07.0754 0x2acc [ B0107E40ECDB5FA692EBF832F295D905, 76466BB9E4F12436ECCCB9D89EB20762B4785F82F02591B51A735A590E248264 ] disk C:\Windows\system32\drivers\disk.sys06:30:07.0756 0x2acc disk - ok06:30:07.0808 0x2acc [ 06230F1B721494A6DF8D47FD395BB1B0, F6CA8270740E01D9CE2FE8E34BC067C7EDC15BA610F461860E1D17D135C8A379 ] Dnscache C:\Windows\System32\dnsrslvr.dll06:30:07.0812 0x2acc Dnscache - ok06:30:07.0893 0x2acc [ DB29915209770D8B59654345EC2D943A, 3D55C5F86E8FC46A82ECA4CBE30DE1C53AB9F6CD79D1597571667774DD86ABD2 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe06:30:07.0898 0x2acc DockLoginService - ok06:30:07.0923 0x2acc [ 1A7156DD1E850E9914E5E991E3225B94, 99FF0C7125B01FCB0B92DC44756AE8FAA486F2E7F38DC6204F7EFE5918F8480A ] dot3svc C:\Windows\System32\dot3svc.dll06:30:07.0930 0x2acc dot3svc - ok06:30:07.0943 0x2acc [ 1583B39790DB3EAEC7EDB0CB0140C708, F94F9AE7054A38602CD25D4E10FE7C7B574BD9ED8440C3FDAA7275A1D1E663E7 ] DPS C:\Windows\system32\dps.dll06:30:07.0947 0x2acc DPS - ok06:30:07.0991 0x2acc [ F1A78A98CFC2EE02144C6BEC945447E6, D2E2AA13BE6319F967002476A5D3CF09B1B44350576DD8E1C1C531854F53B488 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys06:30:07.0992 0x2acc drmkaud - ok06:30:08.0051 0x2acc [ 0A3C78677FF62E9E0AE7CC25C790A968, 6A2D81BC3715FD4960D2C853870C056C5BFE581B25C4592CBF65EAC044DFEAB3 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys06:30:08.0074 0x2acc DXGKrnl - ok06:30:08.0108 0x2acc [ 090C52161E62D06CC7DF831F4BFF7644, 6ACB77D0E90F24D71022BFD1056F20590E90F768A3495B18328A87AD5495AE3D ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys06:30:08.0117 0x2acc e1express - ok06:30:08.0149 0x2acc [ 264CEE7B031A9D6C827F3D0CB031F2FE, 50CAD28A73D29E7E04A45330146CF713BA17101215955009121E36D43CD5C536 ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys06:30:08.0154 0x2acc E1G60 - ok06:30:08.0214 0x2acc [ C2303883FD9BE49DC36A6400643002EA, F062D1D6D503CF5195BDE8C1DC75B541F559CB8175ADABCDB7690E9F1CA3EA4E ] EapHost C:\Windows\System32\eapsvc.dll06:30:08.0217 0x2acc EapHost - ok06:30:08.0255 0x2acc [ 5F94962BE5A62DB6E447FF6470C4F48A, D00F9B3315DE8610BBE93FFD3CA3E2CF5B10697C518FC25FA4274CC6894D022B ] Ecache C:\Windows\system32\drivers\ecache.sys06:30:08.0260 0x2acc Ecache - ok06:30:08.0326 0x2acc [ 14CE384D2E27B64C256BDA4DC39C312D, D5FA9C2BB162F1C22E419D33671B8202AAC245A87F6B183B97F83F5BFA165B41 ] ehRecvr C:\Windows\ehome\ehRecvr.exe06:30:08.0350 0x2acc ehRecvr - ok06:30:08.0371 0x2acc [ B93159C1313D66FDFBBE876F5189CD52, 51E39160EA56F6B08449267EDF2A0F604612663768D2348DE23554AB07BDBB62 ] ehSched C:\Windows\ehome\ehsched.exe06:30:08.0375 0x2acc ehSched - ok06:30:08.0406 0x2acc [ F5EE2527D74449868E3C3227A59BCD28, 11640E97EE9D8F9A5DC3FEA6BA7A737AA796A7235C7F5C7EF1ABFB51C9D730D3 ] ehstart C:\Windows\ehome\ehstart.dll06:30:08.0408 0x2acc ehstart - ok06:30:08.0423 0x2acc [ C4636D6E10469404AB5308D9FD45ED07, 367D958D19F672395462206F27C1E138386C2F37B0FA77546F4217CF16D05C84 ] elxstor C:\Windows\system32\drivers\elxstor.sys06:30:08.0441 0x2acc elxstor - ok06:30:08.0471 0x2acc [ A9B18B63A4FD6BAAB83326706D857FAB, 7721CC67C0F8CE3060D0EB35A10E4ADC1E3CB470C0797B17D606060C270F96D7 ] EMDMgmt C:\Windows\system32\emdmgmt.dll06:30:08.0482 0x2acc EMDMgmt - ok06:30:08.0512 0x2acc [ BC3A58E938BB277E46BF4B3003B01ABD, 2BB054E632A96951DAB25B3BE8541AEC1B97A7739FC8D0E34BE8B9295600C8FC ] ErrDev C:\Windows\system32\drivers\errdev.sys06:30:08.0514 0x2acc ErrDev - ok06:30:08.0586 0x2acc [ E12F22B73F153DECE721CD45EC05B4AF, 41887EEF4BB024329B4079AD50FC5FB705F0EB8BAF6C93A8242DC2A73D3AFD86 ] EventSystem C:\Windows\system32\es.dll06:30:08.0596 0x2acc EventSystem - ok06:30:08.0606 0x2acc [ 486844F47B6636044A42454614ED4523, 3E24E78584B199C0FAA59613EEB7DF67B3B878B277A0130C7A3FF608C130BA2F ] exfat C:\Windows\system32\drivers\exfat.sys06:30:08.0610 0x2acc exfat - ok06:30:08.0627 0x2acc [ 1A4BEE34277784619DDAF0422C0C6E23, 3223E1B5DD4866D8E09F1B465FF82C911DDEE5B01B084543086E47B11D2AEA77 ] fastfat C:\Windows\system32\drivers\fastfat.sys06:30:08.0631 0x2acc fastfat - ok06:30:08.0650 0x2acc [ 81B79B6DF71FA1D2C6D688D830616E39, 62F8BC0DB918A49B10A5BE1724A2E2F17FA7D8208D5D86822FACB2DCD97B3591 ] fdc C:\Windows\system32\DRIVERS\fdc.sys06:30:08.0651 0x2acc fdc - ok06:30:08.0662 0x2acc [ BB9267ACACD8B7533DD936C34A0CBA5E, 32DE6E10ABA540D62F0D8AE30DE8769D7BF29E547838BEBE67C04183CC0B32C7 ] fdPHost C:\Windows\system32\fdPHost.dll06:30:08.0664 0x2acc fdPHost - ok06:30:08.0679 0x2acc [ 300C80931EABBE1DB7591C516EFE8D0F, F031DA96B06B6FA8E0AD56D5E10E5A5882765C3FF258A4DE06A47EC34829FF04 ] FDResPub C:\Windows\system32\fdrespub.dll06:30:08.0682 0x2acc FDResPub - ok06:30:08.0696 0x2acc [ 457B7D1D533E4BD62A99AED9C7BB4C59, 3933907DE163F8D3A81ED25169B693D723296C437C7C990BFE9DEFD60F7635FD ] FileInfo C:\Windows\system32\drivers\fileinfo.sys06:30:08.0698 0x2acc FileInfo - ok06:30:08.0713 0x2acc [ D421327FD6EFCCAF884A54C58E1B0D7F, C2F3B72EA36BA8B74A30E128C088307CA768FDBE232BFA216CD78B0F9B7AF18A ] Filetrace C:\Windows\system32\drivers\filetrace.sys06:30:08.0715 0x2acc Filetrace - ok06:30:08.0728 0x2acc [ 230923EA2B80F79B0F88D90F87B87EBD, 1F3287970FEC73011F3B675C447BF0CA35416490D4740C6960595B091181059C ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys06:30:08.0730 0x2acc flpydisk - ok06:30:08.0760 0x2acc [ E3041BC26D6930D61F42AEDB79C91720, 3556C033BB78445EC8B2F98A82455914764AFC70CBFF634DDBD3539885A1E457 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys06:30:08.0768 0x2acc FltMgr - ok06:30:08.0838 0x2acc [ BC5B0BE5AF3510B0FD8C140EE42C6D3E, B21CA5F14BDB6CFD97A24C28BB2AD0D704C46058F13B01FF4203514FE8B92591 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe06:30:08.0840 0x2acc FontCache3.0.0.0 - ok06:30:08.0853 0x2acc [ 5779B86CD8B32519FBECB136394D946A, 68A395CD2287D22CB5C8CFE5A3006A61AC0C3FDAADF166C93240FF83C0315DCF ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys06:30:08.0854 0x2acc Fs_Rec - ok06:30:08.0861 0x2acc [ C8E416668D3DC2BE3D4FE4C79224997F, 7DBC8E7687179A649638F606C9584F2E8EC2065762997CDF151F9BB99FA8D535 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys06:30:08.0863 0x2acc gagp30kx - ok06:30:08.0879 0x2acc [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys06:30:08.0881 0x2acc GEARAspiWDM - ok06:30:08.0929 0x2acc [ A0E1B575BA8F504968CD40C0FAEB2384, F64A24A5A93F4E757882E97C65DA612F07A87F4DDD2E10C1AB0250AFA03BCEF1 ] gpsvc C:\Windows\System32\gpsvc.dll06:30:08.0949 0x2acc gpsvc - ok06:30:09.0027 0x2acc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe06:30:09.0032 0x2acc gupdate - ok06:30:09.0055 0x2acc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe06:30:09.0058 0x2acc gupdatem - ok06:30:09.0135 0x2acc [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe06:30:09.0141 0x2acc gusvc - ok06:30:09.0167 0x2acc [ 68E732382B32417FF61FD663259B4B09, 10C5365AEAC46DF4F5F6A8F96D15141B4709851D4752613233E57EB20CE16446 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys06:30:09.0175 0x2acc HdAudAddService - ok06:30:09.0221 0x2acc [ F942C5820205F2FB453243EDFEC82A3D, 17A6A3DCF884FB524C93F2477D97E9F2B8E547709F8F2AEA93BEEA322B62E914 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys06:30:09.0266 0x2acc HDAudBus - ok06:30:09.0289 0x2acc [ B4881C84A180E75B8C25DC1D726C375F, C0BEDBF43EFB0DD442A1D7985EA4A7493671648954B7D1840E30FB2FC46589A4 ] HidBth C:\Windows\system32\drivers\hidbth.sys06:30:09.0290 0x2acc HidBth - ok06:30:09.0309 0x2acc [ 4E77A77E2C986E8F88F996BB3E1AD829, 1748676EB038A145405080B829DF4156C2596691BE5C67FD8269BE8D9351B400 ] HidIr C:\Windows\system32\drivers\hidir.sys06:30:09.0310 0x2acc HidIr - ok06:30:09.0321 0x2acc [ 59361D38A297755D46A540E450202B2A, ED97800A3FF9B90EC58BC5122C42B53F46D9C157EFE488481E8677ED7058E33D ] hidserv C:\Windows\System32\hidserv.dll06:30:09.0324 0x2acc hidserv - ok06:30:09.0347 0x2acc [ 443BDD2D30BB4F00795C797E2CF99EDF, BCE1A241AE5CCE3E1C65CCF07ECB4305C7106F2EFFD51F2C519EB00026B474C4 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys06:30:09.0348 0x2acc HidUsb - ok06:30:09.0377 0x2acc [ 29F981739E50305128022CBE10B3659C, 25060937145B0DCA8CD088E78993BFEF1430CDDFF433E606AFC93993CBBF4B3E ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys06:30:09.0383 0x2acc HipShieldK - ok06:30:09.0420 0x2acc [ B12F367EA39C0795FD57E31242CE1A5A, 498439FE4D1217211EB6C1AC35CDA5D59F3AE8F06AF5E41EE9FDB0DC559FBE27 ] hkmsvc C:\Windows\system32\kmsvc.dll06:30:09.0424 0x2acc hkmsvc - ok06:30:09.0542 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] HomeNetSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:09.0551 0x2acc HomeNetSvc - ok06:30:09.0591 0x2acc [ D7109A1E6BD2DFDBCBA72A6BC626A13B, 6141B6645F4152A326ECA8AD0DD04CB38C9EDA395BDF6FF260AB17CB86FC4C87 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys06:30:09.0593 0x2acc HpCISSs - ok06:30:09.0604 0x2acc [ DBD2BB97A574FC565B1EB5C0A03F917A, 3946F8F95C3A7371E168BC82F068E7F830A07FD545A16F47336902E174E0370A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys06:30:09.0606 0x2acc HPFXBULK - ok06:30:09.0661 0x2acc [ 098F1E4E5C9CB5B0063A959063631610, 36B02A738413E4745978E3E90D9CE8ABC08376BEE411008A4312A752CB4A2E13 ] HTTP C:\Windows\system32\drivers\HTTP.sys06:30:09.0677 0x2acc HTTP - ok06:30:09.0713 0x2acc [ DA94C854CEA5FAC549D4E1F6E88349E8, 10BEB47DB90F55BD1792C2041E49ED13E4E52BCC11BE6599F6DA8D91B79CC8D1 ] i2omp C:\Windows\system32\drivers\i2omp.sys06:30:09.0715 0x2acc i2omp - ok06:30:09.0756 0x2acc [ CBB597659A2713CE0C9CC20C88C7591F, A2BAC75F7247D871842A32EAA7594D338E728D1BFEAEA3C1FCDBF65F007BC06A ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys06:30:09.0758 0x2acc i8042prt - ok06:30:09.0857 0x2acc [ CB686F44BF955EA02520710A56874FA4, D898E897171B07136FCB94726AB16738C923A170B166EB5D758E404C8A6EFD0F ] IAANTMON C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe06:30:09.0866 0x2acc IAANTMON - ok06:30:09.0888 0x2acc [ 8D58627FEF3F8767665D9F4DC91CBD97, 1E0C1701220A73633C53766F3BD469468135D4B97827F1659A719FCCCA34E26E ] iaStor C:\Windows\system32\drivers\iastor.sys06:30:09.0896 0x2acc iaStor - ok06:30:09.0908 0x2acc [ 3E3BF3627D886736D0B4E90054F929F6, 95A138B65DC9133E92F53A529C7AD897D8823EFAED343756549FDF6C8C749CD0 ] iaStorV C:\Windows\system32\drivers\iastorv.sys06:30:09.0916 0x2acc iaStorV - ok06:30:09.0993 0x2acc [ 749F5F8CEDCA70F2A512945325FC489D, 443B4F779F27CD69C1F072823FCD9E5BA7590B6F48BE759DC6A1F898C467E58F ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe06:30:10.0040 0x2acc idsvc - ok06:30:10.0062 0x2acc [ 8C3951AD2FE886EF76C7B5027C3125D3, 85CF7231756E02BD9E5F4378F3FC794394A072B8028F27827F83ACE9EE554499 ] iirsp C:\Windows\system32\drivers\iirsp.sys06:30:10.0064 0x2acc iirsp - ok06:30:10.0107 0x2acc [ 0401A380C88754B2399F8043AC9B2BF9, BFF3B53FAFAE6622AA9F74BAA4A3D522C06E2D732B88916766603B9FE8D0D77F ] IKEEXT C:\Windows\System32\ikeext.dll06:30:10.0119 0x2acc IKEEXT - ok06:30:10.0153 0x2acc [ DF797A12176F11B2D301C5B234BB200E, 384343636B21CA7EDF28EFD1B6728EAB1508CA49CE48FF3DC0D91DB843C0C73E ] intelide C:\Windows\system32\drivers\intelide.sys06:30:10.0154 0x2acc intelide - ok06:30:10.0170 0x2acc [ BFD84AF32FA1BAD6231C4585CB469630, 33E0842F2D0879B02C115301174FCB19ED3AAF7B1B8E6284839CE16DE56476EA ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys06:30:10.0172 0x2acc intelppm - ok06:30:10.0231 0x2acc [ D8AABC341311E4780D6FCE8C73C0AD81, 141E8032A934777567E6DAC35FB1C77C40D9B6EE477F17F872F35833A8F57F72 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys06:30:10.0233 0x2acc IpFilterDriver - ok06:30:10.0261 0x2acc [ BF0DBFA9792C5C14FA00F61C75116C1B, 24C14DCAF57013F1C238E3C123279737420A714EB29CB69239C9838C9A269A59 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll06:30:10.0268 0x2acc iphlpsvc - ok06:30:10.0275 0x2acc [ 9C2EE2E6E5A7203BFAE15C299475EC67, E51628ECAB9CCCBCE02801C5E71406487A280765FEE318D14B0C227141B87658 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys06:30:10.0278 0x2acc IPMIDRV - ok06:30:10.0286 0x2acc [ B7E6212F581EA5F6AB0C3A6CEEEB89BE, C29D7F392116BB09F7047A90702331F200DACFB3C94E7F912932971E0B7F0413 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys06:30:10.0290 0x2acc IPNAT - ok06:30:10.0367 0x2acc [ F7ED08D4BC89D7AC6135C1556A89157F, 8F15F1E528F6513FCEF5D966880CBA8A2C7A4816393393F4B201CDD6227F36A3 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe06:30:10.0383 0x2acc iPod Service - ok06:30:10.0398 0x2acc [ 8C42CA155343A2F11D29FECA67FAA88D, 699F06D25C5F270CE1194F4D350CB0BE22C6AB609EECF35D066C034AC380BEE3 ] IRENUM C:\Windows\system32\drivers\irenum.sys06:30:10.0408 0x2acc IRENUM - ok06:30:10.0470 0x2acc [ 0672BFCEDC6FC468A2B0500D81437F4F, A0322B569C309F258684AFECCD52924A33F363186261730469245B7FA357C645 ] isapnp C:\Windows\system32\drivers\isapnp.sys06:30:10.0472 0x2acc isapnp - ok06:30:10.0528 0x2acc [ E4FDF99599F27EC25D2CF6D754243520, 9139E708EE30F10652C9A458BD58B0343A3C05E84CD3E71FA0B0E4123503CF7B ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys06:30:10.0535 0x2acc iScsiPrt - ok06:30:10.0555 0x2acc [ 63C766CDC609FF8206CB447A65ABBA4A, D9CA006FA852C95E90E8A0837E296FCBFD76246DA8AFDE563863D5F95BDFEC52 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys06:30:10.0557 0x2acc iteatapi - ok06:30:10.0572 0x2acc [ 1281FE73B17664631D12F643CBEA3F59, B27571A0348CDF81DC102A61712CBA9A4AF7AC0015A7702B0DE73AD4E4646853 ] iteraid C:\Windows\system32\drivers\iteraid.sys06:30:10.0574 0x2acc iteraid - ok06:30:10.0585 0x2acc [ 423696F3BA6472DD17699209B933BC26, 00C2EAA1A8E9D422D178B7678598743234930C1858D76C632F079EF789BB56C3 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys06:30:10.0587 0x2acc kbdclass - ok06:30:10.0593 0x2acc [ DBDF75D51464FBC47D0104EC3D572C05, E392EE961E734620245874C7700D56621A1A990C45DF5CE0B7D270BA708F255E ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys06:30:10.0594 0x2acc kbdhid - ok06:30:10.0623 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] KeyIso C:\Windows\system32\lsass.exe06:30:10.0625 0x2acc KeyIso - ok06:30:10.0663 0x2acc [ 88956AD9FA510848AD176777A6C6C1F5, 8F2FBF7E70F836C2C11EE5ABCAFE3E51DC26E953DDFBEE3C1B4AA8E58EBDCF5E ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys06:30:10.0677 0x2acc KSecDD - ok06:30:10.0699 0x2acc [ 1D419CF43DB29396ECD7113D129D94EB, 21ECCE9D17F055C7B5066110864E10C99291CE50B389C545371333904CE2DBB5 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys06:30:10.0701 0x2acc ksthunk - ok06:30:10.0766 0x2acc [ 1FAF6926F3416D3DA05C5B265491BDAE, 3989E18522691CC3820092033E00ED39D08861DFB369AA0DFFF4B379E48EA1F0 ] KtmRm C:\Windows\system32\msdtckrm.dll06:30:10.0777 0x2acc KtmRm - ok06:30:10.0832 0x2acc [ 50C7A3CB427E9BB5ED0708A669956AB5, 3DAD1C01AE58FE2C6134283B19118E2F3C884DDFFBAE4A46B7B5E4FB1A2567A1 ] LanmanServer C:\Windows\System32\srvsvc.dll06:30:10.0838 0x2acc LanmanServer - ok06:30:10.0887 0x2acc [ CAF86FC1388BE1E470F1A7B43E348ADB, 9E9AE0B617D1031E8462524802A2D997AE7C944A7D00D403FF903145A7FEB761 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll06:30:10.0894 0x2acc LanmanWorkstation - ok06:30:10.0920 0x2acc [ 96ECE2659B6654C10A0C310AE3A6D02C, 3322E87B9F64C3ACBCB634F2390AAB212FA7695383BF01F0092A803871BF19B2 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys06:30:10.0922 0x2acc lltdio - ok06:30:10.0950 0x2acc [ 961CCBD0B1CCB5675D64976FAE37D092, 258378BE76A13E4368C9587E6A22727721E4B267B0D26D3D3E333B3B2A5A0611 ] lltdsvc C:\Windows\System32\lltdsvc.dll06:30:10.0959 0x2acc lltdsvc - ok06:30:10.0981 0x2acc [ A47F8080CACC23C91FE823AD19AA5612, 161575406D158D6D5C9220F1E82C0CC19108C74ADC35C509BAF9B0C414EFD8EE ] lmhosts C:\Windows\System32\lmhsvc.dll06:30:10.0983 0x2acc lmhosts - ok06:30:11.0006 0x2acc [ ACBE1AF32D3123E330A07BFBC5EC4A9B, 0E17E4DD30B5AF8F269EF8EA003836C9E16273262A050B9BE3ED802DD3AC9319 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys06:30:11.0010 0x2acc LSI_FC - ok06:30:11.0018 0x2acc [ 799FFB2FC4729FA46D2157C0065B3525, AB462A34D061C113DA12641C45159A58D0AEA1C440233D061A20DF99586CFA93 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys06:30:11.0021 0x2acc LSI_SAS - ok06:30:11.0029 0x2acc [ F445FF1DAAD8A226366BFAF42551226B, 92B63E15363F1EAE8A54D4E74ED21669D0A9FE99C654671556C58456228278B1 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys06:30:11.0033 0x2acc LSI_SCSI - ok06:30:11.0040 0x2acc [ 52F87B9CC8932C2A7375C3B2A9BE5E3E, 2EB22DD418D4934BDD22C5DB49D5D06178EC0419AB5CC28DD544CA91823987B0 ] luafv C:\Windows\system32\drivers\luafv.sys06:30:11.0044 0x2acc luafv - ok06:30:11.0228 0x2acc [ 2D46DC95709F2967D401326CA67D4111, E3D0ABD776AC769799033C23B00BCAEDB53339BB1B262224F39F93C6895DDAAF ] M4-Service C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe06:30:11.0270 0x2acc M4-Service - ok06:30:11.0296 0x2acc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys06:30:11.0298 0x2acc MBAMProtector - ok06:30:11.0386 0x2acc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe06:30:11.0430 0x2acc MBAMScheduler - ok06:30:11.0470 0x2acc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe06:30:11.0492 0x2acc MBAMService - ok06:30:11.0558 0x2acc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys06:30:11.0561 0x2acc MBAMSwissArmy - ok06:30:11.0603 0x2acc [ 3C88AB26DEDCD50396240CA37D5085AF, 2513CBD3CA303CB9B424659F2F5E89B22CA4E724DCEB31B4A0DA1A5B731A9A39 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys06:30:11.0605 0x2acc MBAMWebAccessControl - ok06:30:11.0701 0x2acc [ F928E5E72BBA15DD0CE9A26E0413D236, D63EFA1408084F524464729C2F3BE16550E07ACE2BF8A00699A8438079AD381B ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe06:30:11.0707 0x2acc McAfee SiteAdvisor Service - ok06:30:11.0782 0x2acc [ 96E7AA538AB0EDECCAB3862BA4B66232, 8AF460093B4DC1FD81C4508A57B6A80A7FB2E1818A3405506B8DB5B521615FB6 ] McAPExe C:\Program Files\McAfee\MSC\McAPExe.exe06:30:11.0787 0x2acc McAPExe - ok06:30:11.0848 0x2acc [ F8B823414A22DBF3BEC10DCAA5F93CD8, 651C7521033439C0AA9006F1AC2CF376B1588CE781BEE4D10B7622FA3D055F6C ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe06:30:11.0857 0x2acc McciCMService - ok06:30:11.0943 0x2acc [ 859E5A32485178DAECA06B52E2BB44B2, 10402A9E290821A2F353CB58DA3362FB38D8BCC0E5F174F6CFEE9BE022CE0FD8 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe06:30:11.0969 0x2acc McciCMService64 - ok06:30:12.0029 0x2acc [ 49F5B235EDC9C6AC0ABA44737B190317, 096D8D583ED024F1B3AD30DD5EBA38B1FEE518166E157C0E3890D80687181F60 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe06:30:12.0050 0x2acc McComponentHostService - ok06:30:12.0088 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McMPFSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0095 0x2acc McMPFSvc - ok06:30:12.0128 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McNaiAnn C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0135 0x2acc McNaiAnn - ok06:30:12.0193 0x2acc [ 63D93A440E7AC015D85B9A3DA0C1BBAF, 849A13E91B041DEC2A47F5BE65ADBA6CAC8AF01675D0D8E13730724B54B4DD15 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe06:30:12.0210 0x2acc McODS - ok06:30:12.0223 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] mcpltsvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0229 0x2acc mcpltsvc - ok06:30:12.0262 0x2acc [ FB11715EEB23D0999C2295177EBBA5C0, 533754A3591B5852253C793CE08ADA6CAD0545E3A11F42430EFA9D959B6BF4F7 ] McProxy C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe06:30:12.0268 0x2acc McProxy - ok06:30:12.0305 0x2acc [ 76A58DF02BD4EA29F189B82D0BEF17F8, B3A96AABE050BB332ECD9AF7C35D08B468AC459D30FF4D49B609BA3F95ECEEDA ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll06:30:12.0308 0x2acc Mcx2Svc - ok06:30:12.0365 0x2acc [ 5C5CD6AACED32FB26C3FB34B3DCF972F, 34A66C21FA79800D3CDE933CFA71343218F94D67AAE763EA0B53AC49060CB6D0 ] megasas C:\Windows\system32\drivers\megasas.sys06:30:12.0366 0x2acc megasas - ok06:30:12.0405 0x2acc [ 859BC2436B076C77C159ED694ACFE8F8, 4AEA57A8B9EACEC1B8DED3ECC95621C56E6D65CFE2DA9F07DAF7C7BAD132B624 ] MegaSR C:\Windows\system32\drivers\megasr.sys06:30:12.0442 0x2acc MegaSR - ok06:30:12.0476 0x2acc [ 4800829B6DA07ED8818EBC3AB4ECB2AF, B75BC9838B4A4CEB65AFE246B01FD545DC7AACA192AC0F7B4E7A0F5DF6A454E3 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys06:30:12.0481 0x2acc mfeapfk - ok06:30:12.0545 0x2acc [ 001EF965C2869723E5929255E7F4BDB0, E9F6DC7842DAE743881F7DC9AE9CDBF2DBD1DD48A387AF92E32AA13CAEFCBEF6 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys06:30:12.0553 0x2acc mfeavfk - ok06:30:12.0673 0x2acc [ E85AC33B3E5D81BF750AC8FFBE7FD46F, 5F62E2732B234176A94E8E3F34A125935FC8D52F608CB4F38FE0DE3E7B25E3D5 ] mfecore C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe06:30:12.0699 0x2acc mfecore - ok06:30:12.0755 0x2acc [ A769FABF6F9B5E72450F9E161C83D495, 3601A1242885B778B81AB2ABA95F6EAA026427A3F8072427A0A4DF7B93CF4CE1 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe06:30:12.0761 0x2acc mfefire - ok06:30:12.0831 0x2acc [ F153129E35F2D1C893A099368B55E530, 08D5F93CF2A6994700D1F29239BF7F5B4EA48793211E24601B1FE4A8BC96F092 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys06:30:12.0845 0x2acc mfefirek - ok06:30:12.0889 0x2acc [ 63835C12B7B9E1B8EA1D195E9A2A786A, C25CFAE33178AE0CB84F078113F328308FB107D574A27653323F909B41B41C01 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys06:30:12.0908 0x2acc mfehidk - ok06:30:12.0980 0x2acc [ 9BBE68D37302E191788058ECA974B870, 9D1034097328A4E83479594DD2AFA857B58D758C227F952FDCED7DEEF23B8D5D ] mfencbdc C:\Windows\system32\DRIVERS\mfencbdc.sys06:30:12.0991 0x2acc mfencbdc - ok06:30:13.0031 0x2acc [ 5A0A092F04A83505799F857371E4A3FF, 1BD7726CB3CDFA7B5C225B695B07AC143B7BE2A3DBD596B30DB2816D407A6C9E ] mfencrk C:\Windows\system32\DRIVERS\mfencrk.sys06:30:13.0035 0x2acc mfencrk - ok06:30:13.0083 0x2acc [ FAB7B6D571B810B73F5BB286AB439687, D1898B16E9FCABFF1BC937427B18B1083018B4F5DED6A04A2967352FF5857218 ] mfevtp C:\Windows\system32\mfevtps.exe06:30:13.0089 0x2acc mfevtp - ok06:30:13.0109 0x2acc [ 57CC9413361359476B844339417F1CFF, 87093104871F8B6A6336404F0C497A6B5473AA0E770C54ABF233428FB151FD4C ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys06:30:13.0119 0x2acc mfewfpk - ok06:30:13.0150 0x2acc [ 3CBE4995E80E13CCFBC42E5DCF3AC81A, 18B0E3E83E41C80809E8140F4C90AB051566C84DD891EA411746EA74E6EAF053 ] MMCSS C:\Windows\system32\mmcss.dll06:30:13.0152 0x2acc MMCSS - ok06:30:13.0186 0x2acc [ 59848D5CC74606F0EE7557983BB73C2E, EA6ACF0619DE1E4272AEDC69F2E66E29DA499E8E8094243C9EF735FD8369229D ] Modem C:\Windows\system32\drivers\modem.sys06:30:13.0187 0x2acc Modem - ok06:30:13.0212 0x2acc [ C247CC2A57E0A0C8C6DCCF7807B3E9E5, 357811D1B8F70828F6432879F59DAB916FBB55673B3473D879382DE33CFB3FAF ] monitor C:\Windows\system32\DRIVERS\monitor.sys06:30:13.0214 0x2acc monitor - ok06:30:13.0230 0x2acc [ 9367304E5E412B120CF5F4EA14E4E4F1, F87EBACEE27A50E6610FDCB4BD3001C35A99FEE6D63D643FF2CBF0D484CD082C ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys06:30:13.0233 0x2acc mouclass - ok06:30:13.0282 0x2acc [ C2C2BD5C5CE5AAF786DDD74B75D2AC69, B77E4A7511923E7BD35A177A40B4E461AC9CB050D6F0575D4799DEF85DA6DA38 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys06:30:13.0284 0x2acc mouhid - ok06:30:13.0305 0x2acc [ 11BC9B1E8801B01F7F6ADB9EAD30019B, 1BAF820C0AB1B70A114E767B2155A58BF86CD0D9CF582813C1635A86BE3A7A05 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys06:30:13.0308 0x2acc MountMgr - ok06:30:13.0358 0x2acc [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe06:30:13.0361 0x2acc MozillaMaintenance - ok06:30:13.0426 0x2acc [ 9EB89625A82AC961F25E7C865947BF9A, 91DB9530CDE883DC60BE621AC4210ACD069631D9466E37411D9D6AEE587098D9 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys06:30:13.0441 0x2acc MpFilter - ok06:30:13.0463 0x2acc [ F8276EB8698142884498A528DFEA8478, C0FF504F721F1D00F42CFE783D4F32C6728518F64646F5C5C11BA3A4824815BB ] mpio C:\Windows\system32\drivers\mpio.sys06:30:13.0467 0x2acc mpio - ok06:30:13.0491 0x2acc [ C92B9ABDB65A5991E00C28F13491DBA2, D1233381A9E4262F0AB396BBDB7DE402D4370805E11EB8A118C846F6E9474098 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys06:30:13.0495 0x2acc mpsdrv - ok06:30:13.0542 0x2acc [ 897E3BAF68BA406A61682AE39C83900C, 13F61D5C22BED061BE7C2669CCCAA2BAD4A0CE83800DF57A50306DE0A476FC27 ] MpsSvc C:\Windows\system32\mpssvc.dll06:30:13.0559 0x2acc MpsSvc - ok06:30:13.0584 0x2acc [ 3C200630A89EF2C0864D515B7A75802E, AA4A312E7A28FCE7A944747BADB809CAAD3D67899EBBE663D473621DB25B140A ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys06:30:13.0586 0x2acc Mraid35x - ok06:30:13.0601 0x2acc [ 7C1DE4AA96DC0C071611F9E7DE02A68D, 8B248A82324FB23C64D41FA91BCC22093DE44C48D688E5995C484A7072A6EC08 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys06:30:13.0605 0x2acc MRxDAV - ok06:30:13.0614 0x2acc [ 1485811B320FF8C7EDAD1CAEBB1C6C2B, 9F157AAA1A793EF7E52817E4126B774C17FFA0036DADCF10A024FDC068F94F67 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys06:30:13.0618 0x2acc mrxsmb - ok06:30:13.0647 0x2acc [ 3B929A60C833FC615FD97FBA82BC7632, 40EEBEB43F42A1A37FAA529E0C21984426F90C1EEFE1EF9BB2F696164595F91D ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys06:30:13.0655 0x2acc mrxsmb10 - ok06:30:13.0663 0x2acc [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3, 197F70E24D2BBDEC35C2D5BC442267ACC4C5AE3FD5BB30A0928976BE9758C942 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys06:30:13.0666 0x2acc mrxsmb20 - ok06:30:13.0687 0x2acc [ 730B784962D22D2C6481EAE2370E7C8C, D797363808125247CFCE49E5E427193B95292260B70CDB882331CD9F58F8979B ] msahci C:\Windows\system32\drivers\msahci.sys06:30:13.0689 0x2acc msahci - ok06:30:13.0696 0x2acc [ 264BBB4AAF312A485F0E44B65A6B7202, 1DF36540C77D5D885B6C2EE91F0446864D8E6D6CFED87A9ED0765E76FE05E102 ] msdsm C:\Windows\system32\drivers\msdsm.sys06:30:13.0700 0x2acc msdsm - ok06:30:13.0738 0x2acc [ 7EC02CE772F068ED0BEAFA3DA341A9BC, 3B5B4EA0BF1D1E57F4DF74A569304A5EE41821F5E2F352760B8C9CA82C6D8292 ] MSDTC C:\Windows\System32\msdtc.exe06:30:13.0743 0x2acc MSDTC - ok06:30:13.0770 0x2acc [ 704F59BFC4512D2BB0146AEC31B10A7C, F7712944DDC192C47953D577BE31B79B4D11217305B1C3D0DCA31B1518CB8DCB ] Msfs C:\Windows\system32\drivers\Msfs.sys06:30:13.0772 0x2acc Msfs - ok06:30:13.0814 0x2acc [ 00EBC952961664780D43DCA157E79B27, 4F8F5718D8574A128E0F6CD54C9BE59A93A7638A5689A8FF68D0C81D3E67808F ] msisadrv C:\Windows\system32\drivers\msisadrv.sys06:30:13.0816 0x2acc msisadrv - ok06:30:13.0845 0x2acc [ 366B0C1F4478B519C181E37D43DCDA32, A98E2BC397FAD7D90653F55AC283CACAE7465D7F10A198D715046B1D896AF246 ] MSiSCSI C:\Windows\system32\iscsiexe.dll06:30:13.0850 0x2acc MSiSCSI - ok06:30:13.0855 0x2acc msiserver - ok06:30:13.0905 0x2acc [ 0EA73E498F53B96D83DBFCA074AD4CF8, E3DDE34FCFF272E06CD8DA836F8D79E2515885715D4A7CD7BF8D97D7A4E0E781 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys06:30:13.0907 0x2acc MSKSSRV - ok06:30:13.0980 0x2acc [ 89F2AEDC2788696702141AB82C3E7866, E166CBD8D3C708737C37172221945D8E56C25C2CC750889C3CE14AA2DE750F33 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe06:30:13.0982 0x2acc MsMpSvc - ok06:30:14.0000 0x2acc [ 52E59B7E992A58E740AA63F57EDBAE8B, A89F607B330BA1F42CA9FF01EF289BBD088350CF376568E58CB9865F1DA6CD72 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys06:30:14.0001 0x2acc MSPCLOCK - ok06:30:14.0007 0x2acc [ 49084A75BAE043AE02D5B44D02991BB2, 4CD2692D191035CE9D18F4D21F054FF8C3F9CF2734464EA33EAB480A28AD447F ] MSPQM C:\Windows\system32\drivers\MSPQM.sys06:30:14.0008 0x2acc MSPQM - ok06:30:14.0034 0x2acc [ DC6CCF440CDEDE4293DB41C37A5060A5, 768D08A67508E1CE69B67642A5E5A639C0DD1E93C956C56ECC5A56B0E502C953 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys06:30:14.0040 0x2acc MsRPC - ok06:30:14.0069 0x2acc [ 855796E59DF77EA93AF46F20155BF55B, 75DFCEE16A9D94EDF74295B9686D92552817E8A00958917CB0E17089EDCF6A97 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys06:30:14.0071 0x2acc mssmbios - ok06:30:14.0076 0x2acc [ 86D632D75D05D5B7C7C043FA3564AE86, 96911FBC106B91E76598EE110B5147D4C55E42C9194E857F866B6B395E78D2CB ] MSTEE C:\Windows\system32\drivers\MSTEE.sys06:30:14.0078 0x2acc MSTEE - ok06:30:14.0090 0x2acc [ 0CC49F78D8ACA0877D885F149084E543, 984DDCB52F0DFC1B26C6504FE500E8D9C2CA7F79ED34608AE9866A0915B8BA67 ] Mup C:\Windows\system32\Drivers\mup.sys06:30:14.0093 0x2acc Mup - ok06:30:14.0134 0x2acc [ A5B10C845E7538C60C0F5D87A57CB3F5, 2B4E16702591C59BC2CA2B99DBB504BAB4F4EF0835B0D9C7453D340CBF0BDF16 ] napagent C:\Windows\system32\qagentRT.dll06:30:14.0144 0x2acc napagent - ok06:30:14.0191 0x2acc [ 2007B826C4ACD94AE32232B41F0842B9, 6267D165C3C8C5F83194890A6DBF71226D4B891AECD1D06F7AEB5D738C3DC9CA ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys06:30:14.0204 0x2acc NativeWifiP - ok06:30:14.0269 0x2acc [ 65950E07329FCEE8E6516B17C8D0ABB6, 4429D9FF9B6E376D28D8FA4906B7554DF566EC23E455E3166C496B579622F204 ] NDIS C:\Windows\system32\drivers\ndis.sys06:30:14.0288 0x2acc NDIS - ok06:30:14.0316 0x2acc [ 64DF698A425478E321981431AC171334, C43177CB60F5D58E1FF7A31E9BE5DA7D92C4B25235867DD65BADC069EDF023F3 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys06:30:14.0318 0x2acc NdisTapi - ok06:30:14.0323 0x2acc [ 8BAA43196D7B5BB972C9A6B2BBF61A19, 8AFFB26F6E8CF67F562818BBFE12FB448E4FCDF9B68858B625681565DE30DDC1 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys06:30:14.0325 0x2acc Ndisuio - ok06:30:14.0344 0x2acc [ F8158771905260982CE724076419EF19, B86FFA790A30ED614A11C87F4D738C913EFC0924DC14750D544001D4E9556071 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys06:30:14.0348 0x2acc NdisWan - ok06:30:14.0367 0x2acc [ 9CB77ED7CB72850253E973A2D6AFDF49, C3C15B317A7F7AE68B7BC62343962C47F075240F252727811DB4BEE443F9103F ] NDProxy C:\Windows\system32\drivers\NDProxy.sys06:30:14.0369 0x2acc NDProxy - ok06:30:14.0372 0x2acc Net CLR - ok06:30:14.0387 0x2acc [ A499294F5029A7862ADC115BDA7371CE, 6BE0AAFE4EB59E056A929D6C1A009D8DFD547025481108CEFB12E5D6F86DBE14 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys06:30:14.0389 0x2acc NetBIOS - ok06:30:14.0401 0x2acc [ FC2C792EBDDC8E28DF939D6A92C83D61, 9EDF8B56E2B47C31457074DA371B604E5F7EB2B3B5CD4688CBEEDD5B266D119B ] netbt C:\Windows\system32\DRIVERS\netbt.sys06:30:14.0407 0x2acc netbt - ok06:30:14.0421 0x2acc [ 260BF9C43EE12C6898A9F5AAB0FB0E5D, 6585A87CE55EE5C51B18DF86E8EDFC6A909D96C87522FF4183F8BA9355E8DD44 ] Netlogon C:\Windows\system32\lsass.exe06:30:14.0423 0x2acc Netlogon - ok06:30:14.0491 0x2acc [ 9B63B29DEFC0F3115A559D2597BF5D75, 297319D3F2E97CB34464EA59D8FD96AC2B8B1A4F2AEE666937F16A041128021F ] Netman C:\Windows\System32\netman.dll06:30:14.0514 0x2acc Netman - ok06:30:14.0560 0x2acc [ 74751DDA198165947FD7454D83F49825, 24639B7E71D77999762BDDC65696E1EB868165C03C64278A6176B4505D0EEBB5 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe06:30:14.0564 0x2acc NetTcpPortSharing - ok06:30:14.0584 0x2acc [ 4AC08BD6AF2DF42E0C3196D826C8AEA7, 8D7DE921E14BAF09D7E2704CFB2FB1C8A78A46DAF86CDF7A347C5D113A8C110B ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys06:30:14.0586 0x2acc nfrd960 - ok06:30:14.0605 0x2acc [ C3E0696C3B42F694C5822776AA6FFFDF, 80C3DEC2C48500F96C9E677450EFC1ADA9FE9FBB70F4CC2D7D9244B1A515418B ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys06:30:14.0610 0x2acc NisDrv - ok06:30:14.0642 0x2acc [ DCEE3592299B2229A0DB98CB415059A2, 709AAA095DF44DDCB6159CE1635AB05EC666D845445790E569F56B297DC64AC3 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe06:30:14.0651 0x2acc NisSrv - ok06:30:14.0672 0x2acc [ F145BF4C4668E7E312069F81EF847CFC, C4926EFB41FE2813E90D83456C6CB8F3157D835391B443C7E26168F4E1D67DC7 ] NlaSvc C:\Windows\System32\nlasvc.dll06:30:14.0677 0x2acc NlaSvc - ok06:30:14.0697 0x2acc [ B298874F8E0EA93F06EC40AA8D146478, 275D769E5EFD3153985DAF84C5B22B9D65428E09AB41099901ABDD03B3A2625D ] Npfs C:\Windows\system32\drivers\Npfs.sys06:30:14.0698 0x2acc Npfs - ok06:30:14.0755 0x2acc [ ACB62BAA1C319B17752553DF3026EEEB, 5A309DF390A097245250BB64AD5F8575BECA601E0A122DDCB494C67D3D9EA089 ] nsi C:\Windows\system32\nsisvc.dll06:30:14.0757 0x2acc nsi - ok06:30:14.0769 0x2acc [ 1523AF19EE8B030BA682F7A53537EAEB, B000630CE4B562D39B5EE4148409B2E01D8924D33D27607B24ADC901357E7AA5 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys06:30:14.0771 0x2acc nsiproxy - ok06:30:14.0839 0x2acc [ 2ACCAA3C3C55370A32F17B3595E1A217, 8539A293A5E1EBA2CC0FA9E999099D3B6B035D41069398AE17D737BBE4D9FEA8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys06:30:14.0867 0x2acc Ntfs - ok06:30:14.0891 0x2acc [ DD5D684975352B85B52E3FD5347C20CB, BB03C50D5178643550C024130E20FD9A023AE110B3C85A2D6E18FB8DBB3A12E4 ] Null C:\Windows\system32\drivers\Null.sys06:30:14.0892 0x2acc Null - ok06:30:14.0908 0x2acc [ 2C040B7ADA5B06F6FACADAC8514AA034, EF32F7C411090230ED1D95B2D01E8464DCC89D72EFD94BBC8DF6856D00B1A783 ] nvraid C:\Windows\system32\drivers\nvraid.sys06:30:14.0913 0x2acc nvraid - ok06:30:14.0932 0x2acc [ F7EA0FE82842D05EDA3EFDD376DBFDBA, 0ED0543A5331C0D8BBFD1BE3174482ED1B3EE70CA41CE8CE5C81977C37B3D129 ] nvstor C:\Windows\system32\drivers\nvstor.sys06:30:14.0935 0x2acc nvstor - ok06:30:14.0953 0x2acc [ 19067CA93075EF4823E3938A686F532F, 81339372E90CE9E2594461146A82B62452CF9DB3FF53381D30F6922059EDCF99 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys06:30:14.0957 0x2acc nv_agp - ok06:30:15.0047 0x2acc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE06:30:15.0058 0x2acc odserv - ok06:30:15.0114 0x2acc [ E52479B03A57DC3D4BABD9C5536C94D6, 1F007C8396F9703D8B921E7A78FE5CFBAECD1396FD9C91FD726D6056F3235D24 ] OEM05Afx C:\Windows\system32\Drivers\OEM05Afx.sys06:30:15.0120 0x2acc OEM05Afx - ok06:30:15.0148 0x2acc [ 766F689564BC30E5A91F8621CE65AD68, CC98437AC8F6CF2F25331878075E1DEAF79526E82D89840BA86623F559528EDF ] OEM05Vfx C:\Windows\system32\DRIVERS\OEM05Vfx.sys06:30:15.0149 0x2acc OEM05Vfx - ok06:30:15.0174 0x2acc [ 859F850A4FD021A66493D18CBA847792, E519760DCE2D797C1B2CB1F00B9E7A409C07D57EEFBB98D4F90BE48791B10523 ] OEM05Vid C:\Windows\system32\DRIVERS\OEM05Vid.sys06:30:15.0196 0x2acc OEM05Vid - ok06:30:15.0222 0x2acc [ B5B1CE65AC15BBD11C0619E3EF7CFC28, E9AA27724A7576D1869FF861A498DB8AF79A7B297F10272F1D63E6CB88CD455B ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys06:30:15.0225 0x2acc ohci1394 - ok06:30:15.0260 0x2acc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE06:30:15.0265 0x2acc ose - ok06:30:15.0320 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2pimsvc C:\Windows\system32\p2psvc.dll06:30:15.0343 0x2acc p2pimsvc - ok06:30:15.0368 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] p2psvc C:\Windows\system32\p2psvc.dll06:30:15.0384 0x2acc p2psvc - ok06:30:15.0393 0x2acc [ AECD57F94C887F58919F307C35498EA0, CD8E8B54A445EF0DC485D5F221588875C98328596F64EE03B2D8BD0B860504FB ] Parport C:\Windows\system32\drivers\parport.sys06:30:15.0397 0x2acc Parport - ok06:30:15.0412 0x2acc [ B43751085E2ABE389DA466BC62A4B987, 167CB6B18B6B7B74A229A976833E1FBE6D51C9C0EB8A23C92FC2465B692DF383 ] partmgr C:\Windows\system32\drivers\partmgr.sys06:30:15.0415 0x2acc partmgr - ok06:30:15.0441 0x2acc [ 9AB157B374192FF276C1628FBDBA2B0E, E63E2EE1ABEEC5234F4F1318757EDB4A7567057B1DF1A2414C8698D47062B6AC ] PcaSvc C:\Windows\System32\pcasvc.dll06:30:15.0445 0x2acc PcaSvc - ok06:30:15.0454 0x2acc [ 47AB1E0FC9D0E12BB53BA246E3A0906D, 82B452D614B535FAD3AFEEA06DFBBF8F7C5031563A2558CFA04F9B94C76E45DF ] pci C:\Windows\system32\drivers\pci.sys06:30:15.0458 0x2acc pci - ok06:30:15.0478 0x2acc [ 8D618C829034479985A9ED56106CC732, 9F3773A5184064092920FA2C88CCF5BFE44C63573B443E67230C4F596B7884C2 ] pciide C:\Windows\system32\drivers\pciide.sys06:30:15.0480 0x2acc pciide - ok06:30:15.0490 0x2acc [ 037661F3D7C507C9993B7010CEEE6288, A7B415675B14FD755D0167BBA458A902AA9ABFC4343A1B887289D31DE8A55285 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys06:30:15.0498 0x2acc pcmcia - ok06:30:15.0545 0x2acc [ 58865916F53592A61549B04941BFD80D, 3511AF2EFD06636E144C36ECA8C7AA1A33C269EDB10A6D879AA25D9E11359AA9 ] PEAUTH C:\Windows\system32\drivers\peauth.sys06:30:15.0564 0x2acc PEAUTH - ok06:30:15.0669 0x2acc [ 0ED8727EA0172860F47258456C06CAEA, 3CDAA1044E412EC4303CEABD36A8C7BADA2D6C6692E09B8FE440709E3F4F0166 ] PerfHost C:\Windows\SysWow64\perfhost.exe06:30:15.0672 0x2acc PerfHost - ok06:30:15.0805 0x2acc [ E9E68C1A0F25CF4A7AC966EEA74EE89E, 6C6903A856C29AD690FDA1B74ADB2222C3453FBE2B364245FA61D53C77C586C0 ] pla C:\Windows\system32\pla.dll06:30:15.0841 0x2acc pla - ok06:30:15.0893 0x2acc [ FE6B0F59215C9FD9F9D26539C58C8B82, 52CF8BE31A28430226D117EB80974AEAE5EA07F39DE881164232D44BF67FF752 ] PlugPlay C:\Windows\system32\umpnpmgr.dll06:30:15.0903 0x2acc PlugPlay - ok06:30:15.0967 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll06:30:15.0984 0x2acc PNRPAutoReg - ok06:30:16.0008 0x2acc [ 9AE31D2E1D15C10D91318E0EC149CEAC, CEA8A4AD1D6BB9C1ECBDE7A1946DD655104E20224436B96AD69A76F8E2B25680 ] PNRPsvc C:\Windows\system32\p2psvc.dll06:30:16.0025 0x2acc PNRPsvc - ok06:30:16.0090 0x2acc [ 89A5560671C2D8B4A4B51F3E1AA069D8, 07DEE5D73DDE09F954E2E13BB5603F0033829B6199C81A7C1709D94AB92B351E ] PolicyAgent C:\Windows\System32\ipsecsvc.dll06:30:16.0104 0x2acc PolicyAgent - ok06:30:16.0180 0x2acc [ 23386E9952025F5F21C368971E2E7301, F7241C1799A8AA0E9106B101B841670304DC695FD8D290C690CE0ED5C13BC514 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys06:30:16.0183 0x2acc PptpMiniport - ok
  7. I thought I had followed the instructions: Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found on your DesktopExit/Close RogueKillerShould I try to run that again? I'll run the TDSSkiller and post that in the mean time, Thank you.
  8. RogueKiller report: RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Software mail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Remove -- Date : 06/07/2014 19:58:18 ¤¤¤ Bad processes : 3 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12][suspicious.Path] OEM05Mon.exe -- C:\Windows\OEM05Mon.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) M4-Service -- C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe[7] -> STOPPED ¤¤¤ Registry Entries : 41 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OEM05Mon.exe : C:\Windows\OEM05Mon.exe [x] -> DELETED[shell.HJ] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> REPLACED (explorer.exe)[shell.HJ] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> REPLACED (explorer.exe)[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> NOT SELECTED[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> NOT SELECTED[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> NOT SELECTED[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_A7E2\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> NOT SELECTED[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> NOT SELECTED ¤¤¤ Scheduled tasks : 4 ¤¤¤[suspicious.Path] \\{7177BA2D-4E13-44A7-888F-81244710D84E} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCFZW1AR\WebPostUserServlet[2].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{82E896D3-C842-4280-BE42-BF6BE919E9D7} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZN2MSN0\WebPostUserServlet[1].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{8C551938-308A-482A-98E2-1F461FD69A86} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAD3V92T\install[1].exe" -d C:\Users\Sharon) -> DELETED[suspicious.Path] \\{E503796F-154E-4CF3-8ED2-EE69F0DC3748} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2SZKZN\CT-Rate[1].exe" -d C:\Users\Sharon\Desktop) -> DELETED ¤¤¤ Files : 2 ¤¤¤[ZeroAccess][Folder] L -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\L -> DELETED[ZeroAccess][Folder] U -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\U -> DELETED ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 173 ¤¤¤[EAT:Addr] (explorer.exe) WINMM.dll - AddGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd3bde8[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcA : C:\Windows\system32\DUser.dll @ 0x7fefbd50968[EAT:Addr] (explorer.exe) WINMM.dll - AttachWndProcW : C:\Windows\system32\DUser.dll @ 0x7fefbd3a558[EAT:Addr] (explorer.exe) WINMM.dll - AutoTrace : C:\Windows\system32\DUser.dll @ 0x7fefbd49360[EAT:Addr] (explorer.exe) WINMM.dll - BeginTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50bdc[EAT:Addr] (explorer.exe) WINMM.dll - BuildAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b9b8[EAT:Addr] (explorer.exe) WINMM.dll - BuildDropTarget : C:\Windows\system32\DUser.dll @ 0x7fefbd49780[EAT:Addr] (explorer.exe) WINMM.dll - BuildInterpolation : C:\Windows\system32\DUser.dll @ 0x7fefbd3b8d8[EAT:Addr] (explorer.exe) WINMM.dll - CreateAction : C:\Windows\system32\DUser.dll @ 0x7fefbd3adf4[EAT:Addr] (explorer.exe) WINMM.dll - CreateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd34840[EAT:Addr] (explorer.exe) WINMM.dll - CreateTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50998[EAT:Addr] (explorer.exe) WINMM.dll - DUserBuildGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd50738[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastClass : C:\Windows\system32\DUser.dll @ 0x7fefbd50824[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastDirect : C:\Windows\system32\DUser.dll @ 0x7fefbd5089c[EAT:Addr] (explorer.exe) WINMM.dll - DUserCastHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd508dc[EAT:Addr] (explorer.exe) WINMM.dll - DUserDeleteGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd4ed30[EAT:Addr] (explorer.exe) WINMM.dll - DUserFindClass : C:\Windows\system32\DUser.dll @ 0x7fefbd506c0[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushDeferredMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c844[EAT:Addr] (explorer.exe) WINMM.dll - DUserFlushMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd3c8b0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetAlphaPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cd0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetGutsData : C:\Windows\system32\DUser.dll @ 0x7fefbd508f0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRectPRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49ce0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetRotatePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49cf0[EAT:Addr] (explorer.exe) WINMM.dll - DUserGetScalePRID : C:\Windows\system32\DUser.dll @ 0x7fefbd49d00[EAT:Addr] (explorer.exe) WINMM.dll - DUserInstanceOf : C:\Windows\system32\DUser.dll @ 0x7fefbd507a0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd35fe0[EAT:Addr] (explorer.exe) WINMM.dll - DUserPostMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f8e0[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterGuts : C:\Windows\system32\DUser.dll @ 0x7fefbd3fb3c[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterStub : C:\Windows\system32\DUser.dll @ 0x7fefbd40660[EAT:Addr] (explorer.exe) WINMM.dll - DUserRegisterSuper : C:\Windows\system32\DUser.dll @ 0x7fefbd41040[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendEvent : C:\Windows\system32\DUser.dll @ 0x7fefbd32370[EAT:Addr] (explorer.exe) WINMM.dll - DUserSendMethod : C:\Windows\system32\DUser.dll @ 0x7fefbd4f804[EAT:Addr] (explorer.exe) WINMM.dll - DUserStopAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd4a9f4[EAT:Addr] (explorer.exe) WINMM.dll - DeleteHandle : C:\Windows\system32\DUser.dll @ 0x7fefbd33070[EAT:Addr] (explorer.exe) WINMM.dll - DetachWndProc : C:\Windows\system32\DUser.dll @ 0x7fefbd31948[EAT:Addr] (explorer.exe) WINMM.dll - DllMain : C:\Windows\system32\DUser.dll @ 0x7fefbd3ddf8[EAT:Addr] (explorer.exe) WINMM.dll - DrawGadgetTree : C:\Windows\system32\DUser.dll @ 0x7fefbd505b4[EAT:Addr] (explorer.exe) WINMM.dll - EndTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50d60[EAT:Addr] (explorer.exe) WINMM.dll - EnumGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd50094[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetFromPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd36d80[EAT:Addr] (explorer.exe) WINMM.dll - FindGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4fdb8[EAT:Addr] (explorer.exe) WINMM.dll - FindStdColor : C:\Windows\system32\DUser.dll @ 0x7fefbd3a4a4[EAT:Addr] (explorer.exe) WINMM.dll - FireGadgetMessages : C:\Windows\system32\DUser.dll @ 0x7fefbd4f9a0[EAT:Addr] (explorer.exe) WINMM.dll - ForwardGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3d628[EAT:Addr] (explorer.exe) WINMM.dll - GetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50e24[EAT:Addr] (explorer.exe) WINMM.dll - GetDebug : C:\Windows\system32\DUser.dll @ 0x7fefbd493a0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd503f8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetAnimation : C:\Windows\system32\DUser.dll @ 0x7fefbd37154[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd42f40[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f4e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38d14[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd504e0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd371ec[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd31dd0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRgn : C:\Windows\system32\DUser.dll @ 0x7fefbd34af0[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4f6dc[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f2e4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f0e8[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetSize : C:\Windows\system32\DUser.dll @ 0x7fefbd501b4[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd42c6c[EAT:Addr] (explorer.exe) WINMM.dll - GetGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd354dc[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd433d0[EAT:Addr] (explorer.exe) WINMM.dll - GetMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fae0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushF : C:\Windows\system32\DUser.dll @ 0x7fefbd50ff0[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorBrushI : C:\Windows\system32\DUser.dll @ 0x7fefbd31d10[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorF : C:\Windows\system32\DUser.dll @ 0x7fefbd50f7c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorI : C:\Windows\system32\DUser.dll @ 0x7fefbd3daa4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorName : C:\Windows\system32\DUser.dll @ 0x7fefbd512dc[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenF : C:\Windows\system32\DUser.dll @ 0x7fefbd5118c[EAT:Addr] (explorer.exe) WINMM.dll - GetStdColorPenI : C:\Windows\system32\DUser.dll @ 0x7fefbd510a4[EAT:Addr] (explorer.exe) WINMM.dll - GetStdPalette : C:\Windows\system32\DUser.dll @ 0x7fefbd51318[EAT:Addr] (explorer.exe) WINMM.dll - GetTransitionInterface : C:\Windows\system32\DUser.dll @ 0x7fefbd50b18[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ebc4[EAT:Addr] (explorer.exe) WINMM.dll - InitGadgets : C:\Windows\system32\DUser.dll @ 0x7fefbd391d0[EAT:Addr] (explorer.exe) WINMM.dll - InvalidateGadget : C:\Windows\system32\DUser.dll @ 0x7fefbd32bb8[EAT:Addr] (explorer.exe) WINMM.dll - IsGadgetParentChainStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd4eec0[EAT:Addr] (explorer.exe) WINMM.dll - IsInsideContext : C:\Windows\system32\DUser.dll @ 0x7fefbd4ee40[EAT:Addr] (explorer.exe) WINMM.dll - IsStartDelete : C:\Windows\system32\DUser.dll @ 0x7fefbd3ba20[EAT:Addr] (explorer.exe) WINMM.dll - LookupGadgetTicket : C:\Windows\system32\DUser.dll @ 0x7fefbd51610[EAT:Addr] (explorer.exe) WINMM.dll - MapGadgetPoints : C:\Windows\system32\DUser.dll @ 0x7fefbd4426c[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExA : C:\Windows\system32\DUser.dll @ 0x7fefbd4fb78[EAT:Addr] (explorer.exe) WINMM.dll - PeekMessageExW : C:\Windows\system32\DUser.dll @ 0x7fefbd4fc14[EAT:Addr] (explorer.exe) WINMM.dll - PlayTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50a44[EAT:Addr] (explorer.exe) WINMM.dll - PrintTransition : C:\Windows\system32\DUser.dll @ 0x7fefbd50ca0[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd3e49c[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - RegisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3e654[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetMessageHandler : C:\Windows\system32\DUser.dll @ 0x7fefbd4fecc[EAT:Addr] (explorer.exe) WINMM.dll - RemoveGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3b5b0[EAT:Addr] (explorer.exe) WINMM.dll - SetActionTimeslice : C:\Windows\system32\DUser.dll @ 0x7fefbd50ed4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetBufferInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd4264c[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetCenterPoint : C:\Windows\system32\DUser.dll @ 0x7fefbd4f5d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillF : C:\Windows\system32\DUser.dll @ 0x7fefbd4eff4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFillI : C:\Windows\system32\DUser.dll @ 0x7fefbd41f50[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocus : C:\Windows\system32\DUser.dll @ 0x7fefbd38dec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetFocusEx : C:\Windows\system32\DUser.dll @ 0x7fefbd3d784[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetMessageFilter : C:\Windows\system32\DUser.dll @ 0x7fefbd35348[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetOrder : C:\Windows\system32\DUser.dll @ 0x7fefbd502a4[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetParent : C:\Windows\system32\DUser.dll @ 0x7fefbd34d20[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd3bad0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRect : C:\Windows\system32\DUser.dll @ 0x7fefbd34980[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRootInfo : C:\Windows\system32\DUser.dll @ 0x7fefbd399d8[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetRotation : C:\Windows\system32\DUser.dll @ 0x7fefbd4f3ec[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetScale : C:\Windows\system32\DUser.dll @ 0x7fefbd4f1e0[EAT:Addr] (explorer.exe) WINMM.dll - SetGadgetStyle : C:\Windows\system32\DUser.dll @ 0x7fefbd34390[EAT:Addr] (explorer.exe) WINMM.dll - UninitGadgetComponent : C:\Windows\system32\DUser.dll @ 0x7fefbd4ec78[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessage : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcfc[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetMessageString : C:\Windows\system32\DUser.dll @ 0x7fefbd4fd90[EAT:Addr] (explorer.exe) WINMM.dll - UnregisterGadgetProperty : C:\Windows\system32\DUser.dll @ 0x7fefbd5000c[EAT:Addr] (explorer.exe) WINMM.dll - UtilBuildFont : C:\Windows\system32\DUser.dll @ 0x7fefbd51380[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawBlendRect : C:\Windows\system32\DUser.dll @ 0x7fefbd51528[EAT:Addr] (explorer.exe) WINMM.dll - UtilDrawOutlineRect : C:\Windows\system32\DUser.dll @ 0x7fefbd5154c[EAT:Addr] (explorer.exe) WINMM.dll - UtilGetColor : C:\Windows\system32\DUser.dll @ 0x7fefbd51558[EAT:Addr] (explorer.exe) WINMM.dll - UtilSetBackground : C:\Windows\system32\DUser.dll @ 0x7fefbd51324[EAT:Addr] (explorer.exe) WINMM.dll - WaitMessageEx : C:\Windows\system32\DUser.dll @ 0x7fefbd4fcac[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced594c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptAddContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced6340[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCloseAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec24fc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced55b8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptConfigureContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5f14[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced5128[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptCreateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec44bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDecrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3484[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeleteContext : C:\Windows\system32\bcrypt.dll @ 0x7fefced52c8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDeriveKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4124[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4904[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroyKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4338[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDestroySecret : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4420[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4998[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptDuplicateKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4270[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEncrypt : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3168[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumAlgorithms : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2564[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctionProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced6718[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContextFunctions : C:\Windows\system32\bcrypt.dll @ 0x7fefced5cdc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumContexts : C:\Windows\system32\bcrypt.dll @ 0x7fefced5454[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2970[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptEnumRegisteredProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced5050[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptExportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3770[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinalizeKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec30f8[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFinishHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4860[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptFreeBuffer : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c44[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenRandom : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5034[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2fe0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGenerateSymmetricKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2eec[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetFipsAlgorithmMode : C:\Windows\system32\bcrypt.dll @ 0x7fefced7250[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptGetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2c70[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptHashData : C:\Windows\system32\bcrypt.dll @ 0x7fefcec481c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKey : C:\Windows\system32\bcrypt.dll @ 0x7fefcec39bc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptImportKeyPair : C:\Windows\system32\bcrypt.dll @ 0x7fefcec3adc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptOpenAlgorithmProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefcec20f0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced574c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionConfiguration : C:\Windows\system32\bcrypt.dll @ 0x7fefced60e0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced6bb0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptQueryProviderRegistration : C:\Windows\system32\bcrypt.dll @ 0x7fefced4e00[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6e38[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRegisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4a74[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunction : C:\Windows\system32\bcrypt.dll @ 0x7fefced5b20[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptRemoveContextFunctionProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced653c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptResolveProviders : C:\Windows\system32\bcrypt.dll @ 0x7fefced7030[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSecretAgreement : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4000[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetAuditingInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5510[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetContextFunctionProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefced699c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSetProperty : C:\Windows\system32\bcrypt.dll @ 0x7fefcec2e2c[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptSignHash : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4af0[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterConfigChangeNotify : C:\Windows\system32\bcrypt.dll @ 0x7fefced6f50[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptUnregisterProvider : C:\Windows\system32\bcrypt.dll @ 0x7fefced4cbc[EAT:Addr] (explorer.exe) ncrypt.dll - BCryptVerifySignature : C:\Windows\system32\bcrypt.dll @ 0x7fefcec4de4[EAT:Addr] (explorer.exe) ncrypt.dll - GetAsymmetricEncryptionInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5400[EAT:Addr] (explorer.exe) ncrypt.dll - GetCipherInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5364[EAT:Addr] (explorer.exe) ncrypt.dll - GetHashInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec53d0[EAT:Addr] (explorer.exe) ncrypt.dll - GetRngInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec55e8[EAT:Addr] (explorer.exe) ncrypt.dll - GetSecretAgreementInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5490[EAT:Addr] (explorer.exe) ncrypt.dll - GetSignatureInterface : C:\Windows\system32\bcrypt.dll @ 0x7fefcec5410 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_06062014_221939.log - RKreport_SCN_06072014_195735.log
  9. Just ran the mbar. Result was Congratulations! No malware found! I could not find any reports. Wil re-run Rogue killer and post the log.
  10. I did rename ComboFix, the PUM.BAD.PROXY hasn't shown up again (since the 3rd) and here's the RogueKiller log: Thanks. RogueKiller V9.0.2.0 (x64) [Jun 3 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits versionStarted in : Normal modeUser : Sharon [Admin rights]Mode : Scan -- Date : 06/06/2014 22:19:39 ¤¤¤ Bad processes : 3 ¤¤¤[ZeroAccess] mcshield.exe -- [x] -> ERROR [12][suspicious.Path] OEM05Mon.exe -- C:\Windows\OEM05Mon.exe[7] -> KILLED [TermProc][suspicious.Path] (SVC) M4-Service -- C:\Users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exe[7] -> STOPPED ¤¤¤ Registry Entries : 63 ¤¤¤[suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | OEM05Mon.exe : C:\Windows\OEM05Mon.exe -> FOUND[shell.HJ] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND[shell.HJ] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Net CLR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Net CLR -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\M4-Service -> FOUND[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Net CLR -> FOUND[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57273 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_98D1\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> FOUND[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X64) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND[PUM.WallPaper] (X86) HKEY_USERS\S-1-5-21-1280911578-185664597-1390033846-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop | WallPaper : C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤[suspicious.Path] \\{7177BA2D-4E13-44A7-888F-81244710D84E} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XCFZW1AR\WebPostUserServlet[2].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{82E896D3-C842-4280-BE42-BF6BE919E9D7} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IZN2MSN0\WebPostUserServlet[1].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{8C551938-308A-482A-98E2-1F461FD69A86} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAD3V92T\install[1].exe" -d C:\Users\Sharon) -> FOUND[suspicious.Path] \\{E503796F-154E-4CF3-8ED2-EE69F0DC3748} -- C:\Windows\system32\pcalua.exe (-a "C:\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YY2SZKZN\CT-Rate[1].exe" -d C:\Users\Sharon\Desktop) -> FOUND ¤¤¤ Files : 2 ¤¤¤[ZeroAccess][Folder] L -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\L -> FOUND[ZeroAccess][Folder] U -- C:\Users\Sharon\AppData\Local\{b0b2e9a6-e8ff-c1b2-3fb9-797ec509843a}\U -> FOUND ¤¤¤ HOSTS File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 2 ¤¤¤[EAT:Addr] (explorer.exe) WINTRUST.dll - DllCanUnloadNow : C:\Windows\system32\authui.dll @ 0x7fefbec6650[EAT:Addr] (explorer.exe) WINTRUST.dll - DllGetClassObject : C:\Windows\system32\authui.dll @ 0x7fefbec6664 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++--- User ---[MBR] 5af93102361f06a4bb241bee2fa71e6c[bSP] e223061d7b1f736c4877938e9af93bcf : Unknown MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 595056 MBUser = LL1 ... OKUser = LL2 ... OK
  11. The PUM.BAD.PROXY hasn't been detected since 6/3, and it would appear several times a day. Do you think it's gone? Thanks again for the help.
  12. New log. Not sure where we are with this but I still get the pop up after a scan w/ Malwarebytes Pro "Potential threat detected "Choose an action" Only Quarantine available and MBAM hangs and needs to be closed. ComboFix 14-06-03.01 - Sharon 06/03/2014 6:21.3.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3365 [GMT -4:00]Running from: c:\users\Sharon\Desktop\sar20er.exeCommand switches used :: c:\users\Sharon\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Sharon\AppData\Roaming\svfiles.logc:\windows\SysWow64\bidisp.dll..((((((((((((((((((((((((( Files Created from 2014-05-03 to 2014-06-03 )))))))))))))))))))))))))))))))..2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-03 10:40 . 2014-06-03 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 11:24 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4C1DDAC0-20DC-4E6B-A8F5-942D62576BB2}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-03 10:30 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-03 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.Completion time: 2014-06-03 06:43:52ComboFix-quarantined-files.txt 2014-06-03 10:43ComboFix2.txt 2014-06-02 11:17ComboFix3.txt 2014-06-02 01:25ComboFix4.txt 2012-05-26 00:37ComboFix5.txt 2014-06-03 10:20.Pre-Run: 440,600,793,088 bytes freePost-Run: 440,551,026,688 bytes free.- - End Of File - - 7C9FB56B15B93D5F72A661B0333711B55C616939100B85E558DA92B899A0FC36Thanks.
  13. Latest Log....Thanks. ComboFix 14-05-29.01 - Sharon 06/02/2014 6:47.2.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3651 [GMT -4:00]Running from: c:\users\Sharon\Desktop\ComboFix.exeCommand switches used :: c:\users\Sharon\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exe""c:\windows\Installer\48270c.msi""c:\windows\System32\air.exe""c:\windows\SysWOW64\air.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\FoxTabMusicConverter\AudioConverter.exec:\programdata\sysiwpc:\programdata\sysiwp\bpk.dtc:\programdata\sysiwp\dt\2014-05-31_16-28-51-24653009c:\programdata\sysiwp\dt\2014-05-31_16-33-51-24952999c:\programdata\sysiwp\dt\2014-05-31_16-38-51-25253005c:\programdata\sysiwp\dt\2014-05-31_16-43-51-25553010c:\programdata\sysiwp\dt\2014-05-31_16-48-51-25853031c:\programdata\sysiwp\dt\2014-05-31_16-53-51-26153021c:\programdata\sysiwp\dt\2014-05-31_16-58-51-26453042c:\programdata\sysiwp\dt\2014-05-31_17-03-51-26753048c:\programdata\sysiwp\dt\2014-05-31_17-08-51-27053053c:\programdata\sysiwp\dt\2014-05-31_17-13-51-27353059c:\programdata\sysiwp\dt\2014-05-31_17-18-51-27653064c:\programdata\sysiwp\dt\2014-05-31_17-23-51-27953070c:\programdata\sysiwp\dt\2014-05-31_17-28-51-28253060c:\programdata\sysiwp\dt\2014-05-31_17-33-51-28553081c:\programdata\sysiwp\dt\2014-05-31_17-38-51-28853071c:\programdata\sysiwp\dt\2014-05-31_17-43-51-29153092c:\programdata\sysiwp\dt\2014-05-31_17-48-51-29453082c:\programdata\sysiwp\dt\2014-05-31_17-53-51-29753103c:\programdata\sysiwp\dt\2014-05-31_17-58-51-30053093c:\programdata\sysiwp\dt\2014-05-31_18-03-51-30353114c:\programdata\sysiwp\dt\2014-05-31_18-08-51-30653104c:\programdata\sysiwp\dt\2014-05-31_18-13-51-30953125c:\programdata\sysiwp\dt\2014-05-31_18-18-51-31253115c:\programdata\sysiwp\dt\2014-05-31_18-23-51-31553136c:\programdata\sysiwp\dt\2014-05-31_18-28-51-31853126c:\programdata\sysiwp\dt\2014-05-31_18-33-51-32153147c:\programdata\sysiwp\dt\2014-05-31_18-38-51-32453153c:\programdata\sysiwp\dt\2014-05-31_18-43-51-32753158c:\programdata\sysiwp\dt\2014-05-31_18-48-51-33053164c:\programdata\sysiwp\dt\2014-05-31_18-53-51-33353169c:\programdata\sysiwp\dt\2014-05-31_18-58-51-33653175c:\programdata\sysiwp\dt\2014-05-31_19-03-51-33953165c:\programdata\sysiwp\dt\2014-05-31_19-08-51-34253186c:\programdata\sysiwp\dt\2014-05-31_19-13-51-34553176c:\programdata\sysiwp\dt\2014-05-31_19-18-51-34853197c:\programdata\sysiwp\dt\2014-05-31_19-23-51-35153202c:\programdata\sysiwp\dt\2014-05-31_19-28-51-35453192c:\programdata\sysiwp\dt\2014-05-31_19-33-51-35753198c:\programdata\sysiwp\dt\2014-05-31_19-38-51-36053203c:\programdata\sysiwp\dt\2014-05-31_19-43-51-36353209c:\programdata\sysiwp\dt\2014-05-31_19-48-51-36653214c:\programdata\sysiwp\dt\2014-05-31_19-53-51-36953236c:\programdata\sysiwp\dt\2014-05-31_19-58-51-37253241c:\programdata\sysiwp\dt\2014-05-31_20-03-51-37553231c:\programdata\sysiwp\dt\2014-05-31_20-08-51-37853237c:\programdata\sysiwp\dt\2014-05-31_20-13-51-38153242c:\programdata\sysiwp\dt\2014-05-31_20-18-51-38453248c:\programdata\sysiwp\dt\2014-05-31_20-23-51-38753269c:\programdata\sysiwp\dt\2014-05-31_20-28-51-39053274c:\programdata\sysiwp\dt\2014-05-31_20-33-51-39353280c:\programdata\sysiwp\dt\2014-05-31_20-38-51-39653285c:\programdata\sysiwp\dt\2014-05-31_20-43-51-39953275c:\programdata\sysiwp\dt\2014-05-31_20-48-51-40253281c:\programdata\sysiwp\dt\2014-05-31_20-53-51-40553302c:\programdata\sysiwp\dt\2014-05-31_20-58-51-40853323c:\programdata\sysiwp\dt\2014-05-31_21-03-51-41153313c:\programdata\sysiwp\dt\2014-05-31_21-08-51-41453303c:\programdata\sysiwp\dt\2014-05-31_21-13-51-41753308c:\programdata\sysiwp\dt\2014-05-31_21-18-51-42053329c:\programdata\sysiwp\dt\2014-05-31_21-23-51-42353319c:\programdata\sysiwp\dt\2014-05-31_21-28-51-42653340c:\programdata\sysiwp\dt\2014-05-31_21-33-51-42953330c:\programdata\sysiwp\dt\2014-05-31_21-38-51-43253352c:\programdata\sysiwp\dt\2014-05-31_21-43-51-43553357c:\programdata\sysiwp\dt\2014-05-31_21-48-51-43853363c:\programdata\sysiwp\dt\2014-05-31_21-53-51-44153368c:\programdata\sysiwp\dt\2014-05-31_21-58-51-44453374c:\programdata\sysiwp\dt\2014-05-31_22-03-51-44753379c:\programdata\sysiwp\dt\2014-05-31_22-08-51-45053385c:\programdata\sysiwp\dt\2014-05-31_22-13-51-45353390c:\programdata\sysiwp\dt\2014-05-31_22-18-51-45653380c:\programdata\sysiwp\dt\2014-05-31_22-23-51-45953401c:\programdata\sysiwp\dt\2014-05-31_22-28-51-46253391c:\programdata\sysiwp\dt\2014-05-31_22-33-51-46553412c:\programdata\sysiwp\dt\2014-05-31_22-38-51-46853402c:\programdata\sysiwp\dt\2014-05-31_22-43-51-47153408c:\programdata\sysiwp\dt\2014-05-31_22-48-51-47453413c:\programdata\sysiwp\dt\2014-05-31_22-53-51-47753434c:\programdata\sysiwp\dt\2014-05-31_22-58-51-48053440c:\programdata\sysiwp\dt\2014-05-31_23-03-51-48353445c:\programdata\sysiwp\dt\2014-05-31_23-08-51-48653451c:\programdata\sysiwp\dt\2014-05-31_23-13-51-48953441c:\programdata\sysiwp\dt\2014-05-31_23-18-51-49253462c:\programdata\sysiwp\dt\2014-05-31_23-23-51-49553452c:\programdata\sysiwp\dt\2014-05-31_23-28-51-49853473c:\programdata\sysiwp\dt\2014-05-31_23-33-50-50153463c:\programdata\sysiwp\dt\2014-05-31_23-38-50-50453484c:\programdata\sysiwp\dt\2014-05-31_23-43-50-50753490c:\programdata\sysiwp\dt\2014-05-31_23-48-50-51053495c:\programdata\sysiwp\dt\2014-05-31_23-53-50-51353485c:\programdata\sysiwp\dt\2014-05-31_23-58-50-51653506c:\programdata\sysiwp\dt\2014-06-01_00-03-50-51953512c:\programdata\sysiwp\dt\2014-06-01_00-08-50-52253517c:\programdata\sysiwp\dt\2014-06-01_00-13-50-52553523c:\programdata\sysiwp\dt\2014-06-01_00-18-50-52853528c:\programdata\sysiwp\dt\2014-06-01_00-23-50-53153534c:\programdata\sysiwp\dt\2014-06-01_00-28-50-53453539c:\programdata\sysiwp\dt\2014-06-01_00-33-50-53753545c:\programdata\sysiwp\dt\2014-06-01_00-38-50-54053535c:\programdata\sysiwp\dt\2014-06-01_00-43-50-54353556c:\programdata\sysiwp\dt\2014-06-01_00-48-50-54653561c:\programdata\sysiwp\dt\2014-06-01_00-53-50-54953567c:\programdata\sysiwp\dt\2014-06-01_00-58-50-55253572c:\programdata\sysiwp\dt\2014-06-01_01-03-50-55553578c:\programdata\sysiwp\dt\2014-06-01_01-08-50-55853568c:\programdata\sysiwp\dt\2014-06-01_01-13-50-56153589c:\programdata\sysiwp\dt\2014-06-01_01-18-50-56453595c:\programdata\sysiwp\dt\2014-06-01_01-23-50-56753600c:\programdata\sysiwp\dt\2014-06-01_01-28-50-57053606c:\programdata\sysiwp\dt\2014-06-01_01-33-50-57353595c:\programdata\sysiwp\dt\2014-06-01_01-38-50-57653617c:\programdata\sysiwp\dt\2014-06-01_01-43-50-57953607c:\programdata\sysiwp\dt\2014-06-01_01-48-50-58253628c:\programdata\sysiwp\dt\2014-06-01_01-53-50-58553633c:\programdata\sysiwp\dt\2014-06-01_01-58-50-58853639c:\programdata\sysiwp\dt\2014-06-01_02-03-50-59153629c:\programdata\sysiwp\dt\2014-06-01_02-08-50-59453650c:\programdata\sysiwp\dt\2014-06-01_02-13-50-59753671c:\programdata\sysiwp\dt\2014-06-01_02-18-50-60053645c:\programdata\sysiwp\dt\2014-06-01_02-23-50-60353666c:\programdata\sysiwp\dt\2014-06-01_02-28-50-60653672c:\programdata\sysiwp\dt\2014-06-01_02-33-50-60953693c:\programdata\sysiwp\dt\2014-06-01_02-38-50-61253683c:\programdata\sysiwp\dt\2014-06-01_02-43-50-61553704c:\programdata\sysiwp\dt\2014-06-01_02-48-50-61853694c:\programdata\sysiwp\dt\2014-06-01_02-53-50-62153699c:\programdata\sysiwp\dt\2014-06-01_02-58-50-62453721c:\programdata\sysiwp\dt\2014-06-01_03-03-50-62753710c:\programdata\sysiwp\dt\2014-06-01_03-08-50-63053716c:\programdata\sysiwp\dt\2014-06-01_03-13-50-63353722c:\programdata\sysiwp\dt\2014-06-01_03-18-50-63653758c:\programdata\sysiwp\dt\2014-06-01_03-23-50-63953748c:\programdata\sysiwp\dt\2014-06-01_03-28-50-64253738c:\programdata\sysiwp\dt\2014-06-01_03-33-50-64553744c:\programdata\sysiwp\dt\2014-06-01_03-38-50-64853749c:\programdata\sysiwp\dt\2014-06-01_03-43-50-65153739c:\programdata\sysiwp\dt\2014-06-01_03-48-50-65453760c:\programdata\sysiwp\dt\2014-06-01_03-53-50-65753781c:\programdata\sysiwp\dt\2014-06-01_03-58-50-66053771c:\programdata\sysiwp\dt\2014-06-01_04-03-50-66353792c:\programdata\sysiwp\dt\2014-06-01_04-08-50-66653782c:\programdata\sysiwp\dt\2014-06-01_04-13-50-66953788c:\programdata\sysiwp\dt\2014-06-01_04-18-50-67253825c:\programdata\sysiwp\dt\2014-06-01_04-23-50-67553799c:\programdata\sysiwp\dt\2014-06-01_04-28-50-67853789c:\programdata\sysiwp\dt\2014-06-01_04-33-50-68153825c:\programdata\sysiwp\dt\2014-06-01_04-38-50-68453815c:\programdata\sysiwp\dt\2014-06-01_04-43-50-68753837c:\programdata\sysiwp\dt\2014-06-01_04-48-50-69053826c:\programdata\sysiwp\dt\2014-06-01_04-53-50-69353832c:\programdata\sysiwp\dt\2014-06-01_04-58-50-69653853c:\programdata\sysiwp\dt\2014-06-01_05-03-50-69953874c:\programdata\sysiwp\dt\2014-06-01_05-08-50-70253880c:\programdata\sysiwp\dt\2014-06-01_05-13-50-70553870c:\programdata\sysiwp\dt\2014-06-01_05-18-50-70853860c:\programdata\sysiwp\dt\2014-06-01_05-23-50-71153865c:\programdata\sysiwp\dt\2014-06-01_05-28-50-71453902c:\programdata\sysiwp\dt\2014-06-01_05-33-50-71753876c:\programdata\sysiwp\dt\2014-06-01_05-38-50-72053882c:\programdata\sysiwp\dt\2014-06-01_05-43-50-72353887c:\programdata\sysiwp\dt\2014-06-01_05-48-50-72653893c:\programdata\sysiwp\dt\2014-06-01_05-53-50-72953883c:\programdata\sysiwp\dt\2014-06-01_05-58-50-73253919c:\programdata\sysiwp\dt\2014-06-01_06-03-50-73553909c:\programdata\sysiwp\dt\2014-06-01_06-08-50-73853915c:\programdata\sysiwp\dt\2014-06-01_06-13-50-74153936c:\programdata\sysiwp\dt\2014-06-01_06-18-50-74453941c:\programdata\sysiwp\dt\2014-06-01_06-23-50-74753931c:\programdata\sysiwp\dt\2014-06-01_06-28-50-75053937c:\programdata\sysiwp\dt\2014-06-01_06-33-50-75353942c:\programdata\sysiwp\dt\2014-06-01_06-38-50-75653932c:\programdata\sysiwp\dt\2014-06-01_06-43-50-75953969c:\programdata\sysiwp\dt\2014-06-01_06-48-49-76253959c:\programdata\sysiwp\dt\2014-06-01_06-53-49-76553965c:\programdata\sysiwp\dt\2014-06-01_06-58-49-76853986c:\programdata\sysiwp\dt\2014-06-01_07-03-49-77153960c:\programdata\sysiwp\dt\2014-06-01_07-08-49-77453981c:\programdata\sysiwp\dt\2014-06-01_07-13-49-77753971c:\programdata\sysiwp\dt\2014-06-01_07-18-49-78053992c:\programdata\sysiwp\dt\2014-06-01_07-23-49-78353982c:\programdata\sysiwp\dt\2014-06-01_07-28-49-78654003c:\programdata\sysiwp\dt\2014-06-01_07-33-49-78954009c:\programdata\sysiwp\dt\2014-06-01_07-38-49-79253999c:\programdata\sysiwp\dt\2014-06-01_07-43-49-79554020c:\programdata\sysiwp\dt\2014-06-01_07-48-49-79854025c:\programdata\sysiwp\dt\2014-06-01_07-53-49-80154031c:\programdata\sysiwp\dt\2014-06-01_07-58-49-80454021c:\programdata\sysiwp\dt\2014-06-01_08-03-49-80754042c:\programdata\sysiwp\dt\2014-06-01_08-08-49-81054032c:\programdata\sysiwp\dt\2014-06-01_08-13-49-81354053c:\programdata\sysiwp\dt\2014-06-01_08-18-49-81654058c:\programdata\sysiwp\dt\2014-06-01_08-23-49-81954064c:\programdata\sysiwp\dt\2014-06-01_08-28-49-82254069c:\programdata\sysiwp\dt\2014-06-01_08-33-49-82554075c:\programdata\sysiwp\dt\2014-06-01_08-38-49-82854081c:\programdata\sysiwp\dt\2014-06-01_08-43-49-83154086c:\programdata\sysiwp\dt\2014-06-01_08-48-49-83454092c:\programdata\sysiwp\dt\2014-06-01_08-53-49-83754081c:\programdata\sysiwp\dt\2014-06-01_08-58-49-84054103c:\programdata\sysiwp\dt\2014-06-01_09-03-49-84354093c:\programdata\sysiwp\dt\2014-06-01_09-08-49-84654114c:\programdata\sysiwp\dt\2014-06-01_09-13-49-84954119c:\programdata\sysiwp\dt\2014-06-01_09-18-49-85254125c:\programdata\sysiwp\dt\2014-06-01_09-23-49-85554130c:\programdata\sysiwp\dt\2014-06-01_09-28-49-85854120c:\programdata\sysiwp\dt\2014-06-01_09-33-49-86154141c:\programdata\sysiwp\dt\2014-06-01_09-38-49-86454131c:\programdata\sysiwp\dt\2014-06-01_09-43-49-86754152c:\programdata\sysiwp\dt\2014-06-01_09-48-49-87054158c:\programdata\sysiwp\dt\2014-06-01_09-53-49-87354163c:\programdata\sysiwp\dt\2014-06-01_09-58-49-87654169c:\programdata\sysiwp\dt\2014-06-01_10-03-49-87954174c:\programdata\sysiwp\dt\2014-06-01_10-08-49-88254180c:\programdata\sysiwp\dt\2014-06-01_10-13-49-88554185c:\programdata\sysiwp\dt\2014-06-01_10-18-49-88854207c:\programdata\sysiwp\dt\2014-06-01_10-23-49-89154181c:\programdata\sysiwp\dt\2014-06-01_10-28-49-89454202c:\programdata\sysiwp\dt\2014-06-01_10-33-49-89754208c:\programdata\sysiwp\dt\2014-06-01_10-42-34-90279166c:\programdata\sysiwp\dt\2014-06-01_10-47-34-90579172c:\programdata\sysiwp\dt\2014-06-01_10-52-34-90879162c:\programdata\sysiwp\dt\2014-06-01_10-57-34-91179183c:\programdata\sysiwp\dt\2014-06-01_11-02-34-91479173c:\programdata\sysiwp\dt\2014-06-01_11-07-34-91779194c:\programdata\sysiwp\dt\2014-06-01_11-12-34-92079184c:\programdata\sysiwp\dt\2014-06-01_11-17-34-92379205c:\programdata\sysiwp\dt\2014-06-01_11-22-34-92679226c:\programdata\sysiwp\dt\2014-06-01_11-27-34-92979216c:\programdata\sysiwp\dt\2014-06-01_11-32-34-93279222c:\programdata\sysiwp\dt\2014-06-01_11-37-34-93579227c:\programdata\sysiwp\dt\2014-06-01_11-42-34-93879233c:\programdata\sysiwp\dt\2014-06-01_11-47-34-94179238c:\programdata\sysiwp\dt\2014-06-01_11-52-34-94479244c:\programdata\sysiwp\dt\2014-06-01_11-57-34-94779234c:\programdata\sysiwp\dt\2014-06-01_12-02-34-95079255c:\programdata\sysiwp\dt\2014-06-01_12-07-34-95379245c:\programdata\sysiwp\dt\2014-06-01_12-12-34-95679266c:\programdata\sysiwp\dt\2014-06-01_12-17-34-95979256c:\programdata\sysiwp\dt\2014-06-01_12-22-34-96279277c:\programdata\sysiwp\dt\2014-06-01_12-27-34-96579267c:\programdata\sysiwp\dt\2014-06-01_12-32-34-96879288c:\programdata\sysiwp\dt\2014-06-01_12-37-34-97179294c:\programdata\sysiwp\dt\2014-06-01_12-42-34-97479283c:\programdata\sysiwp\dt\2014-06-01_12-47-34-97779305c:\programdata\sysiwp\dt\2014-06-01_12-52-34-98079294c:\programdata\sysiwp\dt\2014-06-01_12-57-34-98379316c:\programdata\sysiwp\dt\2014-06-01_13-02-34-98679306c:\programdata\sysiwp\dt\2014-06-01_13-07-34-98979327c:\programdata\sysiwp\dt\2014-06-01_13-12-34-99279332c:\programdata\sysiwp\dt\2014-06-01_13-17-34-99579338c:\programdata\sysiwp\dt\2014-06-01_13-22-34-99879359c:\programdata\sysiwp\dt\2014-06-01_13-27-34-100179349c:\programdata\sysiwp\dt\2014-06-01_13-32-34-100479354c:\programdata\sysiwp\dt\2014-06-01_13-37-34-100779360c:\programdata\sysiwp\dt\2014-06-01_13-42-33-101079365c:\programdata\sysiwp\dt\2014-06-01_13-47-33-101379355c:\programdata\sysiwp\dt\2014-06-01_13-52-33-101679376c:\programdata\sysiwp\dt\2014-06-01_13-57-33-101979397c:\programdata\sysiwp\dt\2014-06-01_14-02-33-102279387c:\programdata\sysiwp\dt\2014-06-01_14-07-33-102579377c:\programdata\sysiwp\dt\2014-06-01_14-12-33-102879383c:\programdata\sysiwp\dt\2014-06-01_14-17-33-103179404c:\programdata\sysiwp\dt\2014-06-01_14-22-33-103479394c:\programdata\sysiwp\dt\2014-06-01_14-27-33-103779399c:\programdata\sysiwp\dt\2014-06-01_14-32-33-104079405c:\programdata\sysiwp\dt\2014-06-01_14-37-33-104379426c:\programdata\sysiwp\dt\2014-06-01_14-42-33-104679432c:\programdata\sysiwp\dt\2014-06-01_14-47-33-104979437c:\programdata\sysiwp\dt\2014-06-01_14-52-33-105279427c:\programdata\sysiwp\dt\2014-06-01_14-57-33-105579433c:\programdata\sysiwp\dt\2014-06-01_15-02-33-105879454c:\programdata\sysiwp\dt\2014-06-01_15-07-33-106179459c:\programdata\sysiwp\dt\2014-06-01_15-12-33-106479465c:\programdata\sysiwp\dt\2014-06-01_15-17-33-106779455c:\programdata\sysiwp\dt\2014-06-01_15-22-33-107079476c:\programdata\sysiwp\dt\2014-06-01_15-27-33-107379481c:\programdata\sysiwp\dt\2014-06-01_15-32-33-107679487c:\programdata\sysiwp\dt\2014-06-01_15-37-33-107979492c:\programdata\sysiwp\dt\2014-06-01_15-42-33-108279498c:\programdata\sysiwp\dt\2014-06-01_15-47-33-108579503c:\programdata\sysiwp\dt\2014-06-01_15-52-33-108879509c:\programdata\sysiwp\dt\2014-06-01_15-57-33-109179499c:\programdata\sysiwp\dt\2014-06-01_16-02-33-109479504c:\programdata\sysiwp\dt\2014-06-01_16-07-33-109779525c:\programdata\sysiwp\dt\2014-06-01_16-12-33-110079531c:\programdata\sysiwp\dt\2014-06-01_16-17-33-110379537c:\programdata\sysiwp\dt\2014-06-01_16-22-33-110679526c:\programdata\sysiwp\dt\2014-06-01_16-27-33-110979548c:\programdata\sysiwp\dt\2014-06-01_16-32-33-111279537c:\programdata\sysiwp\dt\2014-06-01_16-37-33-111579559c:\programdata\sysiwp\dt\2014-06-01_16-42-33-111879564c:\programdata\sysiwp\dt\2014-06-01_16-47-33-112179570c:\programdata\sysiwp\dt\2014-06-01_16-52-33-112479560c:\programdata\sysiwp\dt\2014-06-01_16-57-33-112779565c:\programdata\sysiwp\dt\2014-06-01_17-02-33-113079571c:\programdata\sysiwp\dt\2014-06-01_17-07-33-113379576c:\programdata\sysiwp\dt\2014-06-01_17-12-33-113679597c:\programdata\sysiwp\dt\2014-06-01_17-17-33-113979587c:\programdata\sysiwp\dt\2014-06-01_17-22-33-114279593c:\programdata\sysiwp\dt\2014-06-01_17-27-33-114579598c:\programdata\sysiwp\dt\2014-06-01_17-32-33-114879619c:\programdata\sysiwp\dt\2014-06-01_17-37-33-115179609c:\programdata\sysiwp\dt\2014-06-01_17-42-33-115479630c:\programdata\sysiwp\dt\2014-06-01_17-47-33-115779620c:\programdata\sysiwp\dt\2014-06-01_17-52-33-116079641c:\programdata\sysiwp\dt\2014-06-01_17-57-33-116379647c:\programdata\sysiwp\dt\2014-06-01_18-02-33-116679652c:\programdata\sysiwp\dt\2014-06-01_18-07-33-116979658c:\programdata\sysiwp\dt\2014-06-01_18-12-33-117279664c:\programdata\sysiwp\dt\2014-06-01_18-17-33-117579653c:\programdata\sysiwp\dt\2014-06-01_18-22-33-117879659c:\programdata\sysiwp\dt\2014-06-01_18-27-33-118179680c:\programdata\sysiwp\dt\2014-06-01_18-32-33-118479670c:\programdata\sysiwp\dt\2014-06-01_18-37-33-118779691c:\programdata\sysiwp\dt\2014-06-01_18-42-33-119079681c:\programdata\sysiwp\dt\2014-06-01_18-47-33-119379702c:\programdata\sysiwp\dt\2014-06-01_18-52-33-119679708c:\programdata\sysiwp\dt\2014-06-01_18-57-33-119979713c:\programdata\sysiwp\dt\2014-06-01_19-02-33-120279703c:\programdata\sysiwp\dt\2014-06-01_19-07-33-120579724c:\programdata\sysiwp\dt\2014-06-01_19-12-33-120879730c:\programdata\sysiwp\dt\2014-06-01_19-17-33-121179720c:\programdata\sysiwp\dt\2014-06-01_19-22-33-121479725c:\programdata\sysiwp\dt\2014-06-01_19-27-33-121779731c:\programdata\sysiwp\dt\2014-06-01_19-32-33-122079736c:\programdata\sysiwp\dt\2014-06-01_19-37-33-122379742c:\programdata\sysiwp\dt\2014-06-01_19-42-33-122679747c:\programdata\sysiwp\dt\2014-06-01_19-47-33-122979768c:\programdata\sysiwp\dt\2014-06-01_19-52-33-123279774c:\programdata\sysiwp\help.chmc:\programdata\sysiwp\install.binc:\programdata\sysiwp\install.logc:\programdata\sysiwp\pkl.binc:\programdata\sysiwp\sysiwpconfigure.exec:\programdata\sysiwp\sysiwphk.dllc:\programdata\sysiwp\sysiwpi.dllc:\programdata\sysiwp\sysiwpr.exec:\programdata\sysiwp\sysiwpvw.exec:\programdata\sysiwp\sysiwpwb.dllc:\programdata\sysiwp\web.dtc:\users\All Users\sysiwp\bpk.dtc:\users\All Users\sysiwp\dt\2014-05-31_16-28-51-24653009c:\users\All Users\sysiwp\dt\2014-05-31_16-33-51-24952999c:\users\All Users\sysiwp\dt\2014-05-31_16-38-51-25253005c:\users\All Users\sysiwp\dt\2014-05-31_16-43-51-25553010c:\users\All Users\sysiwp\dt\2014-05-31_16-48-51-25853031c:\users\All Users\sysiwp\dt\2014-05-31_16-53-51-26153021c:\users\All Users\sysiwp\dt\2014-05-31_16-58-51-26453042c:\users\All Users\sysiwp\dt\2014-05-31_17-03-51-26753048c:\users\All Users\sysiwp\dt\2014-05-31_17-08-51-27053053c:\users\All Users\sysiwp\dt\2014-05-31_17-13-51-27353059c:\users\All Users\sysiwp\dt\2014-05-31_17-18-51-27653064c:\users\All Users\sysiwp\dt\2014-05-31_17-23-51-27953070c:\users\All Users\sysiwp\dt\2014-05-31_17-28-51-28253060c:\users\All Users\sysiwp\dt\2014-05-31_17-33-51-28553081c:\users\All Users\sysiwp\dt\2014-05-31_17-38-51-28853071c:\users\All Users\sysiwp\dt\2014-05-31_17-43-51-29153092c:\users\All Users\sysiwp\dt\2014-05-31_17-48-51-29453082c:\users\All Users\sysiwp\dt\2014-05-31_17-53-51-29753103c:\users\All Users\sysiwp\dt\2014-05-31_17-58-51-30053093c:\users\All Users\sysiwp\dt\2014-05-31_18-03-51-30353114c:\users\All Users\sysiwp\dt\2014-05-31_18-08-51-30653104c:\users\All Users\sysiwp\dt\2014-05-31_18-13-51-30953125c:\users\All Users\sysiwp\dt\2014-05-31_18-18-51-31253115c:\users\All Users\sysiwp\dt\2014-05-31_18-23-51-31553136c:\users\All Users\sysiwp\dt\2014-05-31_18-28-51-31853126c:\users\All Users\sysiwp\dt\2014-05-31_18-33-51-32153147c:\users\All Users\sysiwp\dt\2014-05-31_18-38-51-32453153c:\users\All Users\sysiwp\dt\2014-05-31_18-43-51-32753158c:\users\All Users\sysiwp\dt\2014-05-31_18-48-51-33053164c:\users\All Users\sysiwp\dt\2014-05-31_18-53-51-33353169c:\users\All Users\sysiwp\dt\2014-05-31_18-58-51-33653175c:\users\All Users\sysiwp\dt\2014-05-31_19-03-51-33953165c:\users\All Users\sysiwp\dt\2014-05-31_19-08-51-34253186c:\users\All Users\sysiwp\dt\2014-05-31_19-13-51-34553176c:\users\All Users\sysiwp\dt\2014-05-31_19-18-51-34853197c:\users\All Users\sysiwp\dt\2014-05-31_19-23-51-35153202c:\users\All Users\sysiwp\dt\2014-05-31_19-28-51-35453192c:\users\All Users\sysiwp\dt\2014-05-31_19-33-51-35753198c:\users\All Users\sysiwp\dt\2014-05-31_19-38-51-36053203c:\users\All Users\sysiwp\dt\2014-05-31_19-43-51-36353209c:\users\All Users\sysiwp\dt\2014-05-31_19-48-51-36653214c:\users\All Users\sysiwp\dt\2014-05-31_19-53-51-36953236c:\users\All Users\sysiwp\dt\2014-05-31_19-58-51-37253241c:\users\All Users\sysiwp\dt\2014-05-31_20-03-51-37553231c:\users\All Users\sysiwp\dt\2014-05-31_20-08-51-37853237c:\users\All Users\sysiwp\dt\2014-05-31_20-13-51-38153242c:\users\All Users\sysiwp\dt\2014-05-31_20-18-51-38453248c:\users\All Users\sysiwp\dt\2014-05-31_20-23-51-38753269c:\users\All Users\sysiwp\dt\2014-05-31_20-28-51-39053274c:\users\All Users\sysiwp\dt\2014-05-31_20-33-51-39353280c:\users\All Users\sysiwp\dt\2014-05-31_20-38-51-39653285c:\users\All Users\sysiwp\dt\2014-05-31_20-43-51-39953275c:\users\All Users\sysiwp\dt\2014-05-31_20-48-51-40253281c:\users\All Users\sysiwp\dt\2014-05-31_20-53-51-40553302c:\users\All Users\sysiwp\dt\2014-05-31_20-58-51-40853323c:\users\All Users\sysiwp\dt\2014-05-31_21-03-51-41153313c:\users\All Users\sysiwp\dt\2014-05-31_21-08-51-41453303c:\users\All Users\sysiwp\dt\2014-05-31_21-13-51-41753308c:\users\All Users\sysiwp\dt\2014-05-31_21-18-51-42053329c:\users\All Users\sysiwp\dt\2014-05-31_21-23-51-42353319c:\users\All Users\sysiwp\dt\2014-05-31_21-28-51-42653340c:\users\All Users\sysiwp\dt\2014-05-31_21-33-51-42953330c:\users\All Users\sysiwp\dt\2014-05-31_21-38-51-43253352c:\users\All Users\sysiwp\dt\2014-05-31_21-43-51-43553357c:\users\All Users\sysiwp\dt\2014-05-31_21-48-51-43853363c:\users\All Users\sysiwp\dt\2014-05-31_21-53-51-44153368c:\users\All Users\sysiwp\dt\2014-05-31_21-58-51-44453374c:\users\All Users\sysiwp\dt\2014-05-31_22-03-51-44753379c:\users\All Users\sysiwp\dt\2014-05-31_22-08-51-45053385c:\users\All Users\sysiwp\dt\2014-05-31_22-13-51-45353390c:\users\All Users\sysiwp\dt\2014-05-31_22-18-51-45653380c:\users\All Users\sysiwp\dt\2014-05-31_22-23-51-45953401c:\users\All Users\sysiwp\dt\2014-05-31_22-28-51-46253391c:\users\All Users\sysiwp\dt\2014-05-31_22-33-51-46553412c:\users\All Users\sysiwp\dt\2014-05-31_22-38-51-46853402c:\users\All Users\sysiwp\dt\2014-05-31_22-43-51-47153408c:\users\All Users\sysiwp\dt\2014-05-31_22-48-51-47453413c:\users\All Users\sysiwp\dt\2014-05-31_22-53-51-47753434c:\users\All Users\sysiwp\dt\2014-05-31_22-58-51-48053440c:\users\All Users\sysiwp\dt\2014-05-31_23-03-51-48353445c:\users\All Users\sysiwp\dt\2014-05-31_23-08-51-48653451c:\users\All Users\sysiwp\dt\2014-05-31_23-13-51-48953441c:\users\All Users\sysiwp\dt\2014-05-31_23-18-51-49253462c:\users\All Users\sysiwp\dt\2014-05-31_23-23-51-49553452c:\users\All Users\sysiwp\dt\2014-05-31_23-28-51-49853473c:\users\All Users\sysiwp\dt\2014-05-31_23-33-50-50153463c:\users\All Users\sysiwp\dt\2014-05-31_23-38-50-50453484c:\users\All Users\sysiwp\dt\2014-05-31_23-43-50-50753490c:\users\All Users\sysiwp\dt\2014-05-31_23-48-50-51053495c:\users\All Users\sysiwp\dt\2014-05-31_23-53-50-51353485c:\users\All Users\sysiwp\dt\2014-05-31_23-58-50-51653506c:\users\All Users\sysiwp\dt\2014-06-01_00-03-50-51953512c:\users\All Users\sysiwp\dt\2014-06-01_00-08-50-52253517c:\users\All Users\sysiwp\dt\2014-06-01_00-13-50-52553523c:\users\All Users\sysiwp\dt\2014-06-01_00-18-50-52853528c:\users\All Users\sysiwp\dt\2014-06-01_00-23-50-53153534c:\users\All Users\sysiwp\dt\2014-06-01_00-28-50-53453539c:\users\All Users\sysiwp\dt\2014-06-01_00-33-50-53753545c:\users\All Users\sysiwp\dt\2014-06-01_00-38-50-54053535c:\users\All Users\sysiwp\dt\2014-06-01_00-43-50-54353556c:\users\All Users\sysiwp\dt\2014-06-01_00-48-50-54653561c:\users\All Users\sysiwp\dt\2014-06-01_00-53-50-54953567c:\users\All Users\sysiwp\dt\2014-06-01_00-58-50-55253572c:\users\All Users\sysiwp\dt\2014-06-01_01-03-50-55553578c:\users\All Users\sysiwp\dt\2014-06-01_01-08-50-55853568c:\users\All Users\sysiwp\dt\2014-06-01_01-13-50-56153589c:\users\All Users\sysiwp\dt\2014-06-01_01-18-50-56453595c:\users\All Users\sysiwp\dt\2014-06-01_01-23-50-56753600c:\users\All Users\sysiwp\dt\2014-06-01_01-28-50-57053606c:\users\All Users\sysiwp\dt\2014-06-01_01-33-50-57353595c:\users\All Users\sysiwp\dt\2014-06-01_01-38-50-57653617c:\users\All Users\sysiwp\dt\2014-06-01_01-43-50-57953607c:\users\All Users\sysiwp\dt\2014-06-01_01-48-50-58253628c:\users\All Users\sysiwp\dt\2014-06-01_01-53-50-58553633c:\users\All Users\sysiwp\dt\2014-06-01_01-58-50-58853639c:\users\All Users\sysiwp\dt\2014-06-01_02-03-50-59153629c:\users\All Users\sysiwp\dt\2014-06-01_02-08-50-59453650c:\users\All Users\sysiwp\dt\2014-06-01_02-13-50-59753671c:\users\All Users\sysiwp\dt\2014-06-01_02-18-50-60053645c:\users\All Users\sysiwp\dt\2014-06-01_02-23-50-60353666c:\users\All Users\sysiwp\dt\2014-06-01_02-28-50-60653672c:\users\All Users\sysiwp\dt\2014-06-01_02-33-50-60953693c:\users\All Users\sysiwp\dt\2014-06-01_02-38-50-61253683c:\users\All Users\sysiwp\dt\2014-06-01_02-43-50-61553704c:\users\All Users\sysiwp\dt\2014-06-01_02-48-50-61853694c:\users\All Users\sysiwp\dt\2014-06-01_02-53-50-62153699c:\users\All Users\sysiwp\dt\2014-06-01_02-58-50-62453721c:\users\All Users\sysiwp\dt\2014-06-01_03-03-50-62753710c:\users\All Users\sysiwp\dt\2014-06-01_03-08-50-63053716c:\users\All Users\sysiwp\dt\2014-06-01_03-13-50-63353722c:\users\All Users\sysiwp\dt\2014-06-01_03-18-50-63653758c:\users\All Users\sysiwp\dt\2014-06-01_03-23-50-63953748c:\users\All Users\sysiwp\dt\2014-06-01_03-28-50-64253738c:\users\All Users\sysiwp\dt\2014-06-01_03-33-50-64553744c:\users\All Users\sysiwp\dt\2014-06-01_03-38-50-64853749c:\users\All Users\sysiwp\dt\2014-06-01_03-43-50-65153739c:\users\All Users\sysiwp\dt\2014-06-01_03-48-50-65453760c:\users\All Users\sysiwp\dt\2014-06-01_03-53-50-65753781c:\users\All Users\sysiwp\dt\2014-06-01_03-58-50-66053771c:\users\All Users\sysiwp\dt\2014-06-01_04-03-50-66353792c:\users\All Users\sysiwp\dt\2014-06-01_04-08-50-66653782c:\users\All Users\sysiwp\dt\2014-06-01_04-13-50-66953788c:\users\All Users\sysiwp\dt\2014-06-01_04-18-50-67253825c:\users\All Users\sysiwp\dt\2014-06-01_04-23-50-67553799c:\users\All Users\sysiwp\dt\2014-06-01_04-28-50-67853789c:\users\All Users\sysiwp\dt\2014-06-01_04-33-50-68153825c:\users\All Users\sysiwp\dt\2014-06-01_04-38-50-68453815c:\users\All Users\sysiwp\dt\2014-06-01_04-43-50-68753837c:\users\All Users\sysiwp\dt\2014-06-01_04-48-50-69053826c:\users\All Users\sysiwp\dt\2014-06-01_04-53-50-69353832c:\users\All Users\sysiwp\dt\2014-06-01_04-58-50-69653853c:\users\All Users\sysiwp\dt\2014-06-01_05-03-50-69953874c:\users\All Users\sysiwp\dt\2014-06-01_05-08-50-70253880c:\users\All Users\sysiwp\dt\2014-06-01_05-13-50-70553870c:\users\All Users\sysiwp\dt\2014-06-01_05-18-50-70853860c:\users\All Users\sysiwp\dt\2014-06-01_05-23-50-71153865c:\users\All Users\sysiwp\dt\2014-06-01_05-28-50-71453902c:\users\All Users\sysiwp\dt\2014-06-01_05-33-50-71753876c:\users\All Users\sysiwp\dt\2014-06-01_05-38-50-72053882c:\users\All Users\sysiwp\dt\2014-06-01_05-43-50-72353887c:\users\All Users\sysiwp\dt\2014-06-01_05-48-50-72653893c:\users\All Users\sysiwp\dt\2014-06-01_05-53-50-72953883c:\users\All Users\sysiwp\dt\2014-06-01_05-58-50-73253919c:\users\All Users\sysiwp\dt\2014-06-01_06-03-50-73553909c:\users\All Users\sysiwp\dt\2014-06-01_06-08-50-73853915c:\users\All Users\sysiwp\dt\2014-06-01_06-13-50-74153936c:\users\All Users\sysiwp\dt\2014-06-01_06-18-50-74453941c:\users\All Users\sysiwp\dt\2014-06-01_06-23-50-74753931c:\users\All Users\sysiwp\dt\2014-06-01_06-28-50-75053937c:\users\All Users\sysiwp\dt\2014-06-01_06-33-50-75353942c:\users\All Users\sysiwp\dt\2014-06-01_06-38-50-75653932c:\users\All Users\sysiwp\dt\2014-06-01_06-43-50-75953969c:\users\All Users\sysiwp\dt\2014-06-01_06-48-49-76253959c:\users\All Users\sysiwp\dt\2014-06-01_06-53-49-76553965c:\users\All Users\sysiwp\dt\2014-06-01_06-58-49-76853986c:\users\All Users\sysiwp\dt\2014-06-01_07-03-49-77153960c:\users\All Users\sysiwp\dt\2014-06-01_07-08-49-77453981c:\users\All Users\sysiwp\dt\2014-06-01_07-13-49-77753971c:\users\All Users\sysiwp\dt\2014-06-01_07-18-49-78053992c:\users\All Users\sysiwp\dt\2014-06-01_07-23-49-78353982c:\users\All Users\sysiwp\dt\2014-06-01_07-28-49-78654003c:\users\All Users\sysiwp\dt\2014-06-01_07-33-49-78954009c:\users\All Users\sysiwp\dt\2014-06-01_07-38-49-79253999c:\users\All Users\sysiwp\dt\2014-06-01_07-43-49-79554020c:\users\All Users\sysiwp\dt\2014-06-01_07-48-49-79854025c:\users\All Users\sysiwp\dt\2014-06-01_07-53-49-80154031c:\users\All Users\sysiwp\dt\2014-06-01_07-58-49-80454021c:\users\All Users\sysiwp\dt\2014-06-01_08-03-49-80754042c:\users\All Users\sysiwp\dt\2014-06-01_08-08-49-81054032c:\users\All Users\sysiwp\dt\2014-06-01_08-13-49-81354053c:\users\All Users\sysiwp\dt\2014-06-01_08-18-49-81654058c:\users\All Users\sysiwp\dt\2014-06-01_08-23-49-81954064c:\users\All Users\sysiwp\dt\2014-06-01_08-28-49-82254069c:\users\All Users\sysiwp\dt\2014-06-01_08-33-49-82554075c:\users\All Users\sysiwp\dt\2014-06-01_08-38-49-82854081c:\users\All Users\sysiwp\dt\2014-06-01_08-43-49-83154086c:\users\All Users\sysiwp\dt\2014-06-01_08-48-49-83454092c:\users\All Users\sysiwp\dt\2014-06-01_08-53-49-83754081c:\users\All Users\sysiwp\dt\2014-06-01_08-58-49-84054103c:\users\All Users\sysiwp\dt\2014-06-01_09-03-49-84354093c:\users\All Users\sysiwp\dt\2014-06-01_09-08-49-84654114c:\users\All Users\sysiwp\dt\2014-06-01_09-13-49-84954119c:\users\All Users\sysiwp\dt\2014-06-01_09-18-49-85254125c:\users\All Users\sysiwp\dt\2014-06-01_09-23-49-85554130c:\users\All Users\sysiwp\dt\2014-06-01_09-28-49-85854120c:\users\All Users\sysiwp\dt\2014-06-01_09-33-49-86154141c:\users\All Users\sysiwp\dt\2014-06-01_09-38-49-86454131c:\users\All Users\sysiwp\dt\2014-06-01_09-43-49-86754152c:\users\All Users\sysiwp\dt\2014-06-01_09-48-49-87054158c:\users\All Users\sysiwp\dt\2014-06-01_09-53-49-87354163c:\users\All Users\sysiwp\dt\2014-06-01_09-58-49-87654169c:\users\All Users\sysiwp\dt\2014-06-01_10-03-49-87954174c:\users\All Users\sysiwp\dt\2014-06-01_10-08-49-88254180c:\users\All Users\sysiwp\dt\2014-06-01_10-13-49-88554185c:\users\All Users\sysiwp\dt\2014-06-01_10-18-49-88854207c:\users\All Users\sysiwp\dt\2014-06-01_10-23-49-89154181c:\users\All Users\sysiwp\dt\2014-06-01_10-28-49-89454202c:\users\All Users\sysiwp\dt\2014-06-01_10-33-49-89754208c:\users\All Users\sysiwp\dt\2014-06-01_10-42-34-90279166c:\users\All Users\sysiwp\dt\2014-06-01_10-47-34-90579172c:\users\All Users\sysiwp\dt\2014-06-01_10-52-34-90879162c:\users\All Users\sysiwp\dt\2014-06-01_10-57-34-91179183c:\users\All Users\sysiwp\dt\2014-06-01_11-02-34-91479173c:\users\All Users\sysiwp\dt\2014-06-01_11-07-34-91779194c:\users\All Users\sysiwp\dt\2014-06-01_11-12-34-92079184c:\users\All Users\sysiwp\dt\2014-06-01_11-17-34-92379205c:\users\All Users\sysiwp\dt\2014-06-01_11-22-34-92679226c:\users\All Users\sysiwp\dt\2014-06-01_11-27-34-92979216c:\users\All Users\sysiwp\dt\2014-06-01_11-32-34-93279222c:\users\All Users\sysiwp\dt\2014-06-01_11-37-34-93579227c:\users\All Users\sysiwp\dt\2014-06-01_11-42-34-93879233c:\users\All Users\sysiwp\dt\2014-06-01_11-47-34-94179238c:\users\All Users\sysiwp\dt\2014-06-01_11-52-34-94479244c:\users\All Users\sysiwp\dt\2014-06-01_11-57-34-94779234c:\users\All Users\sysiwp\dt\2014-06-01_12-02-34-95079255c:\users\All Users\sysiwp\dt\2014-06-01_12-07-34-95379245c:\users\All Users\sysiwp\dt\2014-06-01_12-12-34-95679266c:\users\All Users\sysiwp\dt\2014-06-01_12-17-34-95979256c:\users\All Users\sysiwp\dt\2014-06-01_12-22-34-96279277c:\users\All Users\sysiwp\dt\2014-06-01_12-27-34-96579267c:\users\All Users\sysiwp\dt\2014-06-01_12-32-34-96879288c:\users\All Users\sysiwp\dt\2014-06-01_12-37-34-97179294c:\users\All Users\sysiwp\dt\2014-06-01_12-42-34-97479283c:\users\All Users\sysiwp\dt\2014-06-01_12-47-34-97779305c:\users\All Users\sysiwp\dt\2014-06-01_12-52-34-98079294c:\users\All Users\sysiwp\dt\2014-06-01_12-57-34-98379316c:\users\All Users\sysiwp\dt\2014-06-01_13-02-34-98679306c:\users\All Users\sysiwp\dt\2014-06-01_13-07-34-98979327c:\users\All Users\sysiwp\dt\2014-06-01_13-12-34-99279332c:\users\All Users\sysiwp\dt\2014-06-01_13-17-34-99579338c:\users\All Users\sysiwp\dt\2014-06-01_13-22-34-99879359c:\users\All Users\sysiwp\dt\2014-06-01_13-27-34-100179349c:\users\All Users\sysiwp\dt\2014-06-01_13-32-34-100479354c:\users\All Users\sysiwp\dt\2014-06-01_13-37-34-100779360c:\users\All Users\sysiwp\dt\2014-06-01_13-42-33-101079365c:\users\All Users\sysiwp\dt\2014-06-01_13-47-33-101379355c:\users\All Users\sysiwp\dt\2014-06-01_13-52-33-101679376c:\users\All Users\sysiwp\dt\2014-06-01_13-57-33-101979397c:\users\All Users\sysiwp\dt\2014-06-01_14-02-33-102279387c:\users\All Users\sysiwp\dt\2014-06-01_14-07-33-102579377c:\users\All Users\sysiwp\dt\2014-06-01_14-12-33-102879383c:\users\All Users\sysiwp\dt\2014-06-01_14-17-33-103179404c:\users\All Users\sysiwp\dt\2014-06-01_14-22-33-103479394c:\users\All Users\sysiwp\dt\2014-06-01_14-27-33-103779399c:\users\All Users\sysiwp\dt\2014-06-01_14-32-33-104079405c:\users\All Users\sysiwp\dt\2014-06-01_14-37-33-104379426c:\users\All Users\sysiwp\dt\2014-06-01_14-42-33-104679432c:\users\All Users\sysiwp\dt\2014-06-01_14-47-33-104979437c:\users\All Users\sysiwp\dt\2014-06-01_14-52-33-105279427c:\users\All Users\sysiwp\dt\2014-06-01_14-57-33-105579433c:\users\All Users\sysiwp\dt\2014-06-01_15-02-33-105879454c:\users\All Users\sysiwp\dt\2014-06-01_15-07-33-106179459c:\users\All Users\sysiwp\dt\2014-06-01_15-12-33-106479465c:\users\All Users\sysiwp\dt\2014-06-01_15-17-33-106779455c:\users\All Users\sysiwp\dt\2014-06-01_15-22-33-107079476c:\users\All Users\sysiwp\dt\2014-06-01_15-27-33-107379481c:\users\All Users\sysiwp\dt\2014-06-01_15-32-33-107679487c:\users\All Users\sysiwp\dt\2014-06-01_15-37-33-107979492c:\users\All Users\sysiwp\dt\2014-06-01_15-42-33-108279498c:\users\All Users\sysiwp\dt\2014-06-01_15-47-33-108579503c:\users\All Users\sysiwp\dt\2014-06-01_15-52-33-108879509c:\users\All Users\sysiwp\dt\2014-06-01_15-57-33-109179499c:\users\All Users\sysiwp\dt\2014-06-01_16-02-33-109479504c:\users\All Users\sysiwp\dt\2014-06-01_16-07-33-109779525c:\users\All Users\sysiwp\dt\2014-06-01_16-12-33-110079531c:\users\All Users\sysiwp\dt\2014-06-01_16-17-33-110379537c:\users\All Users\sysiwp\dt\2014-06-01_16-22-33-110679526c:\users\All Users\sysiwp\dt\2014-06-01_16-27-33-110979548c:\users\All Users\sysiwp\dt\2014-06-01_16-32-33-111279537c:\users\All Users\sysiwp\dt\2014-06-01_16-37-33-111579559c:\users\All Users\sysiwp\dt\2014-06-01_16-42-33-111879564c:\users\All Users\sysiwp\dt\2014-06-01_16-47-33-112179570c:\users\All Users\sysiwp\dt\2014-06-01_16-52-33-112479560c:\users\All Users\sysiwp\dt\2014-06-01_16-57-33-112779565c:\users\All Users\sysiwp\dt\2014-06-01_17-02-33-113079571c:\users\All Users\sysiwp\dt\2014-06-01_17-07-33-113379576c:\users\All Users\sysiwp\dt\2014-06-01_17-12-33-113679597c:\users\All Users\sysiwp\dt\2014-06-01_17-17-33-113979587c:\users\All Users\sysiwp\dt\2014-06-01_17-22-33-114279593c:\users\All Users\sysiwp\dt\2014-06-01_17-27-33-114579598c:\users\All Users\sysiwp\dt\2014-06-01_17-32-33-114879619c:\users\All Users\sysiwp\dt\2014-06-01_17-37-33-115179609c:\users\All Users\sysiwp\dt\2014-06-01_17-42-33-115479630c:\users\All Users\sysiwp\dt\2014-06-01_17-47-33-115779620c:\users\All Users\sysiwp\dt\2014-06-01_17-52-33-116079641c:\users\All Users\sysiwp\dt\2014-06-01_17-57-33-116379647c:\users\All Users\sysiwp\dt\2014-06-01_18-02-33-116679652c:\users\All Users\sysiwp\dt\2014-06-01_18-07-33-116979658c:\users\All Users\sysiwp\dt\2014-06-01_18-12-33-117279664c:\users\All Users\sysiwp\dt\2014-06-01_18-17-33-117579653c:\users\All Users\sysiwp\dt\2014-06-01_18-22-33-117879659c:\users\All Users\sysiwp\dt\2014-06-01_18-27-33-118179680c:\users\All Users\sysiwp\dt\2014-06-01_18-32-33-118479670c:\users\All Users\sysiwp\dt\2014-06-01_18-37-33-118779691c:\users\All Users\sysiwp\dt\2014-06-01_18-42-33-119079681c:\users\All Users\sysiwp\dt\2014-06-01_18-47-33-119379702c:\users\All Users\sysiwp\dt\2014-06-01_18-52-33-119679708c:\users\All Users\sysiwp\dt\2014-06-01_18-57-33-119979713c:\users\All Users\sysiwp\dt\2014-06-01_19-02-33-120279703c:\users\All Users\sysiwp\dt\2014-06-01_19-07-33-120579724c:\users\All Users\sysiwp\dt\2014-06-01_19-12-33-120879730c:\users\All Users\sysiwp\dt\2014-06-01_19-17-33-121179720c:\users\All Users\sysiwp\dt\2014-06-01_19-22-33-121479725c:\users\All Users\sysiwp\dt\2014-06-01_19-27-33-121779731c:\users\All Users\sysiwp\dt\2014-06-01_19-32-33-122079736c:\users\All Users\sysiwp\dt\2014-06-01_19-37-33-122379742c:\users\All Users\sysiwp\dt\2014-06-01_19-42-33-122679747c:\users\All Users\sysiwp\dt\2014-06-01_19-47-33-122979768c:\users\All Users\sysiwp\dt\2014-06-01_19-52-33-123279774c:\users\All Users\sysiwp\help.chmc:\users\All Users\sysiwp\install.binc:\users\All Users\sysiwp\install.logc:\users\All Users\sysiwp\pkl.binc:\users\All Users\sysiwp\sysiwpconfigure.exec:\users\All Users\sysiwp\sysiwphk.dllc:\users\All Users\sysiwp\sysiwpi.dllc:\users\All Users\sysiwp\sysiwpr.exec:\users\All Users\sysiwp\sysiwpvw.exec:\users\All Users\sysiwp\sysiwpwb.dllc:\users\All Users\sysiwp\web.dtc:\windows\Installer\48270c.msic:\windows\SysWOW64\air.exe..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-02 11:08 . 2014-06-02 11:08 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-02 01:52 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EA0B2348-A4EF-4885-ADED-64CB50684965}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-02 11:11 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exec:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe.**************************************************************************.Completion time: 2014-06-02 07:17:41 - machine was rebootedComboFix-quarantined-files.txt 2014-06-02 11:17ComboFix2.txt 2014-06-02 01:25ComboFix3.txt 2012-05-26 00:37ComboFix4.txt 2012-05-25 11:02ComboFix5.txt 2014-06-02 10:43.Pre-Run: 440,775,299,072 bytes freePost-Run: 440,612,446,208 bytes free.- - End Of File - - 0C53CA91E455361784464A16A7B218C15C616939100B85E558DA92B899A0FC36
  14. Here's the ComboFix log....Thanks again for the help: ComboFix 14-05-29.01 - Sharon 06/01/2014 19:54:55.1.4 - x64Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6077.3352 [GMT -4:00]Running from: c:\users\Sharon\Downloads\ComboFix.exeAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\sysiwp\sysiwp.exec:\users\Sharon\AppData\Roaming\svfiles.logc:\windows\SysWow64\bidisp.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_BeFrugal.com Service..((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))..2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Public\AppData\Local\temp2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Dragonlady\AppData\Local\temp2014-06-02 00:14 . 2014-06-02 00:14 -------- d-----w- c:\users\Default\AppData\Local\temp2014-06-01 13:56 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EE01932E-AD7E-43C6-9150-6548CE75E33A}\mpengine.dll2014-06-01 01:16 . 2014-06-01 01:16 -------- d-----w- c:\program files (x86)\ESET2014-05-31 20:23 . 2014-06-02 00:14 -------- d--h--w- c:\programdata\sysiwp2014-05-31 16:37 . 2014-05-31 16:37 75376 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\breakpadinjector.dll2014-05-31 16:37 . 2014-05-31 16:37 46704 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\browser\components\browsercomps.dll2014-05-31 16:37 . 2014-05-31 16:37 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\D3DCompiler_43.dll2014-05-31 16:37 . 2014-05-31 16:37 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\AccessibleMarshal.dll2014-05-31 16:37 . 2014-05-31 16:37 305264 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\freebl3.dll2014-05-31 16:37 . 2014-05-31 16:37 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\firefox.exe2014-05-31 16:37 . 2014-05-31 16:37 117360 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\crashreporter.exe2014-05-31 16:37 . 2014-05-31 16:37 4881520 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\gkmedias.dll2014-05-31 16:37 . 2014-05-31 16:37 10594416 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icudt52.dll2014-05-31 16:37 . 2014-05-31 16:37 1266800 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuin52.dll2014-05-31 16:37 . 2014-05-31 16:37 965232 ----a-w- c:\program files (x86)\Mozilla Firefox\updated\icuuc52.dll2014-05-31 13:52 . 2014-05-31 13:52 -------- d-----w- c:\windows\ERUNT2014-05-31 13:34 . 2014-05-31 13:37 -------- d-----w- C:\AdwCleaner2014-05-31 12:33 . 2014-04-30 23:20 10702536 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2014-05-24 11:04 . 2014-05-01 20:00 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B8456C39-30B7-426C-B89F-E8CD6FA43BBF}\gapaengine.dll2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\users\Sharon\AppData\Roaming\Oracle2014-05-20 21:54 . 2014-05-20 21:54 -------- d-----w- c:\programdata\Oracle2014-05-20 21:53 . 2014-04-15 00:13 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-05-14 07:39 . 2014-03-25 16:30 12900864 ----a-w- c:\windows\system32\shell32.dll2014-05-14 07:39 . 2014-05-05 20:06 9348096 ----a-w- c:\windows\system32\mshtml.dll2014-05-14 07:39 . 2014-05-05 20:06 98304 ----a-w- c:\windows\system32\mshtmled.dll2014-05-14 07:39 . 2014-05-05 19:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb2014-05-14 07:39 . 2014-05-05 18:47 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-05-08 11:21 . 2014-05-08 11:21 188272 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\nppdf32.dll2014-05-07 11:15 . 2013-09-23 17:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-06-02 01:21 . 2014-04-28 23:28 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-05-28 11:48 . 2012-03-30 11:37 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-05-28 11:48 . 2011-06-14 11:40 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-05-15 07:02 . 2006-11-02 12:35 93223848 ----a-w- c:\windows\system32\mrt.exe2014-05-12 11:26 . 2014-04-28 23:28 64216 ----a-w- c:\windows\system32\drivers\mwac.sys2014-05-12 11:26 . 2014-04-28 23:28 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-05-12 11:25 . 2014-04-28 23:28 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-05-02 20:06 . 2014-05-02 20:06 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll2014-05-01 20:00 . 2013-12-07 00:38 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2014-04-01 02:46 . 2014-04-01 02:46 130712 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL2014-04-01 02:46 . 2014-04-01 02:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX2014-03-17 23:02 . 2012-06-04 11:40 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys2014-03-17 22:54 . 2012-06-04 11:40 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys2014-03-17 22:54 . 2012-06-02 23:26 185792 ----a-w- c:\windows\system32\mfevtps.exe2014-03-17 22:49 . 2012-02-22 17:29 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys2014-03-17 22:47 . 2012-06-04 11:40 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys2014-03-17 22:45 . 2012-06-04 11:40 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys2014-03-17 22:44 . 2012-02-22 17:29 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys2014-03-11 13:52 . 2013-06-19 02:50 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys2014-03-04 15:10 . 2014-04-09 11:29 1147392 ----a-w- c:\windows\system32\wininet.dll2014-03-04 15:09 . 2014-04-09 11:29 1490432 ----a-w- c:\windows\system32\urlmon.dll2014-03-04 15:09 . 2014-04-09 11:29 108032 ----a-w- c:\windows\system32\url.dll2014-03-04 15:08 . 2014-04-09 11:29 243712 ----a-w- c:\windows\system32\occache.dll2014-03-04 15:06 . 2014-04-09 11:29 1062912 ----a-w- c:\windows\system32\mstime.dll2014-03-04 15:05 . 2014-04-09 11:29 742912 ----a-w- c:\windows\system32\msfeeds.dll2014-03-04 15:05 . 2014-04-09 11:29 71680 ----a-w- c:\windows\system32\msfeedsbs.dll2014-03-04 15:05 . 2014-04-09 11:29 56832 ----a-w- c:\windows\system32\licmgr10.dll2014-03-04 15:04 . 2014-04-09 11:29 31744 ----a-w- c:\windows\system32\jsproxy.dll2014-03-04 15:04 . 2014-04-09 11:29 1538560 ----a-w- c:\windows\system32\inetcpl.cpl2014-03-04 15:04 . 2014-04-09 11:29 2357760 ----a-w- c:\windows\system32\iertutil.dll2014-03-04 15:04 . 2014-04-09 11:29 77312 ----a-w- c:\windows\system32\iesetup.dll2014-03-04 15:04 . 2014-04-09 11:29 219136 ----a-w- c:\windows\system32\ieui.dll2014-03-04 15:04 . 2014-04-09 11:29 132096 ----a-w- c:\windows\system32\iesysprep.dll2014-03-04 15:04 . 2014-04-09 11:29 72192 ----a-w- c:\windows\system32\iernonce.dll2014-03-04 15:04 . 2014-04-09 11:29 12510720 ----a-w- c:\windows\system32\ieframe.dll2014-03-04 15:04 . 2014-04-09 11:29 252416 ----a-w- c:\windows\system32\iepeers.dll2014-03-04 15:04 . 2014-04-09 11:29 459776 ----a-w- c:\windows\system32\iedkcs32.dll2014-03-04 15:02 . 2014-04-09 11:29 23040 ----a-w- c:\windows\system32\corpol.dll2014-03-04 13:33 . 2014-04-09 11:29 479232 ----a-w- c:\windows\system32\html.iec2014-03-04 12:10 . 2014-04-09 11:29 162816 ----a-w- c:\windows\system32\ieUnatt.exe2014-03-04 12:09 . 2014-04-09 11:29 70656 ----a-w- c:\windows\system32\ie4uinit.exe2014-03-04 12:08 . 2014-04-09 11:29 12288 ----a-w- c:\windows\system32\msfeedssync.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]"MoneyAgent"="c:\program files (x86)\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-04 39408]"SansaDispatch"="c:\users\Sharon\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2013-06-18 613888]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"DELL Webcam Manager"="c:\program files (x86)\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]"OEM05Mon.exe"="c:\windows\OEM05Mon.exe" [2007-08-22 36864]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-03-31 295512]"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-20 152392].c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-9-23 1295656]Displaysoft Online Updates - c--DSI-FIDLITE3.lnk - c:\dsi\FIDLITE3\inetupapp.exe [2009-7-16 757760].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - MBAMWEBACCESSCONTROL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]netsvcr REG_MULTI_SZ MedisCenter.HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcsThemes.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-05-21 12:12 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 11:48].2014-06-02 c:\windows\Tasks\BeFrugal.com Toolbar.job- c:\program files (x86)\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2012-12-09 15:09].2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-28 01:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 19:45].2014-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000Core.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1280911578-185664597-1390033846-1000UA.job- c:\users\Sharon\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-07 15:34].2014-06-01 c:\windows\Tasks\User_Feed_Synchronization-{1AA20150-EF88-4896-B0E4-6EEAF5644B98}.job- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = about:blankmStart Page = about:blankmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localTrusted Zone: aquarionwater.com\wwwTrusted Zone: caldirectsecuredocs.com\wwwTrusted Zone: com\pennwest-edocsTrusted Zone: com\swiftviewTrusted Zone: coupons.com\micrositeTrusted Zone: ditechsecuredocs.com\wwwTrusted Zone: ditechsecuredocs.net\wwwTrusted Zone: docmagic.com\wwwTrusted Zone: elynx.com\gatewayTrusted Zone: elynx.com\stest.lane100Trusted Zone: elynx.com\stest.lane200Trusted Zone: elynx.net\aegisTrusted Zone: elynx.net\ctestTrusted Zone: elynx.net\ctest.lane100Trusted Zone: elynx.net\formsTrusted Zone: elynx.net\gatewayTrusted Zone: elynx.net\gateway.ctestTrusted Zone: elynx.net\gmacformsTrusted Zone: elynx.net\proTrusted Zone: elynx.net\secureTrusted Zone: elynx.net\ssctestTrusted Zone: elynx.net\stestTrusted Zone: elynx.net\usignTrusted Zone: elynx.net\webpostTrusted Zone: gmacmsecuredocs.com\wwwTrusted Zone: gmacmsecuredocs.net\wwwTrusted Zone: gmamcsecuredocs.com\wwwTrusted Zone: hsbc.com\mortgage-esign.usTrusted Zone: real.com\rhap-app-4-0Trusted Zone: real.com\rhapregTrusted Zone: sasrlink.com\wwwTrusted Zone: ss3.swiftsend.com\loandocsTrusted Zone: swiftsend.com\docsTrusted Zone: swiftsend.com\gatewayTrusted Zone: swiftsend.com\loandocsTrusted Zone: swiftsend.com\loandocs.ss3Trusted Zone: swiftsend.com\wwwTrusted Zone: swiftsend2.com\docsTrusted Zone: swiftsend2.com\loandocsTrusted Zone: swiftview.com\productsTrusted Zone: swiftview.com\wwwTrusted Zone: wamuloandocs.com\wwwTCP: DhcpNameServer = 192.168.1.254CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dllFF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\7adqiqrj.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Bing FF - ExtSQL: !HIDDEN! 2009-09-01 11:28; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-bpk - c:\programdata\BPK\bpk.exeWow6432Node-HKCU-Run-sysiwp - c:\programdata\sysiwp\sysiwp.exeWow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exeAddRemove-Coupon Printer for Windows4.0 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exeAddRemove-Driver Performer_is1 - c:\program files (x86)\Driver-Soft\DriverPerformer\unins000.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.13".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]@Denied: (A 2) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]@="Shockwave Flash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]@Denied: (A 2) (Everyone)@="".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]@="FlashBroker".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\.------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Service.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exec:\users\Sharon\AppData\Local\Mikogo4\Viewer\Service\M4-Capture.exec:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exec:\windows\SysWOW64\rundll32.exec:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe.**************************************************************************.Completion time: 2014-06-01 21:25:36 - machine was rebootedComboFix-quarantined-files.txt 2014-06-02 01:25ComboFix2.txt 2012-05-26 00:37ComboFix3.txt 2012-05-25 11:02ComboFix4.txt 2012-05-25 00:26ComboFix5.txt 2014-06-01 23:53.Pre-Run: 440,709,865,472 bytes freePost-Run: 440,796,131,328 bytes free.- - End Of File - - 900830E5900BE6C65D521F094DE018FF5C616939100B85E558DA92B899A0FC36
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.