Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91703 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Redirect Virus/Malware

Suspicious.Cloud.7.L Backdoor.Trojan

  • Please log in to reply
9 replies to this topic

#1 mattpa2017

mattpa2017

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 29 January 2014 - 11:30 AM

Hello, recently after being duped into opening an email regarding a death, my personal laptop was infected with a virus.  Although Norton quarantined it immediately "Backdoor.Trojan" and "Suspicious.Cloud.7.L" I have been constantly getting redirects from searches, mainly while using Google Chrome.  I ran a multitude of Malware removal software and cleaned the results, however the problem persists.
 
Thank you for your time and assistance, here are the logs you have requested.
 
OTL logfile created on: 1/29/2014 12:03:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pat\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.94 Gb Total Physical Memory | 5.21 Gb Available Physical Memory | 65.64% Memory free
15.87 Gb Paging File | 12.74 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 14.03 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
 
Computer Name: PATREEDCPA-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/29 11:42:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pat\Downloads\OTL.exe
PRC - [2014/01/23 00:57:02 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/16 13:05:16 | 001,182,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2014/01/16 13:03:56 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
PRC - [2014/01/16 12:15:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/07 05:50:30 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/08 08:48:08 | 001,182,024 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2013/05/08 02:17:22 | 000,642,664 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2013/03/31 14:08:12 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/12/22 23:52:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/02/08 16:26:43 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
PRC - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/30 08:40:20 | 000,113,296 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/30 04:01:00 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 04:01:00 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/01/23 00:57:00 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppgooglenaclpluginchrome.dll
MOD - [2014/01/23 00:56:56 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
MOD - [2014/01/23 00:56:02 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
MOD - [2014/01/23 00:56:01 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
MOD - [2014/01/23 00:55:58 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
MOD - [2014/01/16 13:05:06 | 000,113,480 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\Webification.DLL
MOD - [2014/01/16 13:05:02 | 000,471,880 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\SyncManagerUtils.dll
MOD - [2014/01/16 13:04:54 | 000,125,256 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\ReportBridge.DLL
MOD - [2014/01/16 13:04:44 | 000,141,640 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
MOD - [2014/01/16 13:04:40 | 000,021,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.DLL
MOD - [2014/01/16 13:04:38 | 000,072,520 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QB2WPFBridge.dll
MOD - [2014/01/16 13:04:28 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
MOD - [2014/01/16 13:04:24 | 000,096,072 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetInterop.dll
MOD - [2014/01/16 13:04:24 | 000,085,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\IPDWidgetBridge.DLL
MOD - [2014/01/16 13:04:22 | 000,058,184 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\htmlhelper.dll
MOD - [2014/01/16 13:04:18 | 000,570,696 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.DLL
MOD - [2014/01/16 13:04:18 | 000,415,560 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
MOD - [2014/01/16 13:04:06 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2014/01/16 13:04:04 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
MOD - [2014/01/16 13:04:02 | 000,529,224 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
MOD - [2014/01/16 10:04:46 | 000,128,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.DLL
MOD - [2013/11/08 08:49:12 | 000,110,920 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\Webification.DLL
MOD - [2013/11/08 08:49:02 | 000,121,672 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\ReportBridge.DLL
MOD - [2013/11/08 08:48:46 | 000,138,568 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2013/11/08 08:48:44 | 000,021,320 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2013/11/08 08:48:40 | 000,070,472 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QB2WPFBridge.dll
MOD - [2013/11/08 08:48:32 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2013/11/08 08:48:24 | 000,400,200 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\FeaturesBridge.DLL
MOD - [2013/11/08 08:48:14 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2013/11/08 08:48:14 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2013/11/08 08:48:12 | 000,380,744 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2013/10/09 06:54:33 | 001,079,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\51ffeacb880d9c15fecc1c74f83e8973\System.IdentityModel.ni.dll
MOD - [2013/10/09 06:54:32 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll
MOD - [2013/10/09 06:54:14 | 013,347,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\acff59954013a05e79afd759bd8987bf\System.Data.Entity.ni.dll
MOD - [2013/10/09 06:53:09 | 001,189,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\7c784d0b8d6c24a12fdeac753d242b53\System.Data.OracleClient.ni.dll
MOD - [2013/10/09 06:53:06 | 012,177,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\d359d3a18707ee1c64074240cc73a1bf\System.Web.ni.dll
MOD - [2013/10/09 06:53:00 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/10/09 06:52:59 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll
MOD - [2013/10/09 06:52:57 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f58dc6b661c4fb91c68945da9b701135\System.Xml.Linq.ni.dll
MOD - [2013/10/09 05:15:12 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll
MOD - [2013/10/09 05:14:53 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll
MOD - [2013/10/09 05:14:49 | 006,817,280 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\de9e77138e17f0188104c9ec32d375da\System.Data.ni.dll
MOD - [2013/10/09 05:14:42 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll
MOD - [2013/10/09 05:14:37 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll
MOD - [2013/10/09 05:14:33 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll
MOD - [2013/10/09 05:14:33 | 000,751,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\d38fa9699dd602db6b0a1a83ffe8dbea\System.Security.ni.dll
MOD - [2013/08/14 14:27:14 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll
MOD - [2013/08/14 14:27:02 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.ni.dll
MOD - [2013/08/14 14:27:02 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll
MOD - [2013/08/14 14:27:02 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\bfa9e814cb8b662508aa93ae387b434f\System.EnterpriseServices.Wrapper.dll
MOD - [2013/08/14 14:27:00 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll
MOD - [2013/08/14 14:26:28 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll
MOD - [2013/08/14 09:26:00 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll
MOD - [2013/08/14 09:25:57 | 000,309,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9d160913e64d7732a8c725fc7f2d818b\PresentationFramework.Classic.ni.dll
MOD - [2013/08/14 09:25:56 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll
MOD - [2013/08/14 09:25:55 | 000,755,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll
MOD - [2013/08/14 09:25:54 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll
MOD - [2013/07/11 14:04:47 | 000,145,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\cfbc74c91b44af85d10b272ae5c70d5a\System.Numerics.ni.dll
MOD - [2013/07/11 14:04:46 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2012/12/22 23:53:04 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
MOD - [2012/01/10 10:56:16 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/11/11 05:08:32 | 000,126,520 | R--- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/03/01 23:56:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/04/23 17:55:56 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/01/13 07:38:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/12/29 14:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/02 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
SRV - [2014/01/23 07:49:59 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/16 12:15:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/09 11:51:56 | 000,585,728 | ---- | M] (Research In Motion Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe -- (BlackBerry Device Manager)
SRV - [2013/03/31 14:08:12 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/12/22 23:52:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2012/02/08 16:26:43 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/11/07 14:37:20 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2010/11/20 22:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/04/13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010/01/13 07:38:52 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe -- (STacSV)
SRV - [2009/09/30 04:01:00 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 04:01:00 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/24 10:57:04 | 000,136,704 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/02 10:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/28 13:02:03 | 000,032,512 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/06/27 10:35:46 | 000,079,872 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2012/10/03 20:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/07/10 06:19:06 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/23 21:23:20 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011/08/16 01:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/08/01 15:59:06 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 00:44:06 | 007,766,528 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/01 23:20:46 | 000,278,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 07:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/05/27 15:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/13 09:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/24 11:10:18 | 000,181,248 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/02/24 11:10:16 | 000,078,336 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/01/13 07:38:52 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/01/11 14:31:00 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/07 10:22:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/01/07 10:22:40 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/01/07 10:22:36 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/01/07 10:22:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/27 17:45:06 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/09/16 20:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/01/22 11:20:52 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140128.019\ex64.sys -- (NAVEX15)
DRV - [2014/01/22 11:20:52 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140128.019\eng64.sys -- (NAVENG)
DRV - [2014/01/18 18:26:00 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20140128.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20140121.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/21 05:52:09 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/21 05:52:09 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Pat\AppData\Local\Spoon\3.32.4.17\npMozillaSpoonPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFF [2013/10/09 10:26:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2014/01/29 05:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quickprint@hp.com: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 14:27:28 | 000,000,000 | ---D | M]
 
[2012/12/21 05:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: WinZip Courier = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk\4.0.0.0_0\
CHR - Extension: Star Gazer = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme\1.1_0\
CHR - Extension: Norton Identity Protection = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.18.4_0\
CHR - Extension: Google Wallet = C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll (WinZip Computing, S.L.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (MTB Protector) - {A506AB80-0F02-4D47-A3FA-576D33F026F9} - C:\Windows\Downloaded Program Files\MandT.ocx ()
O2 - BHO: (WinZip Courier BHO) - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll (WinZip Computing, S.L.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D0659405-AD2E-4195-B67E-8B3AC42D763E} https://qbo.intuit.c...147/qboax11.cab (QuickBooks Online Edition Utilities Class v11)
O16 - DPF: {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...40/qboimax9.cab (QuickBooks Online Edition Import Utilities Class v9)
O16 - DPF: {FD66A9C1-684A-4A3A-8D39-4709B1FD7D7C} https://webinfoplus....erius/MandT.cab (ActiveFormMandT Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA52A262-71FE-4878-9588-3B22D0C0CAFC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb6 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb6 {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{027eec60-6480-11e2-96e9-ebaf61730a5a}\Shell - "" = AutoRun
O33 - MountPoints2\{027eec60-6480-11e2-96e9-ebaf61730a5a}\Shell\AutoRun\command - "" = D:\DTLplus_Launcher.exe
O33 - MountPoints2\{8a820c10-5f26-11e1-8917-b87a34ecf52d}\Shell - "" = AutoRun
O33 - MountPoints2\{8a820c10-5f26-11e1-8917-b87a34ecf52d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{b52d11a6-64a0-11e1-8aa5-b8f393578152}\Shell - "" = AutoRun
O33 - MountPoints2\{b52d11a6-64a0-11e1-8aa5-b8f393578152}\Shell\AutoRun\command - "" = G:\FIBPGuard.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/28 13:14:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/28 13:09:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/28 12:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/01/28 12:15:07 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\RK_Quarantine
[2014/01/26 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolters Kluwer CCH eBooks
[2014/01/26 16:21:21 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Wolters Kluwer CCH eBooks
[2014/01/26 15:17:08 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\NPE
[2014/01/24 14:18:04 | 000,000,000 | ---D | C] -- C:\Users\Pat\AppData\Local\Amnworks
[2014/01/20 13:17:58 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\Naples 2013 Updated
[2014/01/19 08:27:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2014/01/16 05:58:31 | 000,000,000 | R--D | C] -- C:\Users\Pat\Desktop\2014 CPE
[2014/01/16 05:55:07 | 000,000,000 | ---D | C] -- C:\Users\Pat\Desktop\Fazakerley Files to be Sorted
[2014/01/15 02:34:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2014/01/15 02:34:31 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2014/01/15 02:34:31 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/29 11:55:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/29 11:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/29 11:18:58 | 000,002,300 | ---- | M] () -- C:\Users\Pat\Desktop\Google Chrome.lnk
[2014/01/29 05:55:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 05:30:12 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/29 05:30:12 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/29 05:27:20 | 003,821,260 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/29 05:27:20 | 001,223,096 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/29 05:27:20 | 000,006,394 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/29 05:23:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/29 05:22:56 | 2095,464,447 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/28 13:02:03 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/01/28 12:59:40 | 000,004,148 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/01/26 16:21:23 | 000,002,536 | ---- | M] () -- C:\Users\Pat\Desktop\Start CCH eBooks.lnk
[2014/01/26 08:51:16 | 000,171,371 | ---- | M] () -- C:\Users\Pat\Desktop\https___secure.ssa.gov_apps12z_W2Online_download.do_idstr=_ussplex_data_appsprd_EWR_W2Online_SS648FL426085040.pdf
[2014/01/24 14:20:01 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI
[2014/01/23 07:50:41 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2014/01/23 07:49:58 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/01/23 07:49:58 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/21 05:44:21 | 000,044,275 | ---- | M] () -- C:\Users\Pat\Desktop\Capri Due TB Categories.pdf
[2014/01/15 03:17:45 | 000,460,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/14 08:41:43 | 000,086,274 | ---- | M] () -- C:\Users\Pat\Desktop\NAS Roermond July 31 03 12 2013.pdf
 
========== Files Created - No Company Name ==========
 
[2014/01/28 13:02:02 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2014/01/28 12:59:40 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/01/26 16:21:23 | 000,002,536 | ---- | C] () -- C:\Users\Pat\Desktop\Start CCH eBooks.lnk
[2014/01/26 14:08:09 | 000,171,371 | ---- | C] () -- C:\Users\Pat\Desktop\https___secure.ssa.gov_apps12z_W2Online_download.do_idstr=_ussplex_data_appsprd_EWR_W2Online_SS648FL426085040.pdf
[2014/01/24 14:20:01 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2014/01/21 05:44:21 | 000,044,275 | ---- | C] () -- C:\Users\Pat\Desktop\Capri Due TB Categories.pdf
[2014/01/14 08:41:43 | 000,086,274 | ---- | C] () -- C:\Users\Pat\Desktop\NAS Roermond July 31 03 12 2013.pdf
[2013/11/27 06:41:07 | 000,436,512 | ---- | C] () -- C:\Windows\SysWow64\hpcc3145.dll
[2013/01/18 14:42:17 | 000,024,772 | ---- | C] () -- C:\ProgramData\P1100DEF.css
[2013/01/18 14:42:17 | 000,004,376 | R--- | C] () -- C:\ProgramData\P1100OS.HTM
[2013/01/18 14:42:17 | 000,002,944 | ---- | C] () -- C:\ProgramData\P1100SIG.GIF
[2012/11/28 11:33:26 | 000,000,000 | ---- | C] () -- C:\Users\Pat\AppData\Roaming\bibstats
[2012/10/06 14:06:20 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012/10/06 14:06:19 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012/10/06 13:25:56 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/10/06 13:25:56 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/10/06 13:25:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/10/06 13:25:56 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/10/06 13:25:56 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/10/06 13:25:56 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/10/06 13:25:55 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/10/06 13:25:55 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/10/06 13:25:55 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/10/06 13:25:55 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/10/06 13:25:55 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/10/06 13:25:55 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/10/06 13:25:55 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/10/06 13:25:55 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/10/06 13:25:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/10/06 13:25:55 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/10/06 13:06:16 | 000,000,044 | ---- | C] () -- C:\Windows\WFP GTS5080.ini
[2012/08/11 06:20:52 | 000,000,124 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/05/09 08:39:53 | 000,008,192 | ---- | C] () -- C:\Users\Pat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/03 08:02:16 | 000,777,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/08 16:12:11 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/02/08 02:41:10 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2012/02/08 02:23:40 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.ADML  >
[2011/04/12 03:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2011/04/12 03:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
 
< MD5 for: EXPLORER.ADMX  >
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 15:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 22:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 22:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: EXPLORER.EXE.MUI  >
[2011/04/12 03:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2011/04/12 03:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2011/04/12 03:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2011/04/12 03:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui
 
< MD5 for: IEXPLORE.BAT  >
[2013/10/15 17:05:47 | 000,031,414 | ---- | M] () MD5=75C9C20DD9839BF287B43B0E179822DC -- C:\Users\Pat\AppData\Local\Temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2013/11/26 05:34:28 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/11/26 05:34:28 | 000,804,560 | ---- | M] (Microsoft Corporation) MD5=0685765C0CBE095BA0C6C8790BAE21EF -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2010/11/20 22:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010/11/20 22:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2013/11/26 05:34:28 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/11/26 05:34:28 | 000,806,096 | ---- | M] (Microsoft Corporation) MD5=C8A8321292A459B0A17FB39A782A5C74 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.2344.DMP  >
[2014/01/26 08:19:44 | 002,467,787 | ---- | M] () MD5=683305D082A7ADAF46D43F30EC882F4C -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.2344.dmp
[2014/01/26 08:19:44 | 002,467,787 | ---- | M] () MD5=683305D082A7ADAF46D43F30EC882F4C -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.2344.dmp
 
< MD5 for: IEXPLORE.EXE.9040.DMP  >
[2014/01/26 08:17:28 | 009,048,905 | ---- | M] () MD5=07459ECEC198DD2962786D5AB4581499 -- C:\ProgramData\Norton\LocalDumps\iexplore.exe.9040.dmp
[2014/01/26 08:17:28 | 009,048,905 | ---- | M] () MD5=07459ECEC198DD2962786D5AB4581499 -- C:\Users\All Users\Norton\LocalDumps\iexplore.exe.9040.dmp
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2013/11/26 05:34:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/26 05:34:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/11/26 05:34:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_74ba04defa813a61\iexplore.exe.mui
[2013/11/26 05:34:28 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=0B33787AB6EE3BB5FDB0C7C52E4E06A6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_11.2.9600.16428_en-us_7f0eaf312ee1fc5c\iexplore.exe.mui
[2009/07/13 21:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/13 21:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2009/06/10 16:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.CFG  >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/12/21 01:04:16 | 000,559,392 | ---- | M] () MD5=F9FBA73F44366AB3514BD1985707F178 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg
 
< MD5 for: SERVICES.CSS  >
[2012/01/10 10:48:08 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2012\Components\Services\services.css
[2012/12/22 23:42:20 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files (x86)\Intuit\QuickBooks 2013\Components\Services\services.css
 
< MD5 for: SERVICES.DAT  >
[2014/01/01 04:20:33 | 000,004,134 | ---- | M] () MD5=C9B4F36E8BE111CCBC44A2A8FD32C5EC -- C:\Users\Pat\AppData\Local\Temp\jrt\services.dat
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2011/04/12 03:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.HEARSTMAGS[1].XML  >
[2013/05/14 08:31:49 | 000,000,114 | ---- | M] () MD5=5A7A383153E4638C60CF72538EEB4497 -- C:\Users\Pat\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\EAZZRMDC\services.hearstmags[1].xml
 
< MD5 for: SERVICES.LNK  >
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 23:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 15:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2011/04/12 03:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 15:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2011/04/12 03:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 16:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 15:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: WINLOGON.ADML  >
[2011/04/12 03:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2011/04/12 03:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml
 
< MD5 for: WINLOGON.ADMX  >
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/10 16:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 22:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2011/04/12 03:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2011/04/12 03:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
 
< MD5 for: WINLOGON.MFL  >
[2011/04/12 03:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2011/04/12 03:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl
 
< MD5 for: WINLOGON.MOF  >
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 15:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2012/06/05 17:12:17 | 000,001,424 | ---- | M] () -- C:\0
[2012/06/06 02:38:17 | 000,000,010 | ---- | M] () -- C:\0.bak
[2012/12/29 10:23:22 | 000,005,521 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/12/29 10:24:13 | 000,005,253 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2014/01/29 05:22:56 | 2095,464,447 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2014/01/29 05:22:58 | 4225,609,727 | -HS- | M] () -- C:\pagefile.sys
[2013/07/27 11:18:11 | 000,725,028 | ---- | M] () -- C:\sysfile.log
[2014/01/28 12:10:53 | 000,148,416 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_28.01.2014_12.10.16_log.txt
[2014/01/28 12:11:39 | 000,216,102 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_28.01.2014_12.10.56_log.txt
[2014/01/28 12:13:29 | 000,216,116 | ---- | M] () -- C:\TDSSKiller.3.0.0.19_28.01.2014_12.12.42_log.txt
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
 
< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
[2012/12/14 15:26:44 | 000,001,638 | -HS- | M] () -- C:\Users\Pat\AppData\Roaming\Microsoft\LastFlashConfig.wfc
 
< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C has no label.
 Volume Serial Number is F441-BDC7
 Directory of C:\
07/14/2009  12:08 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
07/14/2009  12:08 AM    <SYMLINKD>     All Users [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\ProgramData]
07/14/2009  12:08 AM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
07/14/2009  12:08 AM    <JUNCTION>     Documents [C:\Users\Public\Documents]
07/14/2009  12:08 AM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009  12:08 AM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009  12:08 AM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
07/14/2009  12:08 AM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009  12:08 AM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009  12:08 AM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009  12:08 AM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009  12:08 AM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
07/14/2009  12:08 AM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
07/14/2009  12:08 AM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009  12:08 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Default\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Pat
02/08/2012  12:48 AM    <JUNCTION>     Application Data [C:\Users\Pat\AppData\Roaming]
02/08/2012  12:48 AM    <JUNCTION>     Cookies [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Cookies]
02/08/2012  12:48 AM    <JUNCTION>     Local Settings [C:\Users\Pat\AppData\Local]
02/08/2012  12:48 AM    <JUNCTION>     My Documents [C:\Users\Pat\Documents]
02/08/2012  12:48 AM    <JUNCTION>     NetHood [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/08/2012  12:48 AM    <JUNCTION>     PrintHood [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/08/2012  12:48 AM    <JUNCTION>     Recent [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Recent]
02/08/2012  12:48 AM    <JUNCTION>     SendTo [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\SendTo]
02/08/2012  12:48 AM    <JUNCTION>     Start Menu [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu]
02/08/2012  12:48 AM    <JUNCTION>     Templates [C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Pat\AppData\Local
02/08/2012  12:48 AM    <JUNCTION>     Application Data [C:\Users\Pat\AppData\Local]
02/08/2012  12:48 AM    <JUNCTION>     History [C:\Users\Pat\AppData\Local\Microsoft\Windows\History]
02/08/2012  12:48 AM    <JUNCTION>     Temporary Internet Files [C:\Users\Pat\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Pat\Documents
02/08/2012  12:48 AM    <JUNCTION>     My Music [C:\Users\Pat\Music]
02/08/2012  12:48 AM    <JUNCTION>     My Pictures [C:\Users\Pat\Pictures]
02/08/2012  12:48 AM    <JUNCTION>     My Videos [C:\Users\Pat\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Public\Documents
07/14/2009  12:08 AM    <JUNCTION>     My Music [C:\Users\Public\Music]
07/14/2009  12:08 AM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
07/14/2009  12:08 AM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser20
09/05/2012  08:25 AM    <JUNCTION>     Application Data [C:\Users\QBDataServiceUser20\AppData\Roaming]
09/05/2012  08:25 AM    <JUNCTION>     Cookies [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Cookies]
09/05/2012  08:25 AM    <JUNCTION>     Local Settings [C:\Users\QBDataServiceUser20\AppData\Local]
09/05/2012  08:25 AM    <JUNCTION>     My Documents [C:\Users\QBDataServiceUser20\Documents]
09/05/2012  08:25 AM    <JUNCTION>     NetHood [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/05/2012  08:25 AM    <JUNCTION>     PrintHood [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/05/2012  08:25 AM    <JUNCTION>     Recent [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Recent]
09/05/2012  08:25 AM    <JUNCTION>     SendTo [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\SendTo]
09/05/2012  08:25 AM    <JUNCTION>     Start Menu [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Start Menu]
09/05/2012  08:25 AM    <JUNCTION>     Templates [C:\Users\QBDataServiceUser20\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser20\AppData\Local
09/05/2012  08:25 AM    <JUNCTION>     Application Data [C:\Users\QBDataServiceUser20\AppData\Local]
09/05/2012  08:25 AM    <JUNCTION>     History [C:\Users\QBDataServiceUser20\AppData\Local\Microsoft\Windows\History]
09/05/2012  08:25 AM    <JUNCTION>     Temporary Internet Files [C:\Users\QBDataServiceUser20\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser20\Documents
09/05/2012  08:25 AM    <JUNCTION>     My Music [C:\Users\QBDataServiceUser20\Music]
09/05/2012  08:25 AM    <JUNCTION>     My Pictures [C:\Users\QBDataServiceUser20\Pictures]
09/05/2012  08:25 AM    <JUNCTION>     My Videos [C:\Users\QBDataServiceUser20\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser23
01/26/2013  06:15 AM    <JUNCTION>     Application Data [C:\Users\QBDataServiceUser23\AppData\Roaming]
01/26/2013  06:15 AM    <JUNCTION>     Cookies [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Cookies]
01/26/2013  06:15 AM    <JUNCTION>     Local Settings [C:\Users\QBDataServiceUser23\AppData\Local]
01/26/2013  06:15 AM    <JUNCTION>     My Documents [C:\Users\QBDataServiceUser23\Documents]
01/26/2013  06:15 AM    <JUNCTION>     NetHood [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/26/2013  06:15 AM    <JUNCTION>     PrintHood [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/26/2013  06:15 AM    <JUNCTION>     Recent [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Recent]
01/26/2013  06:15 AM    <JUNCTION>     SendTo [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\SendTo]
01/26/2013  06:15 AM    <JUNCTION>     Start Menu [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Start Menu]
01/26/2013  06:15 AM    <JUNCTION>     Templates [C:\Users\QBDataServiceUser23\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser23\AppData\Local
01/26/2013  06:15 AM    <JUNCTION>     Application Data [C:\Users\QBDataServiceUser23\AppData\Local]
01/26/2013  06:15 AM    <JUNCTION>     History [C:\Users\QBDataServiceUser23\AppData\Local\Microsoft\Windows\History]
01/26/2013  06:15 AM    <JUNCTION>     Temporary Internet Files [C:\Users\QBDataServiceUser23\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\QBDataServiceUser23\Documents
01/26/2013  06:15 AM    <JUNCTION>     My Music [C:\Users\QBDataServiceUser23\Music]
01/26/2013  06:15 AM    <JUNCTION>     My Pictures [C:\Users\QBDataServiceUser23\Pictures]
01/26/2013  06:15 AM    <JUNCTION>     My Videos [C:\Users\QBDataServiceUser23\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile
02/13/2012  11:43 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/13/2012  11:43 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/13/2012  11:43 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/13/2012  11:43 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/13/2012  11:43 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/13/2012  11:43 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/13/2012  11:43 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/13/2012  11:43 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/13/2012  11:43 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/13/2012  11:43 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\AppData\Local
02/13/2012  11:43 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/13/2012  11:43 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/13/2012  11:43 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\System32\config\systemprofile\Documents
02/13/2012  11:43 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
02/13/2012  11:43 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/13/2012  11:43 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile
02/13/2012  11:43 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
02/13/2012  11:43 AM    <JUNCTION>     Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
02/13/2012  11:43 AM    <JUNCTION>     Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
02/13/2012  11:43 AM    <JUNCTION>     My Documents [C:\Windows\system32\config\systemprofile\Documents]
02/13/2012  11:43 AM    <JUNCTION>     NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/13/2012  11:43 AM    <JUNCTION>     PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/13/2012  11:43 AM    <JUNCTION>     Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
02/13/2012  11:43 AM    <JUNCTION>     SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
02/13/2012  11:43 AM    <JUNCTION>     Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
02/13/2012  11:43 AM    <JUNCTION>     Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local
02/13/2012  11:43 AM    <JUNCTION>     Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
02/13/2012  11:43 AM    <JUNCTION>     History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
02/13/2012  11:43 AM    <JUNCTION>     Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Windows\SysWOW64\config\systemprofile\Documents
02/13/2012  11:43 AM    <JUNCTION>     My Music [C:\Windows\system32\config\systemprofile\Music]
02/13/2012  11:43 AM    <JUNCTION>     My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
02/13/2012  11:43 AM    <JUNCTION>     My Videos [C:\Windows\system32\config\systemprofile\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
             114 Dir(s)  15,115,214,848 bytes free
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/12/29 07:28:02 | 000,000,221 | -HS- | M] () -- C:\Users\Pat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2013/01/26 06:07:59 | 519,512,416 | ---- | M] (Intuit, Inc.                                                ) -- C:\Users\Pat\Desktop\QuickBooksPro2013.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
< End of report >
 

OTL Extras logfile created on: 1/29/2014 12:03:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Pat\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.94 Gb Total Physical Memory | 5.21 Gb Available Physical Memory | 65.64% Memory free
15.87 Gb Paging File | 12.74 Gb Available in Paging File | 80.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 14.03 Gb Free Space | 12.56% Space Free | Partition Type: NTFS
 
Computer Name: PATREEDCPA-PC | User Name: Pat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13C0FB5A-168A-4196-8E8F-D2514F2E109C}" = lport=427 | protocol=6 | dir=in | name=advanced tcp/ip slp port | 
"{17BD96C8-CBAF-44F1-99FE-02D22ACCD507}" = lport=9100 | protocol=6 | dir=in | name=advanced tcp/ip printer port | 
"{1B11B880-58F0-4E47-B489-5939EA441D26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1BAFB0BD-71DD-461B-AE70-F1B7A2CD2AE6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1E07DF72-5339-416E-8C54-D9B777A3DA18}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{1ECF13C9-EFAD-4610-B31E-498DCEDCFBB6}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{20BA9095-D887-44FF-A4BB-C3DB17829538}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DB96E11-C833-4098-B0FA-9B8596F70549}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2DCFAB8C-DD62-4B79-B40B-FF78AC62736F}" = lport=161 | protocol=6 | dir=in | name=advanced tcp/ip snmp port | 
"{31650C1B-E97C-4269-9289-10073F7CABC1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3575A729-E51F-41EA-8EB7-D2369389A77D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B215149-4522-4450-9BDD-DD1192F658F8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4D9F387A-FF95-49AF-8417-B0D65437F22F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{51D620A2-377E-4301-98DC-CEA557E7F4EE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{541BC86F-C199-442F-8261-CB2F9BB7DCDA}" = lport=427 | protocol=17 | dir=in | name=slp | 
"{67575B6D-1BD3-482D-AB7D-18BA0E800D49}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{67B1A544-228B-4E14-9B9C-642FD6056C74}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{75DDB62D-49CE-413B-9948-56AC5230A87D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{7D31F242-BB5C-4451-8625-92C87B26BDDD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8077F8B9-889B-40DB-8685-FEE7002D7683}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{80D26890-79B4-42DF-BD2A-3D7A07EC757D}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{8193BCA0-1EF7-4688-939D-9D4E7194820A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{871017E8-6699-479C-913A-82408BA50AAE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{8B9DB795-E332-41DC-A241-1B8E7284A3BE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{942986D3-E178-4B40-AFA7-194737518F3A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | 
"{947AD3EB-6A4E-4583-A20A-A4BAA8E32D81}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9B4A34C3-9372-40DF-89E2-B81F6261DB17}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A18ECC96-4709-4C45-B64D-AB7A05A96404}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A87AC1AA-42D5-4D24-B339-DC8F4CA950D3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{AAB2B3E1-D0CA-47FB-8F82-5F20D181E50B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B0A19C22-1463-43AF-B235-AC09BAA681B6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{B13A7C34-0A4D-46D9-89A0-3C244E57B6CD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C791C57D-168C-4761-A6F8-1FE8C4688F42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D56F2391-F416-4691-A06C-6C27B0457145}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | 
"{DB0FCB5A-348D-4E54-A852-3DA44EFB8141}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DDA4D83F-E65F-4416-8809-08165035729A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3B9BF57-6DAA-488F-9F22-40EA0846BA3E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E987492A-1079-46F9-9346-19AFEDF03833}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F7D3F33C-20CC-4653-8308-C605CBB0C86C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FF604DF9-1852-4722-B4A7-62847DDB9867}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18266624-396F-48D0-BE49-BC8ADA171930}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1C9438EA-55D2-442C-BE41-C18FC391BA0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2484DFC5-FB65-422D-A1F4-D1BA5ECCA10F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{364728DA-3D28-4036-AC77-A61DE38BDFC6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{469ADDBE-8CFB-4471-A980-F67C97E2985D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{47E9275E-917F-4BCC-AABE-ABE93E495D96}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{4F58C391-46A5-43E1-9155-B9D9F1ABB83E}" = protocol=6 | dir=in | app=c:\lj_cp5520_series\installer\hpbcsiinstaller.exe | 
"{56425D1B-B27D-4A0F-AFEF-490FB5371874}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5FCC1583-090C-43A6-980F-C0B634F5439C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5FD9CF72-8FA8-47BB-B1DF-D1A1E948C630}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{63696F64-8F48-454B-89E2-9938C8F9A0B3}" = protocol=17 | dir=in | app=d:\productinst64.exe | 
"{66C84E4B-F2D2-434F-A3F9-184D39865CC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{68C0E656-0D6B-44C6-9BBE-E1708FD04249}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6D3F92D8-5110-4121-9B89-A95F9327FBF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{784B275F-8566-4E23-B7C4-671FDB63BE11}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{8D716DD2-1D78-4E1B-B26A-CF052BE0A88C}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{916EE789-AA80-413E-BEF7-5559DB2F9241}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | 
"{A5D50833-4B1D-4C1C-8AD7-C0DE818E36B8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BDC7ADB6-CE61-4718-A808-C2C7DF9CFCE0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C383F9C9-0952-4A58-82A0-B4C317D12865}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | 
"{CD0FF079-10B2-4248-B3AC-11F78CEF16BF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D3004141-364C-4FA8-BA30-97C5E0D02576}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D4F7C41E-9241-42E6-AC07-EF8FAB842F18}" = protocol=6 | dir=in | app=d:\productinst64.exe | 
"{D8CF98F3-C0F9-4133-85BF-86866279D147}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D9A6E0A9-6F09-49F3-8A5D-C09C9D7BDAB5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DCD0A0DC-C457-413D-A475-711F64B9F7B4}" = protocol=6 | dir=out | app=system | 
"{DF953B1F-BA3C-4F77-9E50-4CE5AE85299F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DF984BF8-C142-4A95-A0E6-FC70E28C5E72}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe | 
"{E8441DE0-541C-4F12-A5D1-B8DCB819AACA}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{E874F9F5-6869-4957-9C5D-BEDEF33FB761}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EC3E41DA-5E41-44B5-A26D-272CA915C928}" = protocol=17 | dir=in | app=c:\lj_cp5520_series\installer\hpbcsiinstaller.exe | 
"{ED313656-D317-44FA-BC95-C36A57AE2569}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{EE0642FA-0FB5-479B-A9DF-867CDED1F4C4}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe | 
"{F0246D18-748C-4CEA-AA9D-A748F2DBBF59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{29F3F869-8E21-448A-96EF-D27D30C1B73A}C:\users\pat\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pat\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{5E8734D0-AB15-4255-9B0A-02DE1E270F0C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{6EAABCE6-B2A1-4C76-B9B3-33F46F5479D5}C:\users\pat\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\pat\appdata\local\google\chrome\application\chrome.exe | 
"TCP Query User{A77FD81E-64A1-4717-9576-3215D9A14338}C:\users\pat\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pat\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{EB841578-90B8-4B55-8502-75F1BE240086}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{11D3156E-1C16-4CED-A0BB-D72F75EAD6C0}C:\users\pat\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pat\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{17E9DD66-FBFD-42CB-9008-1044356818D0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{4422EFF9-2AF5-425C-9218-9F48DDF6C810}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{47C515F3-62B7-47F0-B7F4-F92F238714C8}C:\users\pat\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\pat\appdata\local\google\chrome\application\chrome.exe | 
"UDP Query User{99C9F22F-8DA4-404C-917D-3AB5CB3B4E58}C:\users\pat\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pat\appdata\local\akamai\netsession_win.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19348319-1E3C-0227-014A-CFF56A288D15}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{3138F992-045B-4F55-825C-53B231E647CA}" = 64 Bit HP CIO Components Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = Broadcom 2070 Bluetooth 2.1 + EDR
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D00DC627-DA7C-0AC8-6B60-93AE87E30DDC}" = ccc-utility64
"{DFB3914C-99B4-43C7-A9B6-298C2E11152A}" = HP Wireless Assistant
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
"7E38E30BB92ED94B21CF062A7386554CBA991FEB" = Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414)
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{6D6058C2-16C9-4763-B1B5-6F1C3491069B}}" = HP LaserJet Enterprise 500 color M551
"{05443ACD-891A-3C3C-267C-3AF8F02B4110}" = CCC Help Thai
"{089E59F0-23BB-4221-A985-DDA57BE6D0E5}" = Quicken Converter
"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppP1100P1560P1600SeriesLaserJetService
"{110A29DE-27CD-C331-86E3-0FFBC567C105}" = CCC Help Hungarian
"{14F27FD4-7EB9-4B2B-986D-F7D7859291FD}" = HPLaserJetEnterprise500colorM551_HelpLearnCenter
"{158AA7E9-ACC0-4635-8228-0707275BAEFE}" = CCC Help Czech
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1E1EF702-0FD3-4F6C-A986-F5BA78CF4553}" = System Files
"{1E32F3E1-7EE5-4F07-8A13-BDE69D2B246B}" = Host_ActiveX_Controls
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2191EA15-4A02-8B5C-FDDA-4EAD0B3169A4}" = CCC Help Finnish
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{2725E87E-8642-45AF-4109-9BB1C99C4B49}" = CCC Help Dutch
"{2DD1F97F-238E-C87D-250B-7BB8D139EB41}" = CCC Help Polish
"{2DF68708-8E2E-4A96-9773-FEB8F19E902E}" = WorkForce Pro GT-S50 Scanner Driver Update
"{2F38AE53-90E6-35FB-EB3E-D1A5D58A7BCA}" = ccc-core-static
"{2FB9DDB9-78FD-4395-AF0E-591E43691B71}" = CCC Help Norwegian
"{3167CC62-C775-4E47-92C1-73EBB845751A}" = QuickBooks
"{32866C44-2FD5-126A-D0AD-FC7661FE450D}" = CCC Help Korean
"{334147DC-B3C8-4626-A985-4AEA8A36DAB6}" = BlackBerry Device Software Updater
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3C631966-387E-4054-85D9-BBFFABE32BD8}" = QuickBooks Pro 2013
"{3CA182B4-A2F5-C20E-B867-7588F2A79F4E}" = CCC Help Portuguese
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45160C56-61F6-468D-A5B0-9FAE2C3E68D6}" = Catalyst Control Center - Branding
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4980C2AC-E8E3-3D79-DD42-9EF102C66EF8}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C173751-3C53-34D8-BD38-8EC248732C34}" = Catalyst Control Center InstallProxy
"{543A636A-E53F-416F-8AB5-8BFE7B698C69}" = Crystal Reports9
"{56EEEB03-80D6-4462-B594-BCC70BC71ABD}" = CCH eBooks
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67CACEE5-B2BC-4b27-BB4D-3865D0F772FA}" = HP Color LaserJet CP5520 Series
"{6F81AEB8-9838-F28D-957C-1D1AB9128A8B}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7C4A09A7-C641-4330-95B5-23F64DDEE1C2}" = ISIS Drivers
"{853F464A-B2B8-404E-BA3E-B98FF6862C41}" = hppusgP1100P1560P1600Series
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8835F9DB-3607-4AC5-953A-ACE7426DA6DA}" = HPLaserJetHelp_LearnCenter
"{8C01BBB8-C396-1FA9-5BEC-0640C3D577CE}" = Catalyst Control Center Localization All
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9253166B-265D-48D5-B774-2A65D99CD0BC}" = Portal
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F00B817-B177-6933-F923-A35D37D430E9}" = CCC Help Japanese
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF2766E0-6A5B-4945-374F-296F806BB893}" = CCC Help English
"{B15BC765-82A7-BC69-AF23-64CD02C3EF67}" = CCC Help Swedish
"{B7854BD2-055C-D7ED-0280-E3B94A6B9A0A}" = CCC Help Turkish
"{B8C377B1-284E-16DE-6EB1-FCFB88543200}" = CCC Help Italian
"{B8DF0209-6AEB-9F69-C541-825CEF567A8B}" = Catalyst Control Center Graphics Previews Common
"{C6C5428A-2A8D-FF3D-F241-1244C6E0DECD}" = CCC Help Greek
"{C824A1E5-EEC3-DC50-A6D3-A810CAC4701F}" = CCC Help Spanish
"{CD95F661-A5C4-11AF-B2CC-ABCD21A325BE}" = WinZip Courier
"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DDA955C0-5D2C-E403-56F1-97A7FFC88373}" = CCC Help Russian
"{DEDE7E01-8341-9579-169A-3C89137727A0}" = CCC Help German
"{E1CC5210-A4E0-62F9-216C-F964C24C4C3B}" = Catalyst Control Center Graphics Previews Vista
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E44096DC-9389-47DE-9515-C7CA51EE05D7}" = BlackBerry Desktop Software 7.1
"{E4CDC591-B738-B1A6-B60F-4C88D513F043}" = CCC Help Danish
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EDEA8AB7-7683-4ED2-AA19-E6C078064C0D}" = Microsoft WSE 3.0
"{EEFD8ECF-FF84-49A5-A721-28625F0CCBF6}" = TaxInstallFiles
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9956472-6E16-4F83-BF9A-F887EF4A45B7}" = EPSON Scan PDF EXtensions
"{FB2E9B37-377B-AC70-F52D-1756FFCE0C09}" = CCC Help Chinese Traditional
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"BlackBerry_Desktop" = BlackBerry Desktop Software 7.1
"Crystal Reports9" = Crystal Reports9
"EPSON Scanner" = EPSON Scan
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"MCLIENT" = Norton Management
"NIS" = Norton Internet Security
"Norton PC Checkup_is1" = Norton PC Checkup
"NortonPCCheckup" = Norton PC Checkup
"Office14.SingleImage" = Microsoft Office Professional 2010
"ProSystem fx Tax" = ProSystem fx Tax
"ProSystem fx Workstation" = ProSystem fx Workstation
"TValue Version 5.20 Single User Edition" = TValue Version 5.20 Single User Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"RTRP Exam Review 2012" = RTRP Exam Review 2012
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/29/2014 7:54:57 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": Connection
 String:CON=QBConnectionPool-Probe-QB_data_engine_22; ;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
 Files\Shaw Consulting LLC.qbw;ENG=QB_data_engine_22;DBN=4b1e09e8ceed484fb12ff323da4506
 
Error - 1/29/2014 7:54:57 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2012": DBConnPool::HandleConnectionError
 errorCode:-6069, dbCode:-103 from file:'.\.\src\ConnPool.cpp' at line 1038 from
 function:'DBMgr::DBConnPool::ini
 
Error - 1/29/2014 9:35:40 AM | Computer Name = PatReedCPA-PC | Source = Application Hang | ID = 1002
Description = The program Acrobat.exe version 9.5.5.316 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1ad4    Start
 Time: 01cf1cf584e1c48c    Termination Time: 32    Application Path: C:\Program Files (x86)\Adobe\Acrobat
 9.0\Acrobat\Acrobat.exe    Report Id: 3b7df698-88ea-11e3-b3cb-70f3957b228d  
 
Error - 1/29/2014 11:08:34 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 11:08:34 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 11:09:17 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 11:13:15 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 11:26:29 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 11:26:41 AM | Computer Name = PatReedCPA-PC | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks Pro 2013": V23.0D R12
 (M=1066, L=339, C=249, V=0 (0)
 
Error - 1/29/2014 12:24:04 PM | Computer Name = PatReedCPA-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Hewlett-Packard Events ]
Error - 2/16/2012 4:04:49 PM | Computer Name = PatReedCPA-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828   at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
 
   at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result()     at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
 sender, RunWorkerCompletedEventArgs e)     at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
 e)     at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
 
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
 An exception occurred during the operation, making the result invalid.  Check InnerException
 for exception details.  StackTrace:   at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
 
   at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result()     at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
 sender, RunWorkerCompletedEventArgs e)     at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
 e)     at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
 
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
 System  InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Logs\SystemInfoSI.xml'.    Name: HPSF.exe  Version: 06.00.01.01  Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 8125  Ram Utilization:   TargetSite: Void RaiseExceptionIfNecessary()  
 
Error - 2/16/2012 4:05:25 PM | Computer Name = PatReedCPA-PC | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()
 
   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to initialize registry items  StackTrace:   at 
HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.InitRegItem()     at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean
 singleScan, Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 HPAsset fails to release.    Name: hpsa_service.exe  Version: 06.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe  Format: en-US  RAM:
 8125  Ram Utilization: 30  TargetSite: Void InitRegItem()  
 
Error - 3/1/2012 4:12:03 PM | Computer Name = PatReedCPA-PC | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828   at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
 
   at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result()     at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
 sender, RunWorkerCompletedEventArgs e)     at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
 e)     at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
 
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
 An exception occurred during the operation, making the result invalid.  Check InnerException
 for exception details.  StackTrace:   at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()
 
   at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result()     at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
 sender, RunWorkerCompletedEventArgs e)     at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
 e)     at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)
 
   at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
 Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
 source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
 System  InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Logs\SystemInfoSI.xml'.    Name: HPSF.exe  Version: 06.00.01.01  Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 8125  Ram Utilization: 20  TargetSite: Void RaiseExceptionIfNecessary()  
 
[ HP Wireless Assistant Events ]
Error - 10/26/2013 10:16:25 AM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10/26/2013 10:16:25 AM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10/26/2013 2:29:41 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10/26/2013 2:29:41 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10/27/2013 2:38:24 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10/27/2013 2:38:24 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10/28/2013 5:20:41 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10/28/2013 5:20:41 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
Error - 10/28/2013 5:33:35 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = GetPanelBrightnessTables() failed : e_BIOS_INVALID_COMMAND_TYPE
 
Error - 10/28/2013 5:33:35 PM | Computer Name = PatReedCPA-PC | Source = HP WA Service | ID = 0
Description = Unable to access panel brightness tables.
 
[ System Events ]
Error - 1/28/2014 4:44:10 PM | Computer Name = PatReedCPA-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
Error - 1/28/2014 6:59:36 PM | Computer Name = PatReedCPA-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 43. The internal error state
 is 252.
 
Error - 1/28/2014 6:59:37 PM | Computer Name = PatReedCPA-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 43. The internal error state
 is 252.
 
Error - 1/29/2014 4:32:51 AM | Computer Name = PatReedCPA-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 1/29/2014 5:04:14 AM | Computer Name = PatReedCPA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:02:02 AM on ?1/?29/?2014 was unexpected.
 
Error - 1/29/2014 5:04:34 AM | Computer Name = PatReedCPA-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
Error - 1/29/2014 5:06:22 AM | Computer Name = PatReedCPA-PC | Source = BROWSER | ID = 8032
Description = 
 
Error - 1/29/2014 6:23:02 AM | Computer Name = PatReedCPA-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:17:07 AM on ?1/?29/?2014 was unexpected.
 
Error - 1/29/2014 6:24:19 AM | Computer Name = PatReedCPA-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
 %%-2147023143.
 
 
< End of report >
 

 


    Advertisements

Register to Remove


#2 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 01 February 2014 - 10:38 AM

Hi and welcome

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(use correct version for your system.....Which system am I using?)


Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#3 mattpa2017

mattpa2017

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 01 February 2014 - 11:02 AM

Hi Juliet, thanks!  I recently uninstalled google chrome, but I could not post the logs on IE (Which is constantly freezing btw) and had to reinstall Chrome to post the logs.
 
-Matt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Pat (administrator) on PATREEDCPA-PC on 01-02-2014 11:57:25
Running from C:\Users\Pat\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2096424 2010-05-27] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-23] (Hewlett-Packard Company)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113296 2010-03-30] (NEC Electronics Corporation)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\.DEFAULT\...\Run: [Norton Download Manager{NSME22-B22-4abb-B07C-C084B04B4F12}] - C:\Users\Public\Downloads\Norton\{NSME22-B22-4abb-B07C-C084B04B4F12}\ccSvcHst.exe /m
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3896505401-1459429643-2233467921-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-3896505401-1459429643-2233467921-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-3896505401-1459429643-2233467921-1000\...\MountPoints2: {027eec60-6480-11e2-96e9-ebaf61730a5a} - D:\DTLplus_Launcher.exe
HKU\S-1-5-21-3896505401-1459429643-2233467921-1000\...\MountPoints2: {8a820c10-5f26-11e1-8917-b87a34ecf52d} - D:\LaunchU3.exe -a
HKU\S-1-5-21-3896505401-1459429643-2233467921-1000\...\MountPoints2: {b52d11a6-64a0-11e1-8aa5-b8f393578152} - G:\FIBPGuard.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
BHO: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie64.dll (WinZip Computing, S.L.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: MTB Protector - {A506AB80-0F02-4D47-A3FA-576D33F026F9} - C:\Windows\Downloaded Program Files\MandT.ocx ()
BHO-x32: WinZip Courier BHO - {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\Program Files (x86)\WinZip Courier\wzwmcie32.dll (WinZip Computing, S.L.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {D0659405-AD2E-4195-B67E-8B3AC42D763E} https://qbo.intuit.c...147/qboax11.cab
DPF: HKLM-x32 {F4D10716-6F96-48E9-8A08-7E3AD71054AD} https://qbo.intuit.c...40/qboimax9.cab
DPF: HKLM-x32 {FD66A9C1-684A-4A3A-8D39-4709B1FD7D7C} https://webinfoplus....erius/MandT.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} -  No File
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-01]
CHR Extension: (Google Drive) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-01]
CHR Extension: (YouTube) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-01]
CHR Extension: (Google Search) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-01]
CHR Extension: (WinZip Courier) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk [2014-02-01]
CHR Extension: (Norton Identity Protection) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-01]
CHR Extension: (Google Wallet) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-01]
CHR Extension: (Gmail) - C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-01]
CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [2012-10-10]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx [2013-09-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [132504 2013-03-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe [126392 2011-11-07] (Symantec Corporation)
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-12-22] (Intuit, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe [244736 2010-01-13] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-21] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-01-28] ()
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20140131.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140131.002\ENG64.SYS [126040 2014-01-22] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140131.002\EX64.SYS [2099288 2014-01-22] (Symantec Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-07-10] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-01 11:56 - 2014-02-01 11:56 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-01 11:56 - 2014-02-01 11:56 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 11:56 - 2014-02-01 11:56 - 00002300 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 11:56 - 2014-02-01 11:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:56 - 2014-02-01 11:56 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 11:56 - 2014-02-01 11:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-01 11:49 - 2014-02-01 11:49 - 00026639 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-02-01 11:48 - 2014-02-01 11:57 - 00015408 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-02-01 11:48 - 2014-02-01 11:57 - 00000000 ___DC () C:\FRST
2014-02-01 11:47 - 2014-02-01 11:47 - 02080256 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe
2014-02-01 11:47 - 2014-02-01 11:47 - 02080256 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-01-29 15:12 - 2014-01-29 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 12:13 - 2014-01-29 12:13 - 00195322 _____ () C:\Users\Pat\Downloads\OTL.Txt
2014-01-29 12:13 - 2014-01-29 12:13 - 00081368 _____ () C:\Users\Pat\Downloads\Extras.Txt
2014-01-29 11:42 - 2014-01-29 11:42 - 00602112 _____ (OldTimer Tools) C:\Users\Pat\Downloads\OTL.exe
2014-01-29 04:23 - 2014-01-29 04:23 - 00003168 _____ () C:\Users\Pat\Downloads\invite.ics
2014-01-28 13:24 - 2014-01-28 13:24 - 02347384 _____ (ESET) C:\Users\Pat\Downloads\esetsmartinstaller_enu.exe
2014-01-28 13:22 - 2014-01-28 13:22 - 00000981 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-01-28 13:14 - 2014-01-28 13:14 - 01037068 _____ (Thisisu) C:\Users\Pat\Downloads\JRT.exe
2014-01-28 13:14 - 2014-01-28 13:14 - 00000000 ____D () C:\Windows\ERUNT
2014-01-28 13:09 - 2014-01-28 13:09 - 01166132 _____ () C:\Users\Pat\Downloads\adwcleaner.exe
2014-01-28 13:02 - 2014-01-28 13:02 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-28 12:59 - 2014-01-28 12:59 - 00004148 _____ () C:\Windows\system32\.crusader
2014-01-28 12:56 - 2014-01-28 13:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-28 12:55 - 2014-01-28 12:56 - 10264904 _____ (SurfRight B.V.) C:\Users\Pat\Downloads\HitmanPro_x64.exe
2014-01-28 12:18 - 2014-01-28 12:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Pat\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 12:17 - 2014-01-28 12:17 - 00001807 _____ () C:\Users\Pat\Desktop\RKreport[0]_D_01282014_121714.txt
2014-01-28 12:16 - 2014-01-28 12:16 - 00001737 _____ () C:\Users\Pat\Desktop\RKreport[0]_S_01282014_121649.txt
2014-01-28 12:15 - 2014-01-28 12:17 - 00000000 ____D () C:\Users\Pat\Desktop\RK_Quarantine
2014-01-28 03:11 - 2014-01-28 03:11 - 00019503 _____ () C:\Users\Pat\Downloads\ElizabethE.HuguelyPayrollReports.xls
2014-01-27 15:59 - 2014-01-27 15:59 - 00044544 _____ () C:\Users\Pat\Downloads\McCormick - Summary of Conference Call and Steps Needed for 1.27.14 call (1).xls
2014-01-27 15:58 - 2014-01-27 15:59 - 00044544 _____ () C:\Users\Pat\Downloads\McCormick - Summary of Conference Call and Steps Needed for 1.27.14 call.xls
2014-01-26 16:21 - 2014-01-26 16:21 - 00002536 _____ () C:\Users\Pat\Desktop\Start CCH eBooks.lnk
2014-01-26 16:21 - 2014-01-26 16:21 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolters Kluwer CCH eBooks
2014-01-26 16:21 - 2014-01-26 16:21 - 00000000 ____D () C:\Users\Pat\AppData\Local\Wolters Kluwer CCH eBooks
2014-01-26 15:17 - 2014-01-26 16:19 - 00000000 ____D () C:\Users\Pat\AppData\Local\NPE
2014-01-26 14:56 - 2014-01-26 14:56 - 00000165 ____H () C:\Users\Pat\Desktop\~$Copy of Hellenic_MEPE_12 31 2013_Balance_Sheet_MJR_r2.xlsx
2014-01-25 08:02 - 2014-02-01 11:44 - 00002418 _____ () C:\Windows\setupact.log
2014-01-25 08:02 - 2014-01-25 08:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-25 07:56 - 2014-01-22 08:00 - 00141148 _____ () C:\Users\Pat\Desktop\TB.01 Roermond Financial Report.xlsx
2014-01-24 14:20 - 2014-01-24 14:20 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-01-24 14:18 - 2014-01-26 05:33 - 00000000 ____D () C:\Users\Pat\AppData\Local\Amnworks
2014-01-24 09:28 - 2014-01-24 09:28 - 00009728 _____ () C:\Users\Pat\Downloads\report2.xls
2014-01-24 09:19 - 2014-01-24 09:19 - 00006144 _____ () C:\Users\Pat\Downloads\report1 (1).xls
2014-01-22 06:03 - 2014-01-22 06:03 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (4).asx
2014-01-22 06:02 - 2014-01-22 06:03 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (3).asx
2014-01-21 10:56 - 2014-01-21 10:56 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (2).asx
2014-01-21 10:56 - 2014-01-21 10:56 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (1).asx
2014-01-21 10:16 - 2014-01-21 10:16 - 00018944 _____ () C:\Users\Pat\Downloads\report1.xls
2014-01-21 07:11 - 2014-01-21 07:11 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM.asx
2014-01-20 13:17 - 2014-01-20 15:32 - 00000000 ____D () C:\Users\Pat\Desktop\Naples 2013 Updated
2014-01-19 08:29 - 2014-01-19 08:29 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Pat\Downloads\Shockwave_Installer_Slim (1).exe
2014-01-19 08:27 - 2014-01-19 08:27 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Pat\Downloads\Shockwave_Installer_Slim.exe
2014-01-19 08:27 - 2014-01-19 08:27 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-01-19 07:44 - 2014-01-19 07:44 - 00000167 _____ () C:\Users\Pat\Downloads\2481824.csv
2014-01-16 05:58 - 2014-01-21 15:36 - 00000000 ___RD () C:\Users\Pat\Desktop\2014 CPE
2014-01-16 05:55 - 2014-01-16 06:02 - 00000000 ____D () C:\Users\Pat\Desktop\Fazakerley Files to be Sorted
2014-01-15 02:34 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 02:34 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 02:34 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 02:34 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2014-02-01 11:57 - 2014-02-01 11:48 - 00015408 _____ () C:\Users\Pat\Desktop\FRST.txt
2014-02-01 11:57 - 2014-02-01 11:48 - 00000000 ___DC () C:\FRST
2014-02-01 11:56 - 2014-02-01 11:56 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-01 11:56 - 2014-02-01 11:56 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-01 11:56 - 2014-02-01 11:56 - 00002300 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-01 11:56 - 2014-02-01 11:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:56 - 2014-02-01 11:56 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 11:56 - 2014-02-01 11:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-01 11:56 - 2012-02-08 01:24 - 00000000 ____D () C:\Users\Pat\AppData\Local\Google
2014-02-01 11:51 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 11:51 - 2009-07-13 23:45 - 00022080 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 11:49 - 2014-02-01 11:49 - 00026639 _____ () C:\Users\Pat\Desktop\Addition.txt
2014-02-01 11:49 - 2009-07-14 00:13 - 00006394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 11:47 - 2014-02-01 11:47 - 02080256 _____ (Farbar) C:\Users\Pat\Downloads\FRST64.exe
2014-02-01 11:47 - 2014-02-01 11:47 - 02080256 _____ (Farbar) C:\Users\Pat\Desktop\FRST64.exe
2014-02-01 11:44 - 2014-01-25 08:02 - 00002418 _____ () C:\Windows\setupact.log
2014-02-01 11:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 11:42 - 2012-05-23 08:07 - 00000000 ____D () C:\Users\Pat\Documents\Outlook Files
2014-02-01 11:34 - 2012-07-28 11:28 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 07:49 - 2012-05-27 13:13 - 00000000 ___DC () C:\wfx32
2014-01-31 07:02 - 2012-06-06 07:02 - 00040188 _____ () C:\Users\Pat\AppData\Roaming\Rim.Desktop.Exception.log
2014-01-31 07:02 - 2012-06-06 07:02 - 00038500 _____ () C:\Users\Pat\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-01-31 06:43 - 2012-02-08 00:48 - 01282625 _____ () C:\Windows\WindowsUpdate.log
2014-01-29 15:12 - 2014-01-29 15:12 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-01-29 12:13 - 2014-01-29 12:13 - 00195322 _____ () C:\Users\Pat\Downloads\OTL.Txt
2014-01-29 12:13 - 2014-01-29 12:13 - 00081368 _____ () C:\Users\Pat\Downloads\Extras.Txt
2014-01-29 11:42 - 2014-01-29 11:42 - 00602112 _____ (OldTimer Tools) C:\Users\Pat\Downloads\OTL.exe
2014-01-29 05:24 - 2013-02-09 13:00 - 00076288 ___SH () C:\Users\Pat\Desktop\Thumbs.db
2014-01-29 04:23 - 2014-01-29 04:23 - 00003168 _____ () C:\Users\Pat\Downloads\invite.ics
2014-01-28 13:24 - 2014-01-28 13:24 - 02347384 _____ (ESET) C:\Users\Pat\Downloads\esetsmartinstaller_enu.exe
2014-01-28 13:22 - 2014-01-28 13:22 - 00000981 _____ () C:\Users\Pat\Desktop\JRT.txt
2014-01-28 13:14 - 2014-01-28 13:14 - 01037068 _____ (Thisisu) C:\Users\Pat\Downloads\JRT.exe
2014-01-28 13:14 - 2014-01-28 13:14 - 00000000 ____D () C:\Windows\ERUNT
2014-01-28 13:10 - 2012-12-21 05:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-28 13:09 - 2014-01-28 13:09 - 01166132 _____ () C:\Users\Pat\Downloads\adwcleaner.exe
2014-01-28 13:02 - 2014-01-28 13:02 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-01-28 13:01 - 2014-01-28 12:56 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-01-28 12:59 - 2014-01-28 12:59 - 00004148 _____ () C:\Windows\system32\.crusader
2014-01-28 12:56 - 2014-01-28 12:55 - 10264904 _____ (SurfRight B.V.) C:\Users\Pat\Downloads\HitmanPro_x64.exe
2014-01-28 12:48 - 2012-06-07 04:11 - 00371658 _____ () C:\Windows\PFRO.log
2014-01-28 12:18 - 2014-01-28 12:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Pat\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-28 12:17 - 2014-01-28 12:17 - 00001807 _____ () C:\Users\Pat\Desktop\RKreport[0]_D_01282014_121714.txt
2014-01-28 12:17 - 2014-01-28 12:15 - 00000000 ____D () C:\Users\Pat\Desktop\RK_Quarantine
2014-01-28 12:16 - 2014-01-28 12:16 - 00001737 _____ () C:\Users\Pat\Desktop\RKreport[0]_S_01282014_121649.txt
2014-01-28 03:11 - 2014-01-28 03:11 - 00019503 _____ () C:\Users\Pat\Downloads\ElizabethE.HuguelyPayrollReports.xls
2014-01-27 15:59 - 2014-01-27 15:59 - 00044544 _____ () C:\Users\Pat\Downloads\McCormick - Summary of Conference Call and Steps Needed for 1.27.14 call (1).xls
2014-01-27 15:59 - 2014-01-27 15:58 - 00044544 _____ () C:\Users\Pat\Downloads\McCormick - Summary of Conference Call and Steps Needed for 1.27.14 call.xls
2014-01-27 13:57 - 2012-10-19 12:53 - 00000000 ___DC () C:\TValue5
2014-01-27 11:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-26 16:21 - 2014-01-26 16:21 - 00002536 _____ () C:\Users\Pat\Desktop\Start CCH eBooks.lnk
2014-01-26 16:21 - 2014-01-26 16:21 - 00000000 ____D () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wolters Kluwer CCH eBooks
2014-01-26 16:21 - 2014-01-26 16:21 - 00000000 ____D () C:\Users\Pat\AppData\Local\Wolters Kluwer CCH eBooks
2014-01-26 16:19 - 2014-01-26 15:17 - 00000000 ____D () C:\Users\Pat\AppData\Local\NPE
2014-01-26 16:19 - 2012-09-05 08:25 - 00000000 ____D () C:\Users\QBDataServiceUser20
2014-01-26 15:56 - 2012-12-21 05:50 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-01-26 15:55 - 2012-10-06 13:19 - 00000000 ____D () C:\Program Files (x86)\Epson Software
2014-01-26 15:55 - 2012-02-08 01:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-26 15:54 - 2013-01-05 08:17 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-01-26 15:26 - 2013-12-21 04:34 - 00000000 ____D () C:\Users\Pat\AppData\Local\Spoon
2014-01-26 15:26 - 2012-02-08 00:48 - 00000000 ___RD () C:\Users\Pat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 15:17 - 2012-02-08 02:46 - 00000000 ____D () C:\ProgramData\Norton
2014-01-26 14:56 - 2014-01-26 14:56 - 00000165 ____H () C:\Users\Pat\Desktop\~$Copy of Hellenic_MEPE_12 31 2013_Balance_Sheet_MJR_r2.xlsx
2014-01-26 13:52 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-01-26 05:33 - 2014-01-24 14:18 - 00000000 ____D () C:\Users\Pat\AppData\Local\Amnworks
2014-01-25 08:02 - 2014-01-25 08:02 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-25 06:04 - 2012-02-24 15:31 - 00000000 ____D () C:\Windows\Minidump
2014-01-24 14:20 - 2014-01-24 14:20 - 00000000 _____ () C:\Windows\EEventManager.INI
2014-01-24 13:46 - 2012-02-08 00:48 - 00000000 ____D () C:\Users\Pat
2014-01-24 09:28 - 2014-01-24 09:28 - 00009728 _____ () C:\Users\Pat\Downloads\report2.xls
2014-01-24 09:19 - 2014-01-24 09:19 - 00006144 _____ () C:\Users\Pat\Downloads\report1 (1).xls
2014-01-24 08:31 - 2012-05-27 09:17 - 00000000 ___RD () C:\Users\Pat\Desktop\Health and Nutrition
2014-01-23 07:50 - 2012-07-28 11:28 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-23 07:50 - 2012-02-08 16:26 - 00000000 ____D () C:\Users\Pat\AppData\Local\Adobe
2014-01-23 07:50 - 2012-02-08 16:12 - 00000090 _____ () C:\Windows\QBChanUtil_Trigger.ini
2014-01-23 07:49 - 2012-07-28 11:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-23 07:49 - 2012-07-28 11:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-23 03:02 - 2012-02-09 13:38 - 00000000 ____D () C:\Users\Pat\AppData\Local\CrashDumps
2014-01-22 08:00 - 2014-01-25 07:56 - 00141148 _____ () C:\Users\Pat\Desktop\TB.01 Roermond Financial Report.xlsx
2014-01-22 06:03 - 2014-01-22 06:03 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (4).asx
2014-01-22 06:03 - 2014-01-22 06:02 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (3).asx
2014-01-21 15:36 - 2014-01-16 05:58 - 00000000 ___RD () C:\Users\Pat\Desktop\2014 CPE
2014-01-21 10:56 - 2014-01-21 10:56 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (2).asx
2014-01-21 10:56 - 2014-01-21 10:56 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM (1).asx
2014-01-21 10:16 - 2014-01-21 10:16 - 00018944 _____ () C:\Users\Pat\Downloads\report1.xls
2014-01-21 07:11 - 2014-01-21 07:11 - 00000288 _____ () C:\Users\Pat\Downloads\WTOPFM.asx
2014-01-20 15:32 - 2014-01-20 13:17 - 00000000 ____D () C:\Users\Pat\Desktop\Naples 2013 Updated
2014-01-19 08:29 - 2014-01-19 08:29 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Pat\Downloads\Shockwave_Installer_Slim (1).exe
2014-01-19 08:27 - 2014-01-19 08:27 - 04901896 _____ (Adobe Systems Inc.) C:\Users\Pat\Downloads\Shockwave_Installer_Slim.exe
2014-01-19 08:27 - 2014-01-19 08:27 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-01-19 07:44 - 2014-01-19 07:44 - 00000167 _____ () C:\Users\Pat\Downloads\2481824.csv
2014-01-16 06:02 - 2014-01-16 05:55 - 00000000 ____D () C:\Users\Pat\Desktop\Fazakerley Files to be Sorted
2014-01-15 03:17 - 2009-07-13 23:45 - 00460000 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 03:01 - 2013-08-14 09:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:00 - 2012-02-13 09:22 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 07:55 - 2009-07-14 00:08 - 00032596 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-07 09:35 - 2013-01-26 06:15 - 00000000 ____D () C:\Users\QBDataServiceUser23
2014-01-06 12:16 - 2012-02-08 03:54 - 00000000 ___RD () C:\Users\Pat\Desktop\1. Important files
 
Some content of TEMP:
====================
C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\_is4770.exe
C:\Users\Pat\AppData\Local\Temp\_is8E5F.exe
C:\Users\Pat\AppData\Local\Temp\_isBACC.exe
C:\Users\Pat\AppData\Local\Temp\_isD4F.exe
C:\Users\Pat\AppData\Local\Temp\_isE989.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-29 03:09
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04
Ran by Pat at 2014-02-01 11:57:45
Running from C:\Users\Pat\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (x32 Version: 6.00.1395.4512 - ABBYY Software House)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe Digital Editions 2.0 (x32 Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
ATI Catalyst Install Manager (Version: 3.0.790.0 - ATI Technologies, Inc.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.33 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.33 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (x32 Version: 8.0.0.41 - Research In Motion Ltd)
Broadcom 2070 Bluetooth 2.1 + EDR (Version: 6.2.1.1100 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0301.2343.42506 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2011.0301.2343.42506 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0301.2343.42506 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0301.2343.42506 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help English (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help French (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help German (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0301.2342.42506 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0301.2343.42506 - ATI) Hidden
ccc-utility64 (Version: 2011.0301.2343.42506 - ATI) Hidden
CCH eBooks (x32 Version: 1.0.13.5101 - Wolters Kluwer)
Crystal Reports9 (x32 Version: 2005.1020.1239.0001 - CCH Incorporated)
Crystal Reports9 (x32 Version: 2005.1020.1239.0001 - CCH Incorporated) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)
Epson Event Manager (x32 Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (x32 Version:  - Seiko Epson Corporation)
EPSON Scan PDF EXtensions (x32 Version: 1.00.0000 - SEIKO EPSON Corp.)
ESET Online Scanner v3 (x32 Version:  - )
ESU for Microsoft Windows 7 (x32 Version: 1.0.0 - Hewlett-Packard)
Google Calendar Sync (x32 Version:  - )
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
HL-2270DW (x32 Version: 1.0.7.0 - Brother Industries, Ltd.)
Host_ActiveX_Controls (x32 Version: 1.0.0 - SAKSON)
HP Color LaserJet CP5520 Series (x32 Version:  - Hewlett-Packard)
HP LaserJet Enterprise 500 color M551 (x32 Version:  - Hewlett-Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (Version:  - )
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Wireless Assistant (Version: 4.0.7.0 - Hewlett-Packard Company)
HPLaserJetEnterprise500colorM551_HelpLearnCenter (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPLaserJetHelp_LearnCenter (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
IDT Audio (x32 Version: 1.0.6265.0 - IDT)
Intel® Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (x32 Version: 9.6.2.1001 - Intel Corporation)
ISIS Drivers (x32 Version: 1.00.0000 - EMC Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 (x32 Version: 3.0.5305.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.20.0 - NEC Electronics Corporation) Hidden
Norton Internet Security (x32 Version: 19.9.1.14 - Symantec Corporation)
Norton Management (x32 Version: 3.2.2.12 - Symantec Corporation)
Norton PC Checkup (x32 Version: 2.0.17.20 - Symantec Corporation)
Norton PC Checkup (x32 Version: 3.0.2.122.0 - NortonLive Services)
Portal (x32 Version: 12.13.0523.1014 - CCH Tax and Accounting. A Wolters Kluwer Company.)
ProSystem fx Tax (x32 Version:  - CCH Inc.)
ProSystem fx Workstation (x32 Version:  - CCH Inc)
QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (x32 Version: 22.0.4015.2206 - Intuit Inc.)
QuickBooks Pro 2013 (x32 Version: 23.0.4005.2305 - Intuit Inc.)
Quicken Converter (x32 Version: 22.1.1.21 - Intuit, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009 - Realtek)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RTRP Exam Review 2012 (HKCU Version: 2012.1.0.0 - Matrix Learning Systems, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SupportSoft Assisted Service (x32 Version: 15 - SupportSoft)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.0.17.4 - Synaptics Incorporated)
System Files (x32 Version: 20.12.1022.1524 - CCH Tax and Accounting. A Wolters Kluwer Company.) Hidden
TaxInstallFiles (x32 Version: 08.08.1112.1106 - CCH Tax and Accounting. A Wolters Kluwer Company.)
TValue Version 5.20 Single User Edition (x32 Version:  - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinZip Courier (x32 Version: 4.0.10284 - WinZip Computing, S.L. )
WorkForce Pro GT-S50 Scanner Driver Update (x32 Version:  - )
 
==================== Restore Points  =========================
 
26-01-2014 21:15:43 Norton_Power_Eraser_20140126161542478
29-01-2014 17:05:19 OTL Restore Point - 1/29/2014 12:05:18 PM
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {06D42306-D38C-46DA-AA6F-EF2ED4627112} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {146878C0-1E0D-4B6E-BBB4-DDE3291E9E45} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {160B45A7-D43F-4071-8C62-3AEF72E6A4EB} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {3EFA7C23-E094-431C-9753-C4C4984C915A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-23] (Adobe Systems Incorporated)
Task: {62821D50-0664-423D-95CB-27811C1FB9B5} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {A94743E5-DC2B-48B7-A143-68A7C80BF8DE} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {AF868613-9ABF-457B-ABC3-96E6A80C79B8} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {B1B6DAF1-3DCE-4017-838F-6E19E26A94A3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-01] (Google Inc.)
Task: {BFB82C2C-3501-4E83-9E78-6B2239C79B01} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\SymErr.exe [2012-10-18] (Symantec Corporation)
Task: {D62D15AD-9F8F-4AE6-9CA8-DB060869C3EC} - System32\Tasks\{7115DBB1-BABE-4D8F-B8D4-F4BDCEDBF98F} => C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE [2013-09-06] (Microsoft Corporation)
Task: {DF085BEB-D148-4E70-A800-2F6C2A7EE9E9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-01-02 10:26 - 2011-04-02 16:05 - 00290304 _____ () C:\Windows\System32\HP1100LM.DLL
2008-09-09 10:22 - 2008-09-09 10:22 - 00022016 _____ () C:\Windows\System32\sst1cl6.dll
2013-01-02 10:26 - 2011-04-02 16:04 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2010-04-23 17:55 - 2010-04-23 17:55 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-04-23 17:55 - 2010-04-23 17:55 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-23 17:56 - 2010-04-23 17:56 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll
2012-12-22 23:53 - 2012-12-22 23:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
2014-01-16 10:04 - 2014-01-16 10:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll
2014-01-16 13:04 - 2014-01-16 13:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00063032 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll
2009-08-04 17:23 - 2009-08-04 17:23 - 00075320 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 00136248 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll
2009-08-04 17:22 - 2009-08-04 17:22 - 00678968 _____ () C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll
2013-08-14 10:24 - 2013-08-14 10:24 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\eff228aa396c1d45248a54b44d7ce5a0\IsdiInterop.ni.dll
2012-02-08 03:43 - 2010-04-13 09:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-02-01 11:56 - 2014-01-23 00:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-02-01 11:56 - 2014-01-23 00:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-02-01 11:56 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-02-01 11:56 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-02-01 11:56 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/01/2014 11:49:32 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.
 
Error: (02/01/2014 11:49:32 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.
 
Error: (02/01/2014 11:46:21 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 08:17:14 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 08:17:14 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:29:12 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:29:12 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:28:08 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:28:07 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:27:50 AM) (Source: QuickBooks) (User: )
Description: An unexpected error has occured in "QuickBooks Pro 2013":
V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
 
System errors:
=============
Error: (02/01/2014 11:45:30 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Listener service terminated with service-specific error %%-2147023143.
 
Error: (01/31/2014 03:22:50 PM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{DA52A262-71FE-4878-9588-3B22D0C0CAFC}.
The backup browser is stopping.
 
Error: (01/31/2014 08:36:36 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR5.
 
Error: (01/31/2014 07:02:16 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:15 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:14 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:11 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
Error: (01/31/2014 07:02:09 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR4.
 
 
Microsoft Office Sessions:
=========================
Error: (02/01/2014 11:49:32 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000
 
Error: (02/01/2014 11:49:32 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000
 
Error: (02/01/2014 11:46:21 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/01/2014 08:17:14 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 08:17:14 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:29:12 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:29:12 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:28:08 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:28:07 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
Error: (02/01/2014 07:27:50 AM) (Source: QuickBooks)(User: )
Description: QuickBooks Pro 2013V23.0D R12 (M=1066, L=339, C=249, V=0 (0))
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 8125.86 MB
Available physical RAM: 6096.11 MB
Total Pagefile: 16249.89 MB
Available Pagefile: 13846.39 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.69 GB) (Free:13.11 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 53E021CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=112 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



#4 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 01 February 2014 - 11:19 AM

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
 

start
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\_is4770.exe
C:\Users\Pat\AppData\Local\Temp\_is8E5F.exe
C:\Users\Pat\AppData\Local\Temp\_isBACC.exe
C:\Users\Pat\AppData\Local\Temp\_isD4F.exe
C:\Users\Pat\AppData\Local\Temp\_isE989.exe
end



Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


adwcleaner_download.png
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~``

    -Junkware-Removal-Tool-

    Please download Junkware Removal Tool to your desktop.

    Vista / 7 / 8 users:
    You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please post:
    Fixlog.txt
    C:\AdwCleaner[S1].txt
    JRT.txt

    After you run these scans, also tell me what problems persist.

Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#5 mattpa2017

mattpa2017

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 01 February 2014 - 11:51 AM

I will have to continue some daily activities on my computer, I'll let you know ASAP if problems arise.

Thanks again for the help and I'll get back to you in a few hours if I encounter any problems.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Pat at 2014-02-01 12:27:32 Run:1
Running from C:\Users\Pat\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - No File
Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe
C:\Users\Pat\AppData\Local\Temp\_is4770.exe
C:\Users\Pat\AppData\Local\Temp\_is8E5F.exe
C:\Users\Pat\AppData\Local\Temp\_isBACC.exe
C:\Users\Pat\AppData\Local\Temp\_isD4F.exe
C:\Users\Pat\AppData\Local\Temp\_isE989.exe
end
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKCR\PROTOCOLS\Handler\intu-help-qb2 => Key deleted successfully.
HKCR\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749} => Key not found.
HKCR\PROTOCOLS\Handler\intu-help-qb3 => Key deleted successfully.
HKCR\CLSID\{c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} => Key not found.
HKCR\PROTOCOLS\Handler\intu-help-qb5 => Key deleted successfully.
HKCR\CLSID\{867FCB77-9823-4cd6-8210-D85F968D466F} => Key not found.
HKCR\PROTOCOLS\Handler\intu-help-qb6 => Key deleted successfully.
HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => Key not found.
HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.
HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\intu-help-qb2 => Key not found.
HKCR\Wow6432Node\CLSID\{84D77A00-41B5-4b8b-8ADF-86486D72E749} => Key not found.
HKCR\Wow6432Node\PROTOCOLS\Handler\intu-help-qb3 => Key not found.
HKCR\Wow6432Node\CLSID\{c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Users\Pat\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\_is4770.exe => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\_is8E5F.exe => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\_isBACC.exe => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\_isD4F.exe => Moved successfully.
C:\Users\Pat\AppData\Local\Temp\_isE989.exe => Moved successfully.
 
==== End of Fixlog ====
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Pat on Sat 02/01/2014 at 12:36:10.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/01/2014 at 12:43:59.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.018 - Report created 01/02/2014 at 12:31:27
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pat - PATREEDCPA-PC
# Running from : C:\Users\Pat\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v32.0.1700.102
 
[ File : C:\Users\Pat\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R2].txt - [766 octets] - [01/02/2014 12:29:58]
AdwCleaner[S2].txt - [688 octets] - [01/02/2014 12:31:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [747 octets] ##########
 
 


#6 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 01 February 2014 - 12:15 PM

is this the first time you ran TDSSKiller?

C:\TDSSKiller.2.8.16.0_28.01.2014_12.10.16_log.txt

if you would please post this log for review.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#7 mattpa2017

mattpa2017

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 01 February 2014 - 12:54 PM

Yes.  When the problem initially came up, I ran several anti-malware programs.

 

12:10:16.0687 4968  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:10:18.0689 4968  ============================================================
12:10:18.0689 4968  Current date / time: 2014/01/28 12:10:18.0689
12:10:18.0689 4968  SystemInfo:
12:10:18.0689 4968  
12:10:18.0689 4968  OS Version: 6.1.7601 ServicePack: 1.0
12:10:18.0689 4968  Product type: Workstation
12:10:18.0690 4968  ComputerName: PATREEDCPA-PC
12:10:18.0690 4968  UserName: Pat
12:10:18.0690 4968  Windows directory: C:\Windows
12:10:18.0690 4968  System windows directory: C:\Windows
12:10:18.0690 4968  Running under WOW64
12:10:18.0690 4968  Processor architecture: Intel x64
12:10:18.0690 4968  Number of processors: 8
12:10:18.0690 4968  Page size: 0x1000
12:10:18.0690 4968  Boot type: Normal boot
12:10:18.0690 4968  ============================================================
12:10:19.0132 4968  Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:10:19.0142 4968  ============================================================
12:10:19.0142 4968  \Device\Harddisk0\DR0:
12:10:19.0143 4968  MBR partitions:
12:10:19.0143 4968  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:10:19.0143 4968  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xDF61800
12:10:19.0143 4968  ============================================================
12:10:19.0147 4968  C: <-> \Device\Harddisk0\DR0\Partition2
12:10:19.0147 4968  ============================================================
12:10:19.0147 4968  Initialize success
12:10:19.0147 4968  ============================================================
12:10:21.0254 4236  ============================================================
12:10:21.0254 4236  Scan started
12:10:21.0255 4236  Mode: Manual; 
12:10:21.0255 4236  ============================================================
12:10:21.0429 4236  ================ Scan system memory ========================
12:10:21.0429 4236  System memory - ok
12:10:21.0430 4236  ================ Scan services =============================
12:10:21.0501 4236  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:10:21.0504 4236  1394ohci - ok
12:10:21.0508 4236  [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
12:10:21.0509 4236  Accelerometer - ok
12:10:21.0517 4236  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:10:21.0520 4236  ACPI - ok
12:10:21.0524 4236  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:10:21.0525 4236  AcpiPmi - ok
12:10:21.0535 4236  [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:10:21.0535 4236  AdobeARMservice - ok
12:10:21.0578 4236  [ 2471BCB6E1388A3484E78243A1BE5F33 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:10:21.0579 4236  AdobeFlashPlayerUpdateSvc - ok
12:10:21.0590 4236  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:10:21.0596 4236  adp94xx - ok
12:10:21.0603 4236  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:10:21.0607 4236  adpahci - ok
12:10:21.0614 4236  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:10:21.0616 4236  adpu320 - ok
12:10:21.0623 4236  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:10:21.0623 4236  AeLookupSvc - ok
12:10:21.0652 4236  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe
12:10:21.0653 4236  AESTFilters - ok
12:10:21.0664 4236  [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
12:10:21.0670 4236  AFD - ok
12:10:21.0674 4236  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:10:21.0676 4236  agp440 - ok
12:10:21.0680 4236  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:10:21.0682 4236  ALG - ok
12:10:21.0685 4236  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:10:21.0687 4236  aliide - ok
12:10:21.0692 4236  [ 989FC1FA1F9D5D6B12857CF9C9295BD0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:10:21.0695 4236  AMD External Events Utility - ok
12:10:21.0699 4236  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:10:21.0700 4236  amdide - ok
12:10:21.0705 4236  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:10:21.0707 4236  AmdK8 - ok
12:10:21.0813 4236  [ D1B1031D96C170FF1622B9F66A8E253D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:10:21.0879 4236  amdkmdag - ok
12:10:21.0889 4236  [ 890666DBE733359B8253447AFD90C055 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
12:10:21.0890 4236  amdkmdap - ok
12:10:21.0894 4236  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:10:21.0896 4236  AmdPPM - ok
12:10:21.0900 4236  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:10:21.0903 4236  amdsata - ok
12:10:21.0909 4236  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:10:21.0912 4236  amdsbs - ok
12:10:21.0916 4236  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:10:21.0917 4236  amdxata - ok
12:10:21.0921 4236  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:10:21.0922 4236  AppID - ok
12:10:21.0926 4236  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:10:21.0928 4236  AppIDSvc - ok
12:10:21.0932 4236  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:10:21.0934 4236  Appinfo - ok
12:10:21.0940 4236  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
12:10:21.0943 4236  AppMgmt - ok
12:10:21.0948 4236  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
12:10:21.0950 4236  arc - ok
12:10:21.0956 4236  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:10:21.0958 4236  arcsas - ok
12:10:21.0975 4236  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:10:21.0977 4236  aspnet_state - ok
12:10:21.0981 4236  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:10:21.0982 4236  AsyncMac - ok
12:10:21.0986 4236  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:10:21.0986 4236  atapi - ok
12:10:21.0993 4236  [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:10:21.0994 4236  AtiHDAudioService - ok
12:10:22.0008 4236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:10:22.0015 4236  AudioEndpointBuilder - ok
12:10:22.0028 4236  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:10:22.0032 4236  AudioSrv - ok
12:10:22.0039 4236  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:10:22.0041 4236  AxInstSV - ok
12:10:22.0053 4236  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:10:22.0059 4236  b06bdrv - ok
12:10:22.0067 4236  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:10:22.0070 4236  b57nd60a - ok
12:10:22.0077 4236  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:10:22.0079 4236  BDESVC - ok
12:10:22.0082 4236  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:10:22.0083 4236  Beep - ok
12:10:22.0098 4236  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:10:22.0107 4236  BFE - ok
12:10:22.0138 4236  [ F14F048B4D05FBCE536250EA74BF9FDC ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20140121.001\BHDrvx64.sys
12:10:22.0145 4236  BHDrvx64 - ok
12:10:22.0161 4236  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
12:10:22.0171 4236  BITS - ok
12:10:22.0186 4236  [ 6E984D17526995C8FA9B65FFCE324A63 ] BlackBerry Device Manager C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
12:10:22.0189 4236  BlackBerry Device Manager - ok
12:10:22.0192 4236  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:10:22.0194 4236  blbdrive - ok
12:10:22.0198 4236  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:10:22.0200 4236  bowser - ok
12:10:22.0204 4236  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:10:22.0205 4236  BrFiltLo - ok
12:10:22.0209 4236  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:10:22.0210 4236  BrFiltUp - ok
12:10:22.0217 4236  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:10:22.0218 4236  Browser - ok
12:10:22.0226 4236  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:10:22.0230 4236  Brserid - ok
12:10:22.0234 4236  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:10:22.0235 4236  BrSerWdm - ok
12:10:22.0239 4236  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:10:22.0240 4236  BrUsbMdm - ok
12:10:22.0244 4236  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:10:22.0245 4236  BrUsbSer - ok
12:10:22.0252 4236  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
12:10:22.0256 4236  BrYNSvc - ok
12:10:22.0260 4236  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:10:22.0261 4236  BthEnum - ok
12:10:22.0266 4236  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:10:22.0267 4236  BTHMODEM - ok
12:10:22.0272 4236  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:10:22.0274 4236  BthPan - ok
12:10:22.0285 4236  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:10:22.0290 4236  BTHPORT - ok
12:10:22.0295 4236  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:10:22.0296 4236  bthserv - ok
12:10:22.0300 4236  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:10:22.0302 4236  BTHUSB - ok
12:10:22.0307 4236  [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
12:10:22.0308 4236  btwaudio - ok
12:10:22.0313 4236  [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
12:10:22.0314 4236  btwavdt - ok
12:10:22.0334 4236  [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins         c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
12:10:22.0343 4236  btwdins - ok
12:10:22.0348 4236  [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
12:10:22.0348 4236  btwl2cap - ok
12:10:22.0352 4236  [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
12:10:22.0352 4236  btwrchid - ok
12:10:22.0360 4236  [ 248C952C82DF1E23775432774CBB20F1 ] ccSet_MCLIENT   C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys
12:10:22.0361 4236  ccSet_MCLIENT - ok
12:10:22.0368 4236  [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS       C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
12:10:22.0370 4236  ccSet_NIS - ok
12:10:22.0375 4236  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:10:22.0377 4236  cdfs - ok
12:10:22.0382 4236  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:10:22.0384 4236  cdrom - ok
12:10:22.0389 4236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:10:22.0390 4236  CertPropSvc - ok
12:10:22.0394 4236  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
12:10:22.0396 4236  circlass - ok
12:10:22.0404 4236  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:10:22.0410 4236  CLFS - ok
12:10:22.0418 4236  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:10:22.0420 4236  clr_optimization_v2.0.50727_32 - ok
12:10:22.0433 4236  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:10:22.0437 4236  clr_optimization_v2.0.50727_64 - ok
12:10:22.0452 4236  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:10:22.0460 4236  clr_optimization_v4.0.30319_32 - ok
12:10:22.0464 4236  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:10:22.0470 4236  clr_optimization_v4.0.30319_64 - ok
12:10:22.0473 4236  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:10:22.0474 4236  CmBatt - ok
12:10:22.0478 4236  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:10:22.0480 4236  cmdide - ok
12:10:22.0490 4236  [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:10:22.0494 4236  CNG - ok
12:10:22.0499 4236  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:10:22.0499 4236  Compbatt - ok
12:10:22.0504 4236  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:10:22.0505 4236  CompositeBus - ok
12:10:22.0508 4236  COMSysApp - ok
12:10:22.0513 4236  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:10:22.0515 4236  crcdisk - ok
12:10:22.0522 4236  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:10:22.0524 4236  CryptSvc - ok
12:10:22.0536 4236  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
12:10:22.0542 4236  CSC - ok
12:10:22.0555 4236  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
12:10:22.0563 4236  CscService - ok
12:10:22.0567 4236  [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
12:10:22.0569 4236  dc3d - ok
12:10:22.0581 4236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:10:22.0587 4236  DcomLaunch - ok
12:10:22.0594 4236  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:10:22.0598 4236  defragsvc - ok
12:10:22.0602 4236  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:10:22.0604 4236  DfsC - ok
12:10:22.0612 4236  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:10:22.0615 4236  Dhcp - ok
12:10:22.0619 4236  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:10:22.0620 4236  discache - ok
12:10:22.0625 4236  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
12:10:22.0626 4236  Disk - ok
12:10:22.0630 4236  [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
12:10:22.0632 4236  dmvsc - ok
12:10:22.0637 4236  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:10:22.0639 4236  Dnscache - ok
12:10:22.0646 4236  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:10:22.0649 4236  dot3svc - ok
12:10:22.0655 4236  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
12:10:22.0658 4236  Dot4 - ok
12:10:22.0662 4236  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:10:22.0663 4236  Dot4Print - ok
12:10:22.0667 4236  [ 488669CD1CD3BDCFDD9A5FDA72209069 ] Dot4Scan        C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:10:22.0669 4236  Dot4Scan - ok
12:10:22.0673 4236  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
12:10:22.0674 4236  dot4usb - ok
12:10:22.0680 4236  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:10:22.0682 4236  DPS - ok
12:10:22.0685 4236  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:10:22.0687 4236  drmkaud - ok
12:10:22.0703 4236  [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:10:22.0708 4236  DXGKrnl - ok
12:10:22.0713 4236  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:10:22.0714 4236  EapHost - ok
12:10:22.0755 4236  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:10:22.0784 4236  ebdrv - ok
12:10:22.0795 4236  [ 1B7AA375F711F66D5FF2B855F9EC987F ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
12:10:22.0798 4236  eeCtrl - ok
12:10:22.0802 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
12:10:22.0803 4236  EFS - ok
12:10:22.0820 4236  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:10:22.0829 4236  ehRecvr - ok
12:10:22.0834 4236  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:10:22.0836 4236  ehSched - ok
12:10:22.0848 4236  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:10:22.0854 4236  elxstor - ok
12:10:22.0862 4236  [ 7230C8B80DDE1F0524C353240B78CC0E ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
12:10:22.0863 4236  EraserUtilRebootDrv - ok
12:10:22.0866 4236  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:10:22.0867 4236  ErrDev - ok
12:10:22.0880 4236  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:10:22.0884 4236  EventSystem - ok
12:10:22.0889 4236  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:10:22.0891 4236  exfat - ok
12:10:22.0896 4236  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:10:22.0899 4236  fastfat - ok
12:10:22.0912 4236  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:10:22.0921 4236  Fax - ok
12:10:22.0925 4236  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
12:10:22.0927 4236  fdc - ok
12:10:22.0930 4236  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:10:22.0931 4236  fdPHost - ok
12:10:22.0935 4236  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:10:22.0935 4236  FDResPub - ok
12:10:22.0939 4236  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:10:22.0940 4236  FileInfo - ok
12:10:22.0944 4236  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:10:22.0946 4236  Filetrace - ok
12:10:22.0957 4236  [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:10:22.0966 4236  FLEXnet Licensing Service - ok
12:10:22.0970 4236  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:10:22.0972 4236  flpydisk - ok
12:10:22.0980 4236  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:10:22.0983 4236  FltMgr - ok
12:10:22.0999 4236  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:10:23.0011 4236  FontCache - ok
12:10:23.0015 4236  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:10:23.0016 4236  FontCache3.0.0.0 - ok
12:10:23.0021 4236  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:10:23.0022 4236  FsDepends - ok
12:10:23.0027 4236  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:10:23.0027 4236  Fs_Rec - ok
12:10:23.0034 4236  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:10:23.0037 4236  fvevol - ok
12:10:23.0042 4236  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:10:23.0044 4236  gagp30kx - ok
12:10:23.0060 4236  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:10:23.0069 4236  gpsvc - ok
12:10:23.0075 4236  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:23.0077 4236  gupdate - ok
12:10:23.0081 4236  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:10:23.0082 4236  gupdatem - ok
12:10:23.0086 4236  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:10:23.0088 4236  hcw85cir - ok
12:10:23.0096 4236  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:10:23.0102 4236  HdAudAddService - ok
12:10:23.0107 4236  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:10:23.0109 4236  HDAudBus - ok
12:10:23.0113 4236  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
12:10:23.0114 4236  HECIx64 - ok
12:10:23.0118 4236  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:10:23.0119 4236  HidBatt - ok
12:10:23.0124 4236  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:10:23.0126 4236  HidBth - ok
12:10:23.0131 4236  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:10:23.0132 4236  HidIr - ok
12:10:23.0137 4236  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
12:10:23.0138 4236  hidserv - ok
12:10:23.0142 4236  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:10:23.0143 4236  HidUsb - ok
12:10:23.0148 4236  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:10:23.0151 4236  hkmsvc - ok
12:10:23.0158 4236  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:10:23.0161 4236  HomeGroupListener - ok
12:10:23.0167 4236  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:10:23.0171 4236  HomeGroupProvider - ok
12:10:23.0177 4236  [ 53DCA61931847E35C950504BFB7559C6 ] HP LaserJet Service C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
12:10:23.0178 4236  HP LaserJet Service - ok
12:10:23.0185 4236  [ 47810BF7BF4480A602621E341BF46586 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
12:10:23.0187 4236  HP Wireless Assistant Service - ok
12:10:23.0191 4236  [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
12:10:23.0192 4236  hpdskflt - ok
12:10:23.0207 4236  [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
12:10:23.0214 4236  hpqwmiex - ok
12:10:23.0219 4236  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:10:23.0221 4236  HpSAMD - ok
12:10:23.0226 4236  [ F7BC8C61850E51FADA9087B6D3155023 ] HPSIService     C:\Windows\system32\HPSIsvc.exe
12:10:23.0229 4236  HPSIService - ok
12:10:23.0233 4236  [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv           C:\Windows\system32\Hpservice.exe
12:10:23.0234 4236  hpsrv - ok
12:10:23.0248 4236  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:10:23.0258 4236  HTTP - ok
12:10:23.0262 4236  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:10:23.0262 4236  hwpolicy - ok
12:10:23.0267 4236  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:10:23.0269 4236  i8042prt - ok
12:10:23.0281 4236  [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:10:23.0285 4236  iaStor - ok
12:10:23.0289 4236  [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:10:23.0290 4236  IAStorDataMgrSvc - ok
12:10:23.0300 4236  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:10:23.0306 4236  iaStorV - ok
12:10:23.0311 4236  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:10:23.0313 4236  IDriverT - ok
12:10:23.0328 4236  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:10:23.0339 4236  idsvc - ok
12:10:23.0351 4236  [ 777612849691B0D9EE064F93481FEFF1 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20140127.001\IDSvia64.sys
12:10:23.0354 4236  IDSVia64 - ok
12:10:23.0358 4236  IEEtwCollectorService - ok
12:10:23.0363 4236  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:10:23.0364 4236  iirsp - ok
12:10:23.0379 4236  [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:10:23.0389 4236  IKEEXT - ok
12:10:23.0395 4236  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:10:23.0396 4236  intelide - ok
12:10:23.0401 4236  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:10:23.0401 4236  intelppm - ok
12:10:23.0406 4236  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:10:23.0408 4236  IPBusEnum - ok
12:10:23.0412 4236  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:10:23.0414 4236  IpFilterDriver - ok
12:10:23.0425 4236  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:10:23.0432 4236  iphlpsvc - ok
12:10:23.0436 4236  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:10:23.0438 4236  IPMIDRV - ok
12:10:23.0442 4236  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:10:23.0444 4236  IPNAT - ok
12:10:23.0448 4236  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:10:23.0449 4236  IRENUM - ok
12:10:23.0453 4236  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:10:23.0454 4236  isapnp - ok
12:10:23.0462 4236  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:10:23.0465 4236  iScsiPrt - ok
12:10:23.0469 4236  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:10:23.0469 4236  kbdclass - ok
12:10:23.0473 4236  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:10:23.0475 4236  kbdhid - ok
12:10:23.0478 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
12:10:23.0479 4236  KeyIso - ok
12:10:23.0484 4236  [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:10:23.0485 4236  KSecDD - ok
12:10:23.0490 4236  [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:10:23.0492 4236  KSecPkg - ok
12:10:23.0496 4236  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:10:23.0497 4236  ksthunk - ok
12:10:23.0505 4236  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:10:23.0510 4236  KtmRm - ok
12:10:23.0517 4236  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:10:23.0520 4236  LanmanServer - ok
12:10:23.0524 4236  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:10:23.0526 4236  LanmanWorkstation - ok
12:10:23.0532 4236  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:10:23.0533 4236  lltdio - ok
12:10:23.0541 4236  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:10:23.0545 4236  lltdsvc - ok
12:10:23.0549 4236  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:10:23.0550 4236  lmhosts - ok
12:10:23.0557 4236  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:10:23.0559 4236  LMS - ok
12:10:23.0565 4236  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:10:23.0567 4236  LSI_FC - ok
12:10:23.0572 4236  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:10:23.0575 4236  LSI_SAS - ok
12:10:23.0579 4236  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:10:23.0581 4236  LSI_SAS2 - ok
12:10:23.0586 4236  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:10:23.0588 4236  LSI_SCSI - ok
12:10:23.0592 4236  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:10:23.0594 4236  luafv - ok
12:10:23.0603 4236  [ 4BA84C832E0741A294C4444556DFE993 ] MCLIENT         C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe
12:10:23.0603 4236  MCLIENT - ok
12:10:23.0608 4236  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:10:23.0611 4236  Mcx2Svc - ok
12:10:23.0615 4236  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:10:23.0616 4236  megasas - ok
12:10:23.0624 4236  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:10:23.0628 4236  MegaSR - ok
12:10:23.0633 4236  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:10:23.0634 4236  MMCSS - ok
12:10:23.0637 4236  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:10:23.0639 4236  Modem - ok
12:10:23.0643 4236  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:10:23.0643 4236  monitor - ok
12:10:23.0647 4236  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:10:23.0647 4236  mouclass - ok
12:10:23.0651 4236  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:10:23.0653 4236  mouhid - ok
12:10:23.0657 4236  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:10:23.0658 4236  mountmgr - ok
12:10:23.0664 4236  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:10:23.0667 4236  mpio - ok
12:10:23.0672 4236  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:10:23.0674 4236  mpsdrv - ok
12:10:23.0689 4236  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:10:23.0700 4236  MpsSvc - ok
12:10:23.0706 4236  [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:10:23.0708 4236  MRxDAV - ok
12:10:23.0714 4236  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:10:23.0716 4236  mrxsmb - ok
12:10:23.0724 4236  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:10:23.0727 4236  mrxsmb10 - ok
12:10:23.0732 4236  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:10:23.0734 4236  mrxsmb20 - ok
12:10:23.0738 4236  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:10:23.0739 4236  msahci - ok
12:10:23.0744 4236  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:10:23.0746 4236  msdsm - ok
12:10:23.0751 4236  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:10:23.0754 4236  MSDTC - ok
12:10:23.0761 4236  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:10:23.0762 4236  Msfs - ok
12:10:23.0765 4236  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:10:23.0766 4236  mshidkmdf - ok
12:10:23.0770 4236  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:10:23.0770 4236  msisadrv - ok
12:10:23.0776 4236  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:10:23.0779 4236  MSiSCSI - ok
12:10:23.0782 4236  msiserver - ok
12:10:23.0786 4236  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:10:23.0788 4236  MSKSSRV - ok
12:10:23.0791 4236  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:10:23.0792 4236  MSPCLOCK - ok
12:10:23.0796 4236  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:10:23.0797 4236  MSPQM - ok
12:10:23.0805 4236  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:10:23.0808 4236  MsRPC - ok
12:10:23.0814 4236  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:10:23.0814 4236  mssmbios - ok
12:10:23.0818 4236  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:10:23.0819 4236  MSTEE - ok
12:10:23.0823 4236  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:10:23.0824 4236  MTConfig - ok
12:10:23.0828 4236  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:10:23.0828 4236  Mup - ok
12:10:23.0839 4236  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:10:23.0843 4236  napagent - ok
12:10:23.0858 4236  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:10:23.0861 4236  NativeWifiP - ok
12:10:23.0867 4236  [ 702E07EC32F96ACDB873E9A5465D4401 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140128.002\ENG64.SYS
12:10:23.0868 4236  NAVENG - ok
12:10:23.0895 4236  [ 302EA314A1AF0D7CEF0A3D0195F79561 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20140128.002\EX64.SYS
12:10:23.0906 4236  NAVEX15 - ok
12:10:23.0923 4236  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:10:23.0933 4236  NDIS - ok
12:10:23.0938 4236  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:10:23.0939 4236  NdisCap - ok
12:10:23.0943 4236  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:10:23.0945 4236  NdisTapi - ok
12:10:23.0948 4236  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:10:23.0950 4236  Ndisuio - ok
12:10:23.0955 4236  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:10:23.0957 4236  NdisWan - ok
12:10:23.0961 4236  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:10:23.0963 4236  NDProxy - ok
12:10:23.0968 4236  [ 1AB24A3DF1A458FA517364CBD69CCDF6 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
12:10:23.0969 4236  Net Driver HPZ12 - ok
12:10:23.0973 4236  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:10:23.0974 4236  NetBIOS - ok
12:10:23.0981 4236  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:10:23.0984 4236  NetBT - ok
12:10:23.0988 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
12:10:23.0989 4236  Netlogon - ok
12:10:23.0998 4236  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:10:24.0002 4236  Netman - ok
12:10:24.0007 4236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:24.0013 4236  NetMsmqActivator - ok
12:10:24.0017 4236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:24.0018 4236  NetPipeActivator - ok
12:10:24.0028 4236  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:10:24.0033 4236  netprofm - ok
12:10:24.0039 4236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:24.0040 4236  NetTcpActivator - ok
12:10:24.0044 4236  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:10:24.0045 4236  NetTcpPortSharing - ok
12:10:24.0156 4236  [ EB43840BABF5589E33186D094DE7381D ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
12:10:24.0221 4236  NETwNs64 - ok
12:10:24.0227 4236  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:10:24.0229 4236  nfrd960 - ok
12:10:24.0237 4236  [ F2840DBFE9322F35557219AE82CC4597 ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
12:10:24.0238 4236  NIS - ok
12:10:24.0246 4236  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:10:24.0250 4236  NlaSvc - ok
12:10:24.0257 4236  Norton PC Checkup Application Launcher - ok
12:10:24.0262 4236  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:10:24.0263 4236  Npfs - ok
12:10:24.0267 4236  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:10:24.0269 4236  nsi - ok
12:10:24.0273 4236  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:10:24.0273 4236  nsiproxy - ok
12:10:24.0297 4236  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:10:24.0311 4236  Ntfs - ok
12:10:24.0316 4236  [ 317020D31F1696334679B9D0416EB62E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
12:10:24.0318 4236  NuidFltr - ok
12:10:24.0322 4236  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:10:24.0323 4236  Null - ok
12:10:24.0327 4236  [ 088CD71003F21F96F01C63955150A1FB ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
12:10:24.0329 4236  nusb3hub - ok
12:10:24.0335 4236  [ D90A2D44E93DAEA47AEA946D9E87000F ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:10:24.0338 4236  nusb3xhc - ok
12:10:24.0344 4236  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:10:24.0347 4236  nvraid - ok
12:10:24.0354 4236  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:10:24.0357 4236  nvstor - ok
12:10:24.0361 4236  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:10:24.0364 4236  nv_agp - ok
12:10:24.0368 4236  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:10:24.0370 4236  ohci1394 - ok
12:10:24.0376 4236  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:10:24.0378 4236  ose - ok
12:10:24.0449 4236  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:10:24.0490 4236  osppsvc - ok
12:10:24.0502 4236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:10:24.0507 4236  p2pimsvc - ok
12:10:24.0518 4236  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:10:24.0523 4236  p2psvc - ok
12:10:24.0528 4236  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
12:10:24.0530 4236  Parport - ok
12:10:24.0535 4236  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:10:24.0536 4236  partmgr - ok
12:10:24.0542 4236  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:10:24.0545 4236  PcaSvc - ok
12:10:24.0552 4236  [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe
12:10:24.0553 4236  PCCUJobMgr - ok
12:10:24.0559 4236  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:10:24.0562 4236  pci - ok
12:10:24.0566 4236  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:10:24.0567 4236  pciide - ok
12:10:24.0574 4236  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:10:24.0577 4236  pcmcia - ok
12:10:24.0580 4236  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:10:24.0581 4236  pcw - ok
12:10:24.0592 4236  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:10:24.0602 4236  PEAUTH - ok
12:10:24.0623 4236  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
12:10:24.0638 4236  PeerDistSvc - ok
12:10:24.0680 4236  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:10:24.0682 4236  PerfHost - ok
12:10:24.0712 4236  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:10:24.0731 4236  pla - ok
12:10:24.0744 4236  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:10:24.0750 4236  PlugPlay - ok
12:10:24.0755 4236  [ 17A0A09C8C1CA72BBFB3D9E3B0A5E018 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
12:10:24.0757 4236  Pml Driver HPZ12 - ok
12:10:24.0762 4236  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:10:24.0765 4236  PNRPAutoReg - ok
12:10:24.0774 4236  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:10:24.0777 4236  PNRPsvc - ok
12:10:24.0782 4236  [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
12:10:24.0783 4236  Point64 - ok
12:10:24.0794 4236  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:10:24.0799 4236  PolicyAgent - ok
12:10:24.0807 4236  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:10:24.0810 4236  Power - ok
12:10:24.0814 4236  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:10:24.0816 4236  PptpMiniport - ok
12:10:24.0821 4236  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
12:10:24.0822 4236  Processor - ok
12:10:24.0829 4236  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:10:24.0831 4236  ProfSvc - ok
12:10:24.0835 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
12:10:24.0836 4236  ProtectedStorage - ok
12:10:24.0841 4236  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:10:24.0843 4236  Psched - ok
12:10:24.0849 4236  [ 7D1014036A7D97601A9BC1BD65C3BAEA ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:10:24.0850 4236  QBCFMonitorService - ok
12:10:24.0854 4236  [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:10:24.0856 4236  QBFCService - ok
12:10:24.0879 4236  [ 0C7B65C8743442A37152FCFAC5F7D16A ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
12:10:24.0889 4236  QBVSS - ok
12:10:24.0910 4236  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:10:24.0926 4236  ql2300 - ok
12:10:24.0931 4236  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:10:24.0934 4236  ql40xx - ok
12:10:24.0956 4236  QuickBooksDB23 - ok
12:10:24.0962 4236  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:10:24.0966 4236  QWAVE - ok
12:10:24.0970 4236  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:10:24.0972 4236  QWAVEdrv - ok
12:10:24.0976 4236  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:10:24.0977 4236  RasAcd - ok
12:10:24.0982 4236  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:10:24.0983 4236  RasAgileVpn - ok
12:10:24.0988 4236  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:10:24.0991 4236  RasAuto - ok
12:10:24.0995 4236  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:10:24.0997 4236  Rasl2tp - ok
12:10:25.0005 4236  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:10:25.0009 4236  RasMan - ok
12:10:25.0014 4236  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:10:25.0016 4236  RasPppoe - ok
12:10:25.0020 4236  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:10:25.0022 4236  RasSstp - ok
12:10:25.0029 4236  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:10:25.0032 4236  rdbss - ok
12:10:25.0036 4236  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:10:25.0037 4236  rdpbus - ok
12:10:25.0041 4236  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:10:25.0042 4236  RDPCDD - ok
12:10:25.0048 4236  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
12:10:25.0051 4236  RDPDR - ok
12:10:25.0055 4236  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:10:25.0056 4236  RDPENCDD - ok
12:10:25.0061 4236  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:10:25.0061 4236  RDPREFMP - ok
12:10:25.0067 4236  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:10:25.0079 4236  RDPWD - ok
12:10:25.0086 4236  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:10:25.0088 4236  rdyboost - ok
12:10:25.0093 4236  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:10:25.0095 4236  RemoteAccess - ok
12:10:25.0103 4236  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:10:25.0107 4236  RemoteRegistry - ok
12:10:25.0114 4236  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:10:25.0116 4236  RFCOMM - ok
12:10:25.0121 4236  [ 010C9C26AF2464023D1F084975E69F80 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
12:10:25.0121 4236  RimUsb - ok
12:10:25.0126 4236  [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
12:10:25.0127 4236  RimVSerPort - ok
12:10:25.0132 4236  [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
12:10:25.0133 4236  ROOTMODEM - ok
12:10:25.0137 4236  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:10:25.0138 4236  RpcEptMapper - ok
12:10:25.0142 4236  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:10:25.0143 4236  RpcLocator - ok
12:10:25.0154 4236  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
12:10:25.0157 4236  RpcSs - ok
12:10:25.0161 4236  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:10:25.0163 4236  rspndr - ok
12:10:25.0170 4236  [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:10:25.0171 4236  RSUSBSTOR - ok
12:10:25.0179 4236  [ 777FC2C418465404E3D8A290DC247D24 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
12:10:25.0183 4236  RTL8167 - ok
12:10:25.0186 4236  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
12:10:25.0188 4236  s3cap - ok
12:10:25.0191 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
12:10:25.0192 4236  SamSs - ok
12:10:25.0196 4236  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:10:25.0199 4236  sbp2port - ok
12:10:25.0205 4236  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:10:25.0208 4236  SCardSvr - ok
12:10:25.0212 4236  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:10:25.0213 4236  scfilter - ok
12:10:25.0230 4236  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:10:25.0240 4236  Schedule - ok
12:10:25.0245 4236  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:10:25.0246 4236  SCPolicySvc - ok
12:10:25.0252 4236  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:10:25.0254 4236  SDRSVC - ok
12:10:25.0259 4236  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:10:25.0260 4236  secdrv - ok
12:10:25.0264 4236  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:10:25.0266 4236  seclogon - ok
12:10:25.0270 4236  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
12:10:25.0271 4236  SENS - ok
12:10:25.0275 4236  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:10:25.0277 4236  SensrSvc - ok
12:10:25.0281 4236  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:10:25.0283 4236  Serenum - ok
12:10:25.0287 4236  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
12:10:25.0289 4236  Serial - ok
12:10:25.0294 4236  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:10:25.0295 4236  sermouse - ok
12:10:25.0304 4236  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:10:25.0308 4236  SessionEnv - ok
12:10:25.0311 4236  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:10:25.0313 4236  sffdisk - ok
12:10:25.0316 4236  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:10:25.0318 4236  sffp_mmc - ok
12:10:25.0321 4236  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:10:25.0323 4236  sffp_sd - ok
12:10:25.0326 4236  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:10:25.0328 4236  sfloppy - ok
12:10:25.0336 4236  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:10:25.0341 4236  SharedAccess - ok
12:10:25.0349 4236  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:10:25.0353 4236  ShellHWDetection - ok
12:10:25.0357 4236  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:10:25.0359 4236  SiSRaid2 - ok
12:10:25.0364 4236  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:10:25.0366 4236  SiSRaid4 - ok
12:10:25.0370 4236  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:10:25.0372 4236  Smb - ok
12:10:25.0378 4236  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:10:25.0380 4236  SNMPTRAP - ok
12:10:25.0384 4236  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:10:25.0385 4236  spldr - ok
12:10:25.0396 4236  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:10:25.0404 4236  Spooler - ok
12:10:25.0455 4236  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:10:25.0486 4236  sppsvc - ok
12:10:25.0491 4236  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:10:25.0494 4236  sppuinotify - ok
12:10:25.0508 4236  [ 891793E00432FA055CF040605C260E49 ] SRTSP           C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS
12:10:25.0512 4236  SRTSP - ok
12:10:25.0516 4236  [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX          C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
12:10:25.0517 4236  SRTSPX - ok
12:10:25.0528 4236  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:10:25.0533 4236  srv - ok
12:10:25.0543 4236  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:10:25.0548 4236  srv2 - ok
12:10:25.0554 4236  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:10:25.0557 4236  srvnet - ok
12:10:25.0564 4236  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:10:25.0566 4236  SSDPSRV - ok
12:10:25.0571 4236  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:10:25.0573 4236  SstpSvc - ok
12:10:25.0607 4236  [ 5752BACEF32A6803528D05A6FB266758 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\STacSV64.exe
12:10:25.0610 4236  STacSV - ok
12:10:25.0615 4236  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:10:25.0616 4236  stexstor - ok
12:10:25.0630 4236  [ 936A4D05F7A790B8AAB3B6BE61651E0E ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:10:25.0638 4236  STHDA - ok
12:10:25.0653 4236  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:10:25.0663 4236  stisvc - ok
12:10:25.0669 4236  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
12:10:25.0670 4236  storflt - ok
12:10:25.0674 4236  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
12:10:25.0677 4236  StorSvc - ok
12:10:25.0682 4236  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
12:10:25.0684 4236  storvsc - ok
12:10:25.0689 4236  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:10:25.0690 4236  swenum - ok
12:10:25.0704 4236  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:10:25.0711 4236  swprv - ok
12:10:25.0723 4236  [ 8B2430762099598DA40686F754632EFD ] SymDS           C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
12:10:25.0729 4236  SymDS - ok
12:10:25.0749 4236  [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA          C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
12:10:25.0763 4236  SymEFA - ok
12:10:25.0770 4236  [ 894579207E39C465737E850A252CE4F2 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
12:10:25.0772 4236  SymEvent - ok
12:10:25.0777 4236  [ B681D1B0F9596684225DCC9B94C6BACF ] SymIM           C:\Windows\system32\DRIVERS\SymIMv.sys
12:10:25.0778 4236  SymIM - ok
12:10:25.0784 4236  [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON         C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
12:10:25.0786 4236  SymIRON - ok
12:10:25.0797 4236  [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS         C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
12:10:25.0800 4236  SymNetS - ok
12:10:25.0809 4236  [ 3A706A967295E16511E40842B1A2761D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:10:25.0811 4236  SynTP - ok
12:10:25.0837 4236  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:10:25.0858 4236  SysMain - ok
12:10:25.0863 4236  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:10:25.0866 4236  TabletInputService - ok
12:10:25.0874 4236  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:10:25.0879 4236  TapiSrv - ok
12:10:25.0883 4236  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:10:25.0886 4236  TBS - ok
12:10:25.0912 4236  [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:10:25.0932 4236  Tcpip - ok
12:10:25.0958 4236  [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:10:25.0970 4236  TCPIP6 - ok
12:10:25.0977 4236  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:10:25.0979 4236  tcpipreg - ok
12:10:25.0984 4236  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:10:25.0986 4236  TDPIPE - ok
12:10:25.0990 4236  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:10:25.0992 4236  TDTCP - ok
12:10:25.0996 4236  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:10:25.0999 4236  tdx - ok
12:10:26.0003 4236  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:10:26.0004 4236  TermDD - ok
12:10:26.0018 4236  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:10:26.0029 4236  TermService - ok
12:10:26.0033 4236  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:10:26.0035 4236  Themes - ok
12:10:26.0040 4236  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:10:26.0041 4236  THREADORDER - ok
12:10:26.0046 4236  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:10:26.0048 4236  TrkWks - ok
12:10:26.0054 4236  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:10:26.0057 4236  TrustedInstaller - ok
12:10:26.0063 4236  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:10:26.0065 4236  tssecsrv - ok
12:10:26.0069 4236  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:10:26.0071 4236  TsUsbFlt - ok
12:10:26.0075 4236  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:10:26.0077 4236  TsUsbGD - ok
12:10:26.0082 4236  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:10:26.0084 4236  tunnel - ok
12:10:26.0089 4236  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:10:26.0091 4236  uagp35 - ok
12:10:26.0099 4236  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:10:26.0103 4236  udfs - ok
12:10:26.0111 4236  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:10:26.0114 4236  UI0Detect - ok
12:10:26.0118 4236  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:10:26.0120 4236  uliagpkx - ok
12:10:26.0124 4236  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:10:26.0125 4236  umbus - ok
12:10:26.0129 4236  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:10:26.0131 4236  UmPass - ok
12:10:26.0137 4236  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
12:10:26.0142 4236  UmRdpService - ok
12:10:26.0171 4236  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:10:26.0191 4236  UNS - ok
12:10:26.0201 4236  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:10:26.0205 4236  upnphost - ok
12:10:26.0211 4236  [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:10:26.0213 4236  usbccgp - ok
12:10:26.0218 4236  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:10:26.0220 4236  usbcir - ok
12:10:26.0225 4236  [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:10:26.0226 4236  usbehci - ok
12:10:26.0235 4236  [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:10:26.0239 4236  usbhub - ok
12:10:26.0243 4236  [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:10:26.0245 4236  usbohci - ok
12:10:26.0249 4236  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:10:26.0251 4236  usbprint - ok
12:10:26.0256 4236  [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:10:26.0257 4236  usbscan - ok
12:10:26.0262 4236  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:10:26.0264 4236  USBSTOR - ok
12:10:26.0268 4236  [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:10:26.0270 4236  usbuhci - ok
12:10:26.0276 4236  [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:10:26.0278 4236  usbvideo - ok
12:10:26.0282 4236  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:10:26.0284 4236  UxSms - ok
12:10:26.0287 4236  [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
12:10:26.0288 4236  VaultSvc - ok
12:10:26.0292 4236  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:10:26.0293 4236  vdrvroot - ok
12:10:26.0305 4236  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:10:26.0312 4236  vds - ok
12:10:26.0316 4236  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:10:26.0318 4236  vga - ok
12:10:26.0322 4236  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:10:26.0323 4236  VgaSave - ok
12:10:26.0329 4236  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:10:26.0332 4236  vhdmp - ok
12:10:26.0336 4236  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:10:26.0338 4236  viaide - ok
12:10:26.0344 4236  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
12:10:26.0347 4236  vmbus - ok
12:10:26.0351 4236  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
12:10:26.0353 4236  VMBusHID - ok
12:10:26.0357 4236  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:10:26.0358 4236  volmgr - ok
12:10:26.0366 4236  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:10:26.0370 4236  volmgrx - ok
12:10:26.0378 4236  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:10:26.0381 4236  volsnap - ok
12:10:26.0387 4236  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:10:26.0389 4236  vsmraid - ok
12:10:26.0413 4236  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:10:26.0429 4236  VSS - ok
12:10:26.0433 4236  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:10:26.0435 4236  vwifibus - ok
12:10:26.0439 4236  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:10:26.0440 4236  vwififlt - ok
12:10:26.0445 4236  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:10:26.0446 4236  vwifimp - ok
12:10:26.0454 4236  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:10:26.0460 4236  W32Time - ok
12:10:26.0465 4236  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:10:26.0466 4236  WacomPen - ok
12:10:26.0471 4236  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:10:26.0473 4236  WANARP - ok
12:10:26.0477 4236  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:10:26.0477 4236  Wanarpv6 - ok
12:10:26.0497 4236  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:10:26.0509 4236  WatAdminSvc - ok
12:10:26.0531 4236  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:10:26.0548 4236  wbengine - ok
12:10:26.0555 4236  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:10:26.0559 4236  WbioSrvc - ok
12:10:26.0566 4236  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:10:26.0570 4236  wcncsvc - ok
12:10:26.0574 4236  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:10:26.0577 4236  WcsPlugInService - ok
12:10:26.0581 4236  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
12:10:26.0581 4236  Wd - ok
12:10:26.0598 4236  [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:10:26.0607 4236  Wdf01000 - ok
12:10:26.0611 4236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:10:26.0613 4236  WdiServiceHost - ok
12:10:26.0616 4236  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:10:26.0617 4236  WdiSystemHost - ok
12:10:26.0624 4236  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
12:10:26.0629 4236  WebClient - ok
12:10:26.0635 4236  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:10:26.0640 4236  Wecsvc - ok
12:10:26.0644 4236  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:10:26.0645 4236  wercplsupport - ok
12:10:26.0650 4236  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:10:26.0653 4236  WerSvc - ok
12:10:26.0656 4236  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:10:26.0657 4236  WfpLwf - ok
12:10:26.0661 4236  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:10:26.0663 4236  WIMMount - ok
12:10:26.0666 4236  WinDefend - ok
12:10:26.0672 4236  WinHttpAutoProxySvc - ok
12:10:26.0684 4236  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:10:26.0687 4236  Winmgmt - ok
12:10:26.0713 4236  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:10:26.0733 4236  WinRM - ok
12:10:26.0741 4236  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:10:26.0743 4236  WinUsb - ok
12:10:26.0759 4236  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:10:26.0769 4236  Wlansvc - ok
12:10:26.0772 4236  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:10:26.0773 4236  WmiAcpi - ok
12:10:26.0781 4236  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:10:26.0783 4236  wmiApSrv - ok
12:10:26.0787 4236  WMPNetworkSvc - ok
12:10:26.0791 4236  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:10:26.0793 4236  WPCSvc - ok
12:10:26.0798 4236  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:10:26.0799 4236  WPDBusEnum - ok
12:10:26.0803 4236  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:10:26.0805 4236  ws2ifsl - ok
12:10:26.0810 4236  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
12:10:26.0813 4236  wscsvc - ok
12:10:26.0817 4236  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
12:10:26.0819 4236  WSDPrintDevice - ok
12:10:26.0823 4236  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
12:10:26.0824 4236  WSDScan - ok
12:10:26.0827 4236  WSearch - ok
12:10:26.0860 4236  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:10:26.0884 4236  wuauserv - ok
12:10:26.0890 4236  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:10:26.0892 4236  WudfPf - ok
12:10:26.0898 4236  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:10:26.0901 4236  WUDFRd - ok
12:10:26.0906 4236  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:10:26.0908 4236  wudfsvc - ok
12:10:26.0914 4236  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:10:26.0931 4236  WwanSvc - ok
12:10:26.0942 4236  ================ Scan global ===============================
12:10:26.0945 4236  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:10:26.0952 4236  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:10:26.0961 4236  [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:10:26.0965 4236  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:10:26.0974 4236  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:10:26.0978 4236  [Global] - ok
12:10:26.0978 4236  ================ Scan MBR ==================================
12:10:26.0980 4236  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:10:27.0208 4236  \Device\Harddisk0\DR0 - ok
12:10:27.0209 4236  ================ Scan VBR ==================================
12:10:27.0212 4236  [ 3B63FAE326680E63F6A25A5C4931891E ] \Device\Harddisk0\DR0\Partition1
12:10:27.0215 4236  \Device\Harddisk0\DR0\Partition1 - ok
12:10:27.0219 4236  [ 8DD7C7FF8F4AB3016FEA4A901D797AA9 ] \Device\Harddisk0\DR0\Partition2
12:10:27.0221 4236  \Device\Harddisk0\DR0\Partition2 - ok
12:10:27.0222 4236  ============================================================
12:10:27.0222 4236  Scan finished
12:10:27.0222 4236  ============================================================
12:10:27.0237 4616  Detected object count: 0
12:10:27.0237 4616  Actual detected object count: 0
12:10:53.0358 4812  Deinitialize success


#8 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 01 February 2014 - 01:48 PM

If this was the first log ran and it came back clean, this is good.

I'm contemplating what we should do next, there doesn't appear to be anything in the back ground now, but sometimes it's just impossible to know.

What we can do from here is run a few more scans to ensure things are normal.

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwareby.../products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run mbar.exe

Image1.png

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

mbarwm.png

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.

Image2.png

7. The following image opens, select Update

Image3.png

8. When the Update completes, select Next

Image4.png

9. In the following window ensure "Targets" are ticked. Then select "Scan"

Image5.png

10. If an infection/s is found the "Cleanup Button" to remove threats will be available. A list of infected files will be listed like the following example:

MBAntiRKclean.png

11. Do not select the "Clean up Button" select the "Exit" button, there will be a warning as follows:

MBAntiRKclean1.png

12. Select "Yes" to close down the program. If NO infections were found you will see the following image:

Image6.png

13. Select "Exit" to close down.
14. Copy and paste the two following logs from the mbar folder:

System - log
Mbar - log Date and time of scan will also be shown

Image10.png


Post those two logs in your reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes and use the default font)
Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

#9 mattpa2017

mattpa2017

    New Member

  • Authentic Member
  • Pip
  • 5 posts

Posted 01 February 2014 - 03:29 PM

I can get the logs posted here and update you on any remaining problems on Monday when I get back into the office.  Thanks



#10 Juliet

Juliet

    SuperHelper

  • Classroom Teacher
  • 7,015 posts
  • Interests:Boo!....
  • MVP

Posted 01 February 2014 - 04:08 PM

:thumbup:


Sometimes the angels fly close enough to you that you can hear the flutter of their wings...

Want to help others? Join the ClassRoom and learn how.
MS - MVP Consumer Security 2009 - 2016, WI-MVP 2016-17
Antivirus Scanners Online Scanners Firewalls Slow Computer??

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users