I'm hoping I did all of this correctly - if I had any issues I felt like it was using OTL. I'm not sure the correct log generated the first time and I only got one log the second time. Regardless here are the logs:
-----------------------------------------------------------------------------------
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46197f3d-30e7-4905-a14b-02bee3aaeb58}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{26842a09-ffa8-4e2c-ae12-0c80f01c3295} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{26842a09-ffa8-4e2c-ae12-0c80f01c3295}\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{46197f3d-30e7-4905-a14b-02bee3aaeb58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46197f3d-30e7-4905-a14b-02bee3aaeb58}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0441a0e-a49a-4e16-afc1-74ecced1921f}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@MapsGalaxy_39.com/Plugin\ deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\NP39Stub.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\39ffxtbr@MapsGalaxy_39.com deleted successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin\chrome folder moved successfully.
C:\Program Files\MapsGalaxy_39\bar\1.bin folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}\ deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D25F921-B9FE-4682-BF72-8AB8210D6D75}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71c1d63a-c944-428a-a5bd-ba513190e5d2}\ deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrcAs.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{364ea597-e728-4ce4-bb4a-ed846ef47970} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364ea597-e728-4ce4-bb4a-ed846ef47970}\ deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{364EA597-E728-4CE4-BB4A-ED846EF47970} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}\ not found.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39bar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy Search Scope Monitor deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39SrchMn.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MapsGalaxy_39 Browser Plugin Loader deleted successfully.
File C:\Program Files\MapsGalaxy_39\bar\1.bin\39brmon.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\ deleted successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GlaryInitialize 3.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-716673963-3066783214-2359982156-501Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-716673963-3066783214-2359982156-501UA.job moved successfully.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
========== FILES ==========
< at /c >Status ID Day Time Command Line
-------------------------------------------------------------------------------
1 Each 1 2 3 4 5 6 7 8... 10:10 AM "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1000"
2 Each 1 2 3 4 5 6 7 8... 8:40 PM "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1000"
3 Each 1 2 3 4 5 6 7 8... 10:22 AM "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1000"
4 Each 1 2 3 4 5 6 7 8... 2:00 PM "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe" /UA 9.5 /DDV 0x1000"
5 Each M T W Th F S Su 2:53 PM C:\DOCUME~1\DOUGLA~1\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE /Check
C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools\cmd.bat deleted successfully.
C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools\cmd.txt deleted successfully.
File\Folder at*.job not found.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 56974 bytes
User: All Users
User: Default User
->Flash cache emptied: 56468 bytes
User: douglas wenz
->Flash cache emptied: 913456 bytes
User: Guest
->Flash cache emptied: 6673 bytes
User: jeffrey wenz
->Flash cache emptied: 836574 bytes
User: LocalService
->Flash cache emptied: 88136 bytes
User: NetworkService
->Flash cache emptied: 72238 bytes
Total Flash Files Cleaned = 2.00 mb
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default User
User: douglas wenz
->Java cache emptied: 0 bytes
User: Guest
->Java cache emptied: 1147754 bytes
User: jeffrey wenz
->Java cache emptied: 3637704 bytes
User: LocalService
User: NetworkService
Total Java Files Cleaned = 5.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10092013_185430
-------------------------------------------------------------------
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-10-09 19:00:08
-----------------------------
19:00:08.437 OS Version: Windows 5.1.2600 Service Pack 3
19:00:08.468 Number of processors: 1 586 0x401
19:00:08.468 ComputerName: DDNNH981 UserName:
19:00:09.203 Initialize success
19:00:21.156 AVAST engine download error: 0
19:00:30.453 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:00:30.468 Disk 0 Vendor: SAMSUNG_SP0401N TJ100-28 Size: 38146MB BusType: 3
19:00:30.484 Device \Driver\atapi -> MajorFunction 86799c10
19:00:30.515 Disk 0 MBR read successfully
19:00:30.531 Disk 0 MBR scan
19:00:30.531 Disk 0 unknown MBR code
19:00:30.546 Disk 0 MBR hidden
19:00:30.562 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
19:00:30.593 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 34851 MB offset 80325
19:00:30.625 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3247 MB offset 71457120
19:00:30.671 Disk 0 scanning sectors +78108030
19:00:30.765 Disk 0 scanning C:\WINDOWS\system32\drivers
19:00:43.718 Service scanning
19:00:56.687 Service MpKsld4700aa2 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\MpKsld4700aa2.sys **LOCKED** 32
19:01:12.031 Modules scanning
19:01:26.531 Scan finished successfully
19:02:01.703 Disk 0 MBR has been saved successfully to "E:\reply\MBR.dat"
19:02:01.796 The log file has been saved successfully to "E:\reply\aswMBR.txt"
-----------------------------------------------------------------------
ComboFix 13-10-09.01 - douglas wenz 10/09/2013 19:30:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.608 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\douglas wenz\WINDOWS
C:\install.exe
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d877e0b82221a07f.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\SET46.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET54.tmp
.
.
((((((((((((((((((((((((( Files Created from 2013-09-10 to 2013-10-10 )))))))))))))))))))))))))))))))
.
.
2013-10-10 00:02 . 2013-10-10 00:02 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\offreg.dll
2013-10-09 23:57 . 2013-10-09 23:57 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\MpKsld4700aa2.sys
2013-10-09 23:54 . 2013-10-09 23:54 -------- d-----w- C:\_OTL
2013-10-08 22:21 . 2013-10-08 22:21 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\MpKsl470f76e0.sys
2013-10-05 00:02 . 2013-09-13 08:32 101664 ----a-w- c:\windows\system32\BootDefrag.exe
2013-10-05 00:02 . 2013-10-05 00:02 -------- d-----w- c:\documents and settings\douglas wenz\Application Data\GlarySoft
2013-10-05 00:02 . 2013-10-05 00:02 -------- d-----w- c:\program files\Glary Utilities 3
2013-10-04 23:36 . 2013-10-04 23:36 -------- d-----w- c:\documents and settings\douglas wenz\Application Data\ParetoLogic
2013-10-04 23:36 . 2013-10-04 23:36 -------- d-----w- c:\documents and settings\douglas wenz\Application Data\DriverCure
2013-10-04 23:36 . 2013-10-05 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2013-10-02 15:22 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\mpengine.dll
2013-10-01 13:43 . 2013-09-05 05:02 7328304 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-23 20:12 . 2013-09-23 20:12 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2013-09-23 20:12 . 2013-10-02 20:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2013-09-23 20:12 . 2013-09-23 20:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Windows Live Writer
2013-09-18 13:08 . 2013-09-18 13:08 -------- d-----w- c:\documents and settings\douglas wenz\Application Data\Apple Computer
2013-09-18 13:08 . 2013-09-18 13:08 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-09-18 12:29 . 2013-04-18 01:22 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-09-18 12:04 . 2013-09-18 12:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\IObit
2013-09-18 12:04 . 2013-09-18 12:04 -------- d-----w- c:\documents and settings\douglas wenz\Application Data\IObit
2013-09-18 11:59 . 2013-09-18 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-09-18 11:59 . 2013-09-18 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2013-09-18 11:58 . 2013-09-18 11:58 -------- d-----w- c:\program files\IObit
2013-09-17 21:37 . 2013-09-17 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-17 11:30 . 2013-09-17 11:30 -------- d-----w- C:\found.001
2013-09-16 21:52 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-09-16 21:51 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-09-16 21:51 . 2013-09-18 13:17 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 14:21 . 2012-07-13 13:19 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-20 14:21 . 2011-11-02 13:35 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-10 17:51 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2004-08-10 17:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2004-08-10 17:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2004-08-10 17:51 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2004-08-10 17:51 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-08-01 94208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-25 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\douglas wenz\Start Menu\Programs\Startup\
RentRight Reminder System.lnk - c:\rentver3\reminder.exe [2009-1-15 113920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk * \0BootDefrag.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-12-18 16:24 197928 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2013-06-20 22:25 995176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-08-25 07:28 98304 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
.
R1 MpKsld4700aa2;MpKsld4700aa2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1C0C0DB0-4A8E-4010-81D4-B02BE267E59D}\MpKsld4700aa2.sys [10/9/2013 6:57 PM 40392]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [1/4/2006 9:18 AM 34712]
S0 BootDefragDriver;BootDefragDriver;c:\windows\system32\drivers\BootDefragDriver.sys --> c:\windows\system32\drivers\BootDefragDriver.sys [?]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe --> c:\progra~1\MAPSGA~2\bar\1.bin\39barsvc.exe [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [9/18/2013 8:08 AM 40776]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSLD4700AA2
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-09 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-10-09 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-10-09 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-10-09 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17 09:15]
.
2013-10-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 23:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: alltel.com\care
Trusted Zone: hrblock.com\taxes
TCP: DhcpNameServer = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88} - hxxps://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719} - hxxps://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
DPF: {BB3B91F7-1070-4BFD-AA42-6C523B9162B9} - hxxps://care.alltel.com/lwp/static/installers/WebflowActiveXInstaller_3-0-0.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
MSConfigStartUp-MapsGalaxy Search Scope Monitor - c:\progra~1\MAPSGA~2\bar\1.bin\39srchmn.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\douglas wenz\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-10-09 19:43
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,24,89,9e,2c,25,09,40,9e,e4,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,24,89,9e,2c,25,09,40,9e,e4,f6,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-10-09 19:46:30
ComboFix-quarantined-files.txt 2013-10-10 00:46
.
Pre-Run: 14,663,675,904 bytes free
Post-Run: 16,033,640,448 bytes free
.
- - End Of File - - D973A21DBD8462452C3796CBE403F9F3
5FB38429D5D77768867C76DCBDB35194
-------------------------------------------------------
19:52:37.0765 0684 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:52:38.0921 0684 ============================================================
19:52:38.0921 0684 Current date / time: 2013/10/09 19:52:38.0921
19:52:38.0921 0684 SystemInfo:
19:52:38.0921 0684
19:52:38.0921 0684 OS Version: 5.1.2600 ServicePack: 3.0
19:52:38.0921 0684 Product type: Workstation
19:52:38.0921 0684 ComputerName: DDNNH981
19:52:38.0921 0684 UserName: douglas wenz
19:52:38.0921 0684 Windows directory: C:\WINDOWS
19:52:38.0921 0684 System windows directory: C:\WINDOWS
19:52:38.0921 0684 Processor architecture: Intel x86
19:52:38.0921 0684 Number of processors: 1
19:52:38.0921 0684 Page size: 0x1000
19:52:38.0921 0684 Boot type: Normal boot
19:52:38.0937 0684 ============================================================
19:52:43.0656 0684 BG loaded
19:52:44.0421 0684 Drive \Device\Harddisk0\DR0 - Size: 0x9502F9000 (37.25 Gb), SectorSize: 0x200, Cylinders: 0x12FF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:52:44.0546 0684 Drive \Device\Harddisk1\DR4 - Size: 0xEA108000 (3.66 Gb), SectorSize: 0x200, Cylinders: 0x1DD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:52:44.0546 0684 ============================================================
19:52:44.0546 0684 \Device\Harddisk0\DR0:
19:52:44.0578 0684 MBR partitions:
19:52:44.0578 0684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x4411F9B
19:52:44.0578 0684 \Device\Harddisk1\DR4:
19:52:44.0578 0684 MBR partitions:
19:52:44.0578 0684 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x6, StartLBA 0x40, BlocksNum 0x18CFC0
19:52:44.0578 0684 ============================================================
19:52:44.0781 0684 C: <-> \Device\Harddisk0\DR0\Partition1
19:52:44.0937 0684 ============================================================
19:52:44.0937 0684 Initialize success
19:52:44.0937 0684 ============================================================
19:53:10.0875 3692 ============================================================
19:53:10.0875 3692 Scan started
19:53:10.0875 3692 Mode: Manual; SigCheck; TDLFS;
19:53:10.0875 3692 ============================================================
19:53:12.0656 3692 ================ Scan system memory ========================
19:53:12.0656 3692 System memory - ok
19:53:12.0671 3692 ================ Scan services =============================
19:53:14.0187 3692 Abiosdsk - ok
19:53:14.0531 3692 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:53:26.0671 3692 abp480n5 - ok
19:53:26.0796 3692 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:53:27.0484 3692 ACPI - ok
19:53:27.0578 3692 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:53:27.0750 3692 ACPIEC - ok
19:53:27.0843 3692 [ 24A0876D07EF356DCBC1D7A7929354AB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:53:27.0921 3692 AdobeFlashPlayerUpdateSvc - ok
19:53:27.0984 3692 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:53:28.0187 3692 adpu160m - ok
19:53:28.0218 3692 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:53:28.0390 3692 aec - ok
19:53:28.0437 3692 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:53:28.0546 3692 AFD - ok
19:53:28.0640 3692 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:53:28.0921 3692 agp440 - ok
19:53:28.0953 3692 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:53:29.0156 3692 agpCPQ - ok
19:53:29.0234 3692 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:53:29.0328 3692 Aha154x - ok
19:53:29.0375 3692 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:53:29.0609 3692 aic78u2 - ok
19:53:29.0625 3692 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:53:29.0796 3692 aic78xx - ok
19:53:29.0859 3692 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:53:30.0046 3692 Alerter - ok
19:53:30.0078 3692 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:53:30.0265 3692 ALG - ok
19:53:30.0359 3692 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:53:30.0640 3692 AliIde - ok
19:53:30.0687 3692 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:53:30.0906 3692 alim1541 - ok
19:53:30.0968 3692 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:53:31.0203 3692 amdagp - ok
19:53:31.0343 3692 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:53:31.0468 3692 amsint - ok
19:53:31.0484 3692 AppMgmt - ok
19:53:31.0515 3692 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:53:31.0703 3692 asc - ok
19:53:31.0718 3692 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:53:31.0812 3692 asc3350p - ok
19:53:31.0828 3692 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:53:32.0000 3692 asc3550 - ok
19:53:32.0921 3692 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
19:53:33.0328 3692 aspnet_state - ok
19:53:33.0406 3692 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:53:33.0578 3692 AsyncMac - ok
19:53:33.0609 3692 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:53:33.0750 3692 atapi - ok
19:53:33.0765 3692 Atdisk - ok
19:53:33.0859 3692 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:53:34.0046 3692 Atmarpc - ok
19:53:34.0171 3692 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:53:34.0343 3692 AudioSrv - ok
19:53:34.0812 3692 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:53:35.0703 3692 audstub - ok
19:53:36.0171 3692 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:53:36.0359 3692 Beep - ok
19:53:37.0421 3692 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:53:37.0734 3692 BITS - ok
19:53:37.0750 3692 BootDefragDriver - ok
19:53:37.0812 3692 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:53:38.0000 3692 Browser - ok
19:53:38.0265 3692 catchme - ok
19:53:38.0328 3692 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:53:38.0515 3692 cbidf - ok
19:53:38.0578 3692 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:53:38.0718 3692 cbidf2k - ok
19:53:38.0812 3692 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:53:38.0953 3692 cd20xrnt - ok
19:53:38.0984 3692 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:53:39.0156 3692 Cdaudio - ok
19:53:39.0203 3692 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:53:39.0375 3692 Cdfs - ok
19:53:39.0468 3692 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:53:39.0640 3692 Cdrom - ok
19:53:39.0656 3692 Changer - ok
19:53:39.0718 3692 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:53:39.0906 3692 CiSvc - ok
19:53:40.0000 3692 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:53:40.0234 3692 ClipSrv - ok
19:53:40.0328 3692 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:53:41.0203 3692 clr_optimization_v2.0.50727_32 - ok
19:53:41.0312 3692 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:53:41.0859 3692 CmdIde - ok
19:53:41.0875 3692 COMSysApp - ok
19:53:42.0437 3692 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:53:42.0609 3692 Cpqarray - ok
19:53:42.0718 3692 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:53:43.0062 3692 CryptSvc - ok
19:53:43.0250 3692 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:53:43.0734 3692 dac2w2k - ok
19:53:43.0796 3692 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:53:44.0125 3692 dac960nt - ok
19:53:44.0421 3692 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:53:44.0781 3692 DcomLaunch - ok
19:53:44.0937 3692 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:53:45.0218 3692 Dhcp - ok
19:53:45.0265 3692 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:53:45.0453 3692 Disk - ok
19:53:45.0468 3692 dmadmin - ok
19:53:46.0140 3692 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:53:47.0234 3692 dmboot - ok
19:53:47.0562 3692 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:53:48.0000 3692 dmio - ok
19:53:48.0109 3692 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:53:48.0375 3692 dmload - ok
19:53:48.0546 3692 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:53:49.0078 3692 dmserver - ok
19:53:49.0140 3692 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:53:49.0453 3692 DMusic - ok
19:53:49.0562 3692 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:53:50.0015 3692 Dnscache - ok
19:53:50.0375 3692 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:53:50.0875 3692 Dot3svc - ok
19:53:51.0015 3692 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:53:51.0343 3692 dpti2o - ok
19:53:51.0375 3692 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:53:51.0625 3692 drmkaud - ok
19:53:51.0703 3692 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:53:51.0968 3692 E100B - ok
19:53:52.0093 3692 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:53:52.0484 3692 EapHost - ok
19:53:52.0562 3692 [ 8C3F3914F1C1E3E3FFE77190A4C9D735 ] ENETHUSB C:\WINDOWS\system32\DRIVERS\enethusb.sys
19:53:52.0640 3692 ENETHUSB ( UnsignedFile.Multi.Generic ) - warning
19:53:52.0640 3692 ENETHUSB - detected UnsignedFile.Multi.Generic (1)
19:53:53.0328 3692 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:53:53.0515 3692 ERSvc - ok
19:53:53.0968 3692 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:53:54.0109 3692 Eventlog - ok
19:53:54.0437 3692 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:53:54.0593 3692 EventSystem - ok
19:53:55.0093 3692 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:53:55.0250 3692 Fastfat - ok
19:53:55.0328 3692 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:53:55.0484 3692 FastUserSwitchingCompatibility - ok
19:53:57.0015 3692 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:53:57.0218 3692 Fax - ok
19:53:57.0250 3692 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:53:57.0437 3692 Fdc - ok
19:53:58.0734 3692 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:53:58.0890 3692 Fips - ok
19:53:58.0968 3692 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:53:59.0140 3692 Flpydisk - ok
19:53:59.0234 3692 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:53:59.0468 3692 FltMgr - ok
19:53:59.0734 3692 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:53:59.0781 3692 FontCache3.0.0.0 - ok
19:54:00.0265 3692 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
19:54:00.0296 3692 FreeAgentGoNext Service - ok
19:54:00.0359 3692 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:54:00.0546 3692 Fs_Rec - ok
19:54:00.0703 3692 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:54:00.0921 3692 Ftdisk - ok
19:54:01.0218 3692 [ 78494AE0F93358179B97571B9E76997C ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
19:54:01.0265 3692 getPlus® Helper - ok
19:54:01.0421 3692 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:54:01.0593 3692 Gpc - ok
19:54:01.0812 3692 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:01.0843 3692 gupdate - ok
19:54:01.0937 3692 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:54:01.0953 3692 gupdatem - ok
19:54:02.0140 3692 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:54:02.0328 3692 helpsvc - ok
19:54:02.0421 3692 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:54:02.0609 3692 HidServ - ok
19:54:02.0625 3692 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:54:02.0796 3692 HidUsb - ok
19:54:02.0890 3692 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:54:03.0093 3692 hkmsvc - ok
19:54:03.0109 3692 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:54:03.0281 3692 hpn - ok
19:54:03.0843 3692 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:54:03.0875 3692 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:54:03.0875 3692 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:54:03.0953 3692 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:54:03.0968 3692 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:54:03.0968 3692 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:54:04.0078 3692 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:54:04.0625 3692 HPZid412 - ok
19:54:04.0671 3692 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:54:04.0734 3692 HPZipr12 - ok
19:54:04.0765 3692 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:54:04.0828 3692 HPZius12 - ok
19:54:04.0890 3692 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:54:04.0968 3692 HTTP - ok
19:54:05.0015 3692 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:54:05.0203 3692 HTTPFilter - ok
19:54:05.0234 3692 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:54:05.0406 3692 i2omgmt - ok
19:54:05.0437 3692 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:54:05.0609 3692 i2omp - ok
19:54:05.0640 3692 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:54:05.0796 3692 i8042prt - ok
19:54:06.0171 3692 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:54:06.0406 3692 ialm - ok
19:54:06.0734 3692 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:54:07.0312 3692 idsvc - ok
19:54:07.0375 3692 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:54:07.0546 3692 Imapi - ok
19:54:07.0593 3692 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:54:07.0796 3692 ImapiService - ok
19:54:07.0859 3692 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:54:08.0031 3692 ini910u - ok
19:54:08.0125 3692 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:54:08.0281 3692 IntelIde - ok
19:54:08.0312 3692 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:54:08.0453 3692 intelppm - ok
19:54:08.0484 3692 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:54:08.0656 3692 Ip6Fw - ok
19:54:08.0718 3692 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:54:08.0890 3692 IpFilterDriver - ok
19:54:08.0937 3692 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:54:09.0078 3692 IpInIp - ok
19:54:09.0109 3692 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:54:09.0281 3692 IpNat - ok
19:54:09.0296 3692 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:54:09.0484 3692 IPSec - ok
19:54:09.0531 3692 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:54:09.0703 3692 IRENUM - ok
19:54:09.0750 3692 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:54:09.0921 3692 isapnp - ok
19:54:10.0046 3692 [ 5E06A9D23727DAF96FAA796F1135FDCD ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
19:54:10.0078 3692 JavaQuickStarterService - ok
19:54:10.0109 3692 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:54:10.0281 3692 Kbdclass - ok
19:54:10.0343 3692 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:54:10.0484 3692 kbdhid - ok
19:54:10.0546 3692 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:54:10.0718 3692 kmixer - ok
19:54:10.0765 3692 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:54:10.0984 3692 KSecDD - ok
19:54:11.0046 3692 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:54:11.0187 3692 lanmanserver - ok
19:54:11.0265 3692 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:54:11.0375 3692 lanmanworkstation - ok
19:54:11.0375 3692 lbrtfdc - ok
19:54:11.0453 3692 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:54:11.0609 3692 LmHosts - ok
19:54:11.0640 3692 MapsGalaxy_39Service - ok
19:54:11.0718 3692 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\WINDOWS\system32\drivers\mbamswissarmy.sys
19:54:12.0078 3692 MBAMSwissArmy - ok
19:54:12.0125 3692 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:54:12.0296 3692 Messenger - ok
19:54:12.0343 3692 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:54:12.0515 3692 mnmdd - ok
19:54:12.0578 3692 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:54:12.0750 3692 mnmsrvc - ok
19:54:12.0812 3692 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:54:12.0984 3692 Modem - ok
19:54:13.0062 3692 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:54:13.0218 3692 Mouclass - ok
19:54:13.0281 3692 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:54:13.0453 3692 mouhid - ok
19:54:13.0484 3692 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:54:13.0640 3692 MountMgr - ok
19:54:13.0796 3692 [ 24406D75B40F0F6B3C1AC7031D734565 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
19:54:13.0890 3692 MpFilter - ok
19:54:13.0937 3692 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:54:14.0109 3692 mraid35x - ok
19:54:14.0140 3692 [ A7566DA7AA8B74F1CEBC18AFD6B6CFA0 ] mrtRate C:\WINDOWS\system32\drivers\mrtRate.sys
19:54:14.0187 3692 mrtRate ( UnsignedFile.Multi.Generic ) - warning
19:54:14.0187 3692 mrtRate - detected UnsignedFile.Multi.Generic (1)
19:54:14.0234 3692 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:54:14.0421 3692 MRxDAV - ok
19:54:14.0578 3692 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:54:14.0750 3692 MRxSmb - ok
19:54:14.0812 3692 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:54:14.0984 3692 MSDTC - ok
19:54:15.0062 3692 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:54:15.0218 3692 Msfs - ok
19:54:15.0234 3692 MSIServer - ok
19:54:15.0281 3692 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:54:15.0437 3692 MSKSSRV - ok
19:54:15.0546 3692 [ 37F77AEBFF23A99D1BFB4F34CD2D07F2 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:54:15.0578 3692 MsMpSvc - ok
19:54:15.0593 3692 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:54:15.0765 3692 MSPCLOCK - ok
19:54:15.0812 3692 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:54:16.0046 3692 MSPQM - ok
19:54:16.0093 3692 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:54:16.0265 3692 mssmbios - ok
19:54:16.0296 3692 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:54:16.0390 3692 Mup - ok
19:54:16.0593 3692 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:54:16.0875 3692 napagent - ok
19:54:16.0906 3692 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:54:17.0109 3692 NDIS - ok
19:54:17.0140 3692 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:54:17.0265 3692 NdisTapi - ok
19:54:17.0312 3692 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:54:17.0468 3692 Ndisuio - ok
19:54:17.0515 3692 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:54:17.0671 3692 NdisWan - ok
19:54:17.0718 3692 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:54:17.0843 3692 NDProxy - ok
19:54:17.0890 3692 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
19:54:17.0890 3692 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:54:17.0890 3692 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:54:17.0921 3692 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:54:18.0093 3692 NetBIOS - ok
19:54:18.0187 3692 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:54:18.0359 3692 NetBT - ok
19:54:18.0406 3692 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:54:18.0593 3692 NetDDE - ok
19:54:18.0609 3692 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:54:18.0750 3692 NetDDEdsdm - ok
19:54:18.0796 3692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:54:18.0953 3692 Netlogon - ok
19:54:19.0015 3692 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:54:19.0187 3692 Netman - ok
19:54:19.0421 3692 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
19:54:19.0468 3692 NetSvc ( UnsignedFile.Multi.Generic ) - warning
19:54:19.0468 3692 NetSvc - detected UnsignedFile.Multi.Generic (1)
19:54:19.0562 3692 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:54:19.0609 3692 NetTcpPortSharing - ok
19:54:19.0687 3692 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:54:19.0734 3692 Nla - ok
19:54:19.0781 3692 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:54:19.0937 3692 Npfs - ok
19:54:20.0046 3692 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:54:20.0375 3692 Ntfs - ok
19:54:20.0406 3692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:54:20.0546 3692 NtLmSsp - ok
19:54:20.0687 3692 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:54:20.0984 3692 NtmsSvc - ok
19:54:21.0015 3692 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:54:21.0187 3692 Null - ok
19:54:21.0437 3692 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:54:21.0812 3692 nv - ok
19:54:21.0890 3692 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:54:22.0171 3692 NwlnkFlt - ok
19:54:22.0203 3692 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:54:22.0453 3692 NwlnkFwd - ok
19:54:22.0484 3692 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:54:22.0640 3692 Parport - ok
19:54:22.0656 3692 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:54:23.0046 3692 PartMgr - ok
19:54:23.0062 3692 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:54:23.0500 3692 ParVdm - ok
19:54:23.0515 3692 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:54:23.0796 3692 PCI - ok
19:54:23.0812 3692 PCIDump - ok
19:54:23.0859 3692 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:54:24.0125 3692 PCIIde - ok
19:54:24.0187 3692 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:54:24.0390 3692 Pcmcia - ok
19:54:24.0390 3692 PDCOMP - ok
19:54:24.0406 3692 PDFRAME - ok
19:54:24.0421 3692 PDRELI - ok
19:54:24.0421 3692 PDRFRAME - ok
19:54:24.0468 3692 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:54:24.0656 3692 perc2 - ok
19:54:24.0687 3692 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:54:24.0875 3692 perc2hib - ok
19:54:24.0921 3692 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:54:24.0953 3692 PlugPlay - ok
19:54:24.0984 3692 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
19:54:25.0015 3692 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:54:25.0015 3692 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:54:25.0046 3692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:54:25.0187 3692 PolicyAgent - ok
19:54:25.0218 3692 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:54:25.0390 3692 PptpMiniport - ok
19:54:25.0406 3692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:54:25.0531 3692 ProtectedStorage - ok
19:54:25.0562 3692 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:54:25.0718 3692 PSched - ok
19:54:25.0734 3692 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:54:25.0921 3692 Ptilink - ok
19:54:25.0984 3692 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:54:26.0187 3692 ql1080 - ok
19:54:26.0218 3692 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:54:26.0421 3692 Ql10wnt - ok
19:54:26.0468 3692 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:54:26.0812 3692 ql12160 - ok
19:54:26.0843 3692 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:54:27.0015 3692 ql1240 - ok
19:54:27.0046 3692 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:54:27.0234 3692 ql1280 - ok
19:54:27.0312 3692 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:54:27.0468 3692 RasAcd - ok
19:54:27.0531 3692 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:54:27.0718 3692 RasAuto - ok
19:54:27.0734 3692 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:54:27.0890 3692 Rasl2tp - ok
19:54:27.0953 3692 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:54:28.0109 3692 RasMan - ok
19:54:28.0125 3692 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:54:28.0312 3692 RasPppoe - ok
19:54:28.0343 3692 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:54:28.0500 3692 Raspti - ok
19:54:28.0546 3692 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:54:28.0703 3692 Rdbss - ok
19:54:28.0718 3692 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:54:28.0890 3692 RDPCDD - ok
19:54:28.0984 3692 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:54:29.0218 3692 rdpdr - ok
19:54:29.0281 3692 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:54:29.0484 3692 RDPWD - ok
19:54:29.0593 3692 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:54:29.0765 3692 RDSessMgr - ok
19:54:29.0781 3692 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:54:29.0937 3692 redbook - ok
19:54:30.0000 3692 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:54:30.0171 3692 RemoteAccess - ok
19:54:30.0203 3692 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:54:30.0343 3692 RpcLocator - ok
19:54:30.0468 3692 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:54:30.0500 3692 RpcSs - ok
19:54:30.0562 3692 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:54:30.0734 3692 RSVP - ok
19:54:30.0750 3692 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:54:30.0906 3692 SamSs - ok
19:54:30.0937 3692 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:54:31.0125 3692 SCardSvr - ok
19:54:31.0203 3692 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:54:31.0421 3692 Schedule - ok
19:54:31.0484 3692 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:54:31.0671 3692 Secdrv - ok
19:54:31.0718 3692 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:54:31.0875 3692 seclogon - ok
19:54:31.0953 3692 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
19:54:32.0125 3692 senfilt - ok
19:54:32.0218 3692 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:54:32.0390 3692 SENS - ok
19:54:32.0437 3692 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:54:32.0593 3692 serenum - ok
19:54:32.0625 3692 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:54:32.0796 3692 Serial - ok
19:54:32.0859 3692 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:54:33.0031 3692 Sfloppy - ok
19:54:33.0093 3692 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:54:33.0328 3692 SharedAccess - ok
19:54:33.0359 3692 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:54:33.0390 3692 ShellHWDetection - ok
19:54:33.0406 3692 Simbad - ok
19:54:33.0468 3692 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:54:33.0656 3692 sisagp - ok
19:54:33.0781 3692 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:54:33.0812 3692 smwdm - ok
19:54:33.0843 3692 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:54:34.0000 3692 Sparrow - ok
19:54:34.0015 3692 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:54:34.0171 3692 splitter - ok
19:54:34.0218 3692 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:54:34.0343 3692 Spooler - ok
19:54:34.0375 3692 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:54:34.0578 3692 sr - ok
19:54:34.0640 3692 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:54:34.0812 3692 srservice - ok
19:54:34.0906 3692 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:54:35.0078 3692 Srv - ok
19:54:35.0156 3692 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:54:35.0312 3692 SSDPSRV - ok
19:54:35.0437 3692 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:54:35.0687 3692 stisvc - ok
19:54:35.0750 3692 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:54:35.0937 3692 swenum - ok
19:54:35.0953 3692 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:54:36.0125 3692 swmidi - ok
19:54:36.0140 3692 SwPrv - ok
19:54:36.0187 3692 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:54:36.0343 3692 symc810 - ok
19:54:36.0390 3692 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:54:36.0593 3692 symc8xx - ok
19:54:36.0625 3692 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:54:36.0843 3692 sym_hi - ok
19:54:36.0875 3692 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:54:37.0046 3692 sym_u3 - ok
19:54:37.0078 3692 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:54:37.0250 3692 sysaudio - ok
19:54:37.0296 3692 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:54:37.0500 3692 SysmonLog - ok
19:54:37.0562 3692 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:54:37.0734 3692 TapiSrv - ok
19:54:37.0796 3692 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:54:37.0859 3692 Tcpip - ok
19:54:37.0906 3692 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:54:38.0093 3692 TDPIPE - ok
19:54:38.0125 3692 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:54:38.0328 3692 TDTCP - ok
19:54:38.0359 3692 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:54:38.0531 3692 TermDD - ok
19:54:38.0625 3692 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:54:38.0828 3692 TermService - ok
19:54:38.0875 3692 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:54:38.0890 3692 Themes - ok
19:54:38.0921 3692 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:54:39.0125 3692 TosIde - ok
19:54:39.0203 3692 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:54:39.0375 3692 TrkWks - ok
19:54:39.0453 3692 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:54:39.0656 3692 Udfs - ok
19:54:39.0687 3692 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:54:39.0796 3692 ultra - ok
19:54:39.0906 3692 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:54:40.0109 3692 Update - ok
19:54:40.0203 3692 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:54:40.0406 3692 upnphost - ok
19:54:40.0468 3692 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:54:40.0625 3692 UPS - ok
19:54:40.0671 3692 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:54:40.0859 3692 usbccgp - ok
19:54:40.0890 3692 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:54:41.0062 3692 usbehci - ok
19:54:41.0078 3692 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:54:41.0234 3692 usbhub - ok
19:54:41.0328 3692 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:54:41.0484 3692 usbprint - ok
19:54:41.0531 3692 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:54:41.0687 3692 usbscan - ok
19:54:41.0750 3692 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:54:41.0906 3692 USBSTOR - ok
19:54:41.0984 3692 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:54:42.0140 3692 usbuhci - ok
19:54:42.0187 3692 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:54:42.0343 3692 VgaSave - ok
19:54:42.0406 3692 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:54:42.0593 3692 viaagp - ok
19:54:42.0625 3692 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:54:42.0796 3692 ViaIde - ok
19:54:42.0890 3692 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:54:43.0078 3692 VolSnap - ok
19:54:43.0343 3692 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:54:43.0578 3692 VSS - ok
19:54:43.0750 3692 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
19:54:43.0921 3692 w32time - ok
19:54:43.0953 3692 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:54:44.0109 3692 Wanarp - ok
19:54:44.0125 3692 wanatw - ok
19:54:44.0140 3692 WDICA - ok
19:54:44.0171 3692 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:54:44.0343 3692 wdmaud - ok
19:54:44.0375 3692 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:54:44.0546 3692 WebClient - ok
19:54:44.0906 3692 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:54:45.0078 3692 winmgmt - ok
19:54:45.0234 3692 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:54:45.0421 3692 WmdmPmSN - ok
19:54:45.0500 3692 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:54:45.0687 3692 WmiApSrv - ok
19:54:46.0078 3692 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:54:46.0546 3692 WMPNetworkSvc - ok
19:54:46.0593 3692 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:54:46.0796 3692 WS2IFSL - ok
19:54:46.0937 3692 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:54:47.0109 3692 wscsvc - ok
19:54:47.0156 3692 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:54:47.0343 3692 wuauserv - ok
19:54:47.0437 3692 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:54:47.0515 3692 WudfPf - ok
19:54:47.0562 3692 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:54:47.0609 3692 WudfSvc - ok
19:54:47.0703 3692 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:54:47.0890 3692 WZCSVC - ok
19:54:47.0953 3692 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:54:48.0156 3692 xmlprov - ok
19:54:48.0171 3692 ================ Scan global ===============================
19:54:48.0234 3692 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:54:48.0359 3692 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:54:48.0484 3692 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
19:54:48.0546 3692 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:54:48.0546 3692 [Global] - ok
19:54:48.0546 3692 ================ Scan MBR ==================================
19:54:48.0593 3692 [ B16A2359F4962B0C622D81A1C1F4B703 ] \Device\Harddisk0\DR0
19:54:53.0593 3692 \Device\Harddisk0\DR0 - ok
19:54:53.0609 3692 [ 24BEFCB10664FC4406BFE82D40B517A3 ] \Device\Harddisk1\DR4
19:54:53.0734 3692 \Device\Harddisk1\DR4 - ok
19:54:53.0750 3692 ================ Scan VBR ==================================
19:54:53.0765 3692 [ 665619F6F31D71F9140990BFD4A3C509 ] \Device\Harddisk0\DR0\Partition1
19:54:53.0796 3692 \Device\Harddisk0\DR0\Partition1 - ok
19:54:53.0796 3692 [ 8E44273A46D011E0567294802CD11B8A ] \Device\Harddisk1\DR4\Partition1
19:54:53.0796 3692 \Device\Harddisk1\DR4\Partition1 - ok
19:54:53.0812 3692 ============================================================
19:54:53.0812 3692 Scan finished
19:54:53.0812 3692 ============================================================
19:54:53.0968 3684 Detected object count: 7
19:54:53.0968 3684 Actual detected object count: 7
19:55:04.0406 3684 ENETHUSB ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0406 3684 ENETHUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0406 3684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0406 3684 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0406 3684 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0406 3684 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0437 3684 mrtRate ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0437 3684 mrtRate ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0437 3684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0437 3684 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0468 3684 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0468 3684 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:04.0500 3684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:55:04.0500 3684 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:55:12.0015 0312 Deinitialize success
-----------------------------------------------------------------
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.09.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
douglas wenz :: DDNNH981 [administrator]
Protection: Enabled
10/9/2013 8:27:08 PM
mbam-log-2013-10-09 (20-27-08).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 264592
Time elapsed: 12 minute(s), 27 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0F -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
------------------------------------------------------------------------
# AdwCleaner v3.007 - Report created 09/10/2013 at 23:09:10
# Updated 09/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : douglas wenz - DDNNH981
# Running from : C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : MapsGalaxy_39Service
***** [ Files / Folders ] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\mapsgalaxy_39
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\douglas wenz\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\douglas wenz\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\douglas wenz\Application Data\DSite
Folder Deleted : C:\Documents and Settings\douglas wenz\Application Data\mapsgalaxy_39
Folder Deleted : C:\Documents and Settings\douglas wenz\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\douglas wenz\Application Data\Viewpoint
File Deleted : C:\WINDOWS\system32\p5PSSavr.scr
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\MyWaySA
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MapsGalaxy_39
Key Deleted : HKLM\Software\MyWaySA
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7559288-223B-453C-9F06-340E3BE21E39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E7559288-223B-453C-9F06-340E3BE21E39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MapsGalaxy_39bar Uninstall
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v
[ File : C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : icon_url
*************************
AdwCleaner[R0].txt - [5583 octets] - [09/10/2013 23:07:10]
AdwCleaner[S0].txt - [5412 octets] - [09/10/2013 23:09:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5472 octets] ##########
-------------------------------------------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Microsoft Windows XP x86
Ran by douglas wenz on Wed 10/09/2013 at 23:13:13.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 10/09/2013 at 23:25:52.71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------
Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/10/2013 11:37:31 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------
Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/10/2013 11:38:23 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/10/2013 11:31:47 PM
Type: warning Category: 1
Event: 32068 Source: Microsoft Fax
The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: '*' Area code: '*'
Log: 'Application' Date/Time: 09/10/2013 11:31:47 PM
Type: warning Category: 1
Event: 32026 Source: Microsoft Fax
Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.
----------------------------------------------------------------------
OTL logfile created on: 10/9/2013 11:47:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1021.98 Mb Total Physical Memory | 572.74 Mb Available Physical Memory | 56.04% Memory free
1.91 Gb Paging File | 1.55 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): C:\pagefile.sys 1024 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.04 Gb Total Space | 14.82 Gb Free Space | 43.55% Space Free | Partition Type: NTFS
Drive E: | 793.75 Mb Total Space | 766.78 Mb Free Space | 96.60% Space Free | Partition Type: FAT
Computer Name: DDNNH981 | User Name: douglas wenz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/10/04 19:38:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools\OTL.exe
PRC - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/01 13:30:26 | 000,094,208 | ---- | M] () -- C:\Program Files\QUICKENW\qagent.exe
PRC - [2001/02/28 11:42:44 | 000,065,536 | ---- | M] (Marimba Inc.) -- C:\WINDOWS\system32\mrtMngr.exe
========== Modules (No Company Name) ========== MOD - [2001/08/01 13:30:26 | 000,094,208 | ---- | M] () -- C:\Program Files\QUICKENW\qagent.exe
========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/20 09:21:44 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/20 18:05:14 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DOUGLA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\BootDefragDriver.sys -- (BootDefragDriver)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/01/31 12:08:54 | 000,028,005 | R--- | M] (Efficient Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enethusb.sys -- (ENETHUSB)
DRV - [2001/02/28 11:42:44 | 000,034,712 | ---- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.foxnews.com/IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/05/24 10:41:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/05/24 10:41:30 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - Extension: No name found = C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/10/09 19:43:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [QAGENT] C:\Program Files\QUICKENW\qagent.exe ()
O4 - Startup: C:\Documents and Settings\douglas wenz\Start Menu\Programs\Startup\RentRight Reminder System.lnk = C:\RentVer3\reminder.exe (RentRight)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O15 - HKCU\..Trusted Domains: alltel.com ([care] http in Trusted sites)
O15 - HKCU\..Trusted Domains: alltel.com ([care] https in Trusted sites)
O15 - HKCU\..Trusted Domains: hrblock.com ([taxes] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499}
https://activation.a...aller_2-0-0.cab (Reg Error: Value error.)
O16 - DPF: {4EC99A0B-E57C-4FBE-B9C4-8428424FBF88}
https://care.alltel....aller_3-0-0.cab (McciUtilsSpecialFolder Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}
http://by109fd.bay10...es/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {528BF874-2681-4CE3-8C62-AA0D3BC0A719}
https://care.alltel....aller_3-0-0.cab (McciSysSCM Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FD68625-2346-418A-8899-67CB36B1917F}
https://care.alltel....aller_3-0-0.cab (McciSM Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB3B91F7-1070-4BFD-AA42-6C523B9162B9}
https://care.alltel....aller_3-0-0.cab (McciHTTPClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306}
https://care.alltel....aller_3-0-0.cab (SecurityManager Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
https://tdameritrade...nbr/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5922D2B-C2AE-4214-B494-E1A6D222D00A}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\douglas wenz\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (BootDefrag.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpReg:
Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg:
MaxMenuMgr - hkey= - key= - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
MsConfig - StartUpReg:
MSC - hkey= - key= - c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
MsConfig - StartUpReg:
QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: 25169304.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: 25169304.sys - Driver
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0} - Microsoft .NET Framework 1.1 Security Update (KB2833941)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/10/09 23:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/10/09 23:07:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/09 19:59:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/09 19:59:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/10/09 19:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/10/09 19:50:38 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/10/09 19:18:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/10/09 18:54:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/04 19:02:39 | 000,101,664 | ---- | C] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2013/10/04 19:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\douglas wenz\Application Data\GlarySoft
[2013/10/04 19:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 3
[2013/10/04 19:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\Glary Utilities 3
[2013/10/04 18:53:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/10/04 18:53:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/10/04 18:53:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/10/04 18:53:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/10/04 18:50:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/10/04 18:50:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\douglas wenz\Start Menu\Programs\Administrative Tools
[2013/10/04 18:49:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/10/04 18:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\douglas wenz\Desktop\Jared G Tools
[2013/10/01 08:30:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2013/09/23 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2013/09/23 15:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Live Writer
[2013/09/18 08:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\douglas wenz\Application Data\Apple Computer
[2013/09/18 07:29:18 | 000,023,360 | ---- | C] (IObit) -- C:\WINDOWS\System32\RegistryDefragBootTime.exe
[2013/09/18 07:06:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/18 07:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\douglas wenz\Application Data\IObit
[2013/09/18 06:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/09/18 06:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/09/18 06:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2013/09/17 16:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/17 06:30:22 | 000,000,000 | ---D | C] -- C:\found.001
[2013/09/13 13:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/09/13 13:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/10/09 23:41:38 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/10/09 23:31:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/10/09 23:31:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/09 23:31:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/09 20:40:02 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/10/09 19:43:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/10/09 19:18:41 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/10/09 18:57:47 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/10/09 14:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/10/09 10:22:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/10/09 10:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/10/08 17:35:35 | 000,000,978 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/10/04 19:02:41 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\douglas wenz\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/10/04 19:02:41 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Glary Utilities 3.lnk
[2013/10/02 10:51:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/24 15:12:58 | 000,333,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/20 09:21:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 09:21:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/18 08:06:03 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2013/09/18 08:05:02 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/09/13 03:32:30 | 000,101,664 | ---- | M] (Glarysoft Ltd) -- C:\WINDOWS\System32\BootDefrag.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/10/09 19:18:41 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/10/09 19:18:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/10/04 19:02:41 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\douglas wenz\Application Data\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 3.lnk
[2013/10/04 19:02:41 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Glary Utilities 3.lnk
[2013/10/04 19:02:33 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Glary Utilities 3.lnk
[2013/10/04 18:53:53 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/10/04 18:53:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/10/04 18:53:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/10/04 18:53:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/10/04 18:53:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/20 14:54:29 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\WBPU-TTL.DAT
[2013/09/20 14:54:26 | 000,000,088 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\WB.CFG
[2013/09/18 12:46:24 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/18 08:06:03 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2013/09/18 08:03:32 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/09/13 10:45:42 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2013/07/29 14:53:04 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/06/27 14:53:10 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/06/26 14:53:06 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\douglas wenz\Application Data\WBPU-TTL.DAT
[2013/06/10 10:18:28 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/02/16 15:16:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2006/09/06 16:59:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\douglas wenz\Application Data\PFP120JPR.{PB
[2006/09/06 16:59:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\douglas wenz\Application Data\PFP120JCM.{PB
========== ZeroAccess Check ========== [2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP0401N
Partitions: 3
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 - Removable media other than\tfloppy
Interface type: USB
Media Type: Removable media other than\tfloppy
Model: Kingston DT 101 G2 USB Device
Partitions: 1
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 39.00MB
Starting Offset: 32256
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 34.00GB
Starting Offset: 41126400
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 3.00GB
Starting Offset: 36586045440
Hidden sectors: 0
DeviceID: Disk #1, Partition #0
PartitionType: MS-DOS V4 Huge
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 794.00MB
Starting Offset: 32768
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2011/10/28 10:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Adobe
[2008/09/06 17:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\AdobeUM
[2013/09/18 08:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Apple Computer
[2009/03/23 17:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2006/09/06 16:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Corel
[2008/09/26 10:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2013/10/04 19:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\GlarySoft
[2006/12/14 18:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Google
[2005/08/25 02:37:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Gtek
[2006/01/04 09:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Help
[2010/05/24 10:43:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\HP
[2013/10/09 23:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\HPAppData
[2013/06/19 08:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\HpUpdate
[2004/08/10 13:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Identities
[2013/09/18 07:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\IObit
[2005/08/25 02:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Jasc Software Inc
[2012/12/26 11:50:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Landlord
[2010/11/02 14:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Leadertech
[2005/09/16 10:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Macromedia
[2011/03/08 14:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Malwarebytes
[2011/12/27 13:46:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\douglas wenz\Application Data\Microsoft
[2005/10/14 16:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Motive
[2011/03/11 18:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\OpenOffice.org
[2013/06/25 14:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\PDF Writer Packages
[2005/08/25 02:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Sun
[2010/02/19 12:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\Symantec
[2011/03/11 17:54:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\douglas wenz\Application Data\U3
[2013/09/24 15:50:14 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\douglas wenz\Application Data\yahoo!
< MD5 for: ATAPI.SYS >[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/06 16:41:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/06 16:41:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
< MD5 for: CSRSS.EXE >[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008/04/13 19:12:15 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=44F275C64738EA2056E3D9580C23B60F -- C:\WINDOWS\system32\csrss.exe
[2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\i386\csrss.exe
[2004/08/04 05:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=F12B178B1678D778CFD3FF1FC38C71FB -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
< MD5 for: MSWSOCK.DLL >[2008/06/20 12:41:10 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=097722F235A1FB698BF9234E01B52637 -- C:\WINDOWS\$NtServicePackUninstall$\mswsock.dll
[2008/06/20 12:36:11 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=1DFCA7713EA5A70D5D93B436AEA0317A -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\i386\mswsock.dll
[2004/08/04 05:00:00 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=4E74AF063C3271FBEA20DD940CFD1184 -- C:\WINDOWS\$NtUninstallKB951748_0$\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[2008/06/20 12:46:57 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=832E4DD8964AB7ACC880B2837CB1ED20 -- C:\WINDOWS\$NtUninstallKB2509553$\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\erdnt\cache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\dllcache\mswsock.dll
[2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=943337D786A56729263071623BBB9DE5 -- C:\WINDOWS\system32\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\$NtUninstallKB951748$\mswsock.dll
[2008/04/13 19:12:01 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=B4138E99236F0F57D4CF49BAE98A0746 -- C:\WINDOWS\ServicePackFiles\i386\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[2008/06/20 12:43:05 | 000,245,248 | ---- | M] (Microsoft Corporation) MD5=FCEE5FCB99F7C724593365C706D28388 -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
< MD5 for: NWPROVAU.DLL >[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\ServicePackFiles\i386\nwprovau.dll
[2008/04/13 19:12:02 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=06E587F41466569F32BEAAC7260E8AEC -- C:\WINDOWS\system32\nwprovau.dll
[2006/10/13 07:41:38 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=808CB47D7F6BE51B0354CD628CF45978 -- C:\WINDOWS\$hf_mig$\KB923980\SP2QFE\nwprovau.dll
[2006/10/13 07:35:12 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=AEEB687B865E1BAB04BB9C3604F92CEF -- C:\WINDOWS\$NtServicePackUninstall$\nwprovau.dll
[2004/08/04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\i386\nwprovau.dll
[2004/08/04 05:00:00 | 000,144,384 | ---- | M] (Microsoft Corporation) MD5=F01D97A8E0380BA52F58249A7B3BD7F1 -- C:\WINDOWS\$NtUninstallKB923980$\nwprovau.dll
< MD5 for: PNRPNSP.DLL >[2004/08/04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\i386\pnrpnsp.dll
[2004/08/04 05:00:00 | 000,048,640 | ---- | M] (Microsoft Corporation) MD5=74D3620D2E63489975E3956A40DDD35F -- C:\WINDOWS\$NtServicePackUninstall$\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\ServicePackFiles\i386\pnrpnsp.dll
[2008/04/13 19:12:02 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=AF1449AC1D79D37C7026C1D8912DDA8E -- C:\WINDOWS\system32\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\erdnt\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
< MD5 for: SVCHOST.EXE >[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\erdnt\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WINRNR.DLL >[2004/08/04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\i386\winrnr.dll
[2004/08/04 05:00:00 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=2C8FDB176F22629EA5342DB474FAC391 -- C:\WINDOWS\$NtServicePackUninstall$\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\ServicePackFiles\i386\winrnr.dll
[2008/04/13 19:12:09 | 000,016,896 | ---- | M] (Microsoft Corporation) MD5=D72B9EC3337B247A666F098F3D6B43DE -- C:\WINDOWS\system32\winrnr.dll
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2013/08/08 05:32:54 | 000,174,592 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles >[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles >< End of report >
-----------------------------------------------------------------------
Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 95.31 0 K 16 K 0
procexp.exe 3.13 17,448 K 24,656 K 2616 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Interrupts 1.56 0 K 0 K n/a Hardware Interrupts and DPCs
wmiprvse.exe 1,844 K 5,036 K 2836 WMI Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 6,300 K 3,880 K 712 Windows NT Logon Application Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
System 0 K 212 K 4
svchost.exe 2,568 K 4,456 K 652 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,932 K 4,592 K 1000 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3,136 K 5,132 K 924 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 14,948 K 26,580 K 1132 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,436 K 3,728 K 1204 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,536 K 3,968 K 1304 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 2,656 K 4,656 K 1484 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 5,432 K 7,480 K 2032 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,724 K 5,536 K 944 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,120 K 3,084 K 384 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
svchost.exe 1,120 K 3,068 K 468 Generic Host Process for Win32 Services Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
spoolsv.exe 4,580 K 7,208 K 1520 Spooler SubSystem App Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
smss.exe 168 K 416 K 616 Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smax4pnp.exe 2,688 K 4,780 K 1936 SMax4PNP MFC Application Analog Devices, Inc. (No signature was present in the subject) Analog Devices, Inc.
services.exe 1,924 K 4,224 K 756 Services and Controller app Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
qagent.exe 1,764 K 4,888 K 2000 Agent Module (No signature was present in the subject)
ntvdm.exe 2,256 K 1,112 K 300 NTVDM.EXE Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
notepad.exe 1,156 K 3,600 K 3848 Notepad Microsoft Corporation (Verified) Microsoft Windows Component Publisher
MsMpEng.exe 53,016 K 31,204 K 1092 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
mrtMngr.exe 1,004 K 3,368 K 460 Rate Sensing Manager Marimba Inc. (No signature was present in the subject) Marimba Inc.
mbamservice.exe 129,196 K 126,048 K 1712 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 3,332 K 5,804 K 1084 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamgui.exe 3,656 K 6,712 K 2896 Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsass.exe 3,896 K 1,280 K 768 LSA Shell (Export Version) Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
jusched.exe 904 K 3,000 K 2016 Java Update Scheduler Sun Microsystems, Inc. (Verified) Sun Microsystems
jqs.exe 2,308 K 1,400 K 988 Java Quick Starter Service Sun Microsystems, Inc. (Verified) Sun Microsystems
issch.exe 448 K 1,440 K 1952 InstallShield Update Service Scheduler InstallShield Software Corporation (No signature was present in the subject) InstallShield Software Corporation
igfxpers.exe 788 K 3,036 K 1976 persistence Module Intel Corporation (No signature was present in the subject) Intel Corporation
hpwuschd2.exe 708 K 2,452 K 2008 hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
hkcmd.exe 812 K 3,044 K 1968 hkcmd Module Intel Corporation (No signature was present in the subject) Intel Corporation
GoogleUpdate.exe 3,672 K 1,812 K 956 Google Installer Google Inc. (Verified) Google Inc
FreeAgentService.exe 4,112 K 4,812 K 360 Sync Windows Services Seagate Technology LLC (Verified) Seagate Technology
explorer.exe 20,124 K 28,436 K 1848 Windows Explorer Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
ctfmon.exe 1,040 K 3,912 K 204 CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 1,884 K 4,568 K 688 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
alg.exe 1,256 K 3,720 K 2656 Application Layer Gateway Service Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
------------------------------------------------------------------
Let me know if you need anything else. I should be able to respond promptly over the next few days.
Thanks for your help Ron!!