• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

don01

Full Member
  • Content count

    54
  • Joined

  • Last visited

About don01

  • Rank
    Member
  • Birthday
  1. Beginning on 7/24/15 at about 4pm ET, I noticed extreme sluggishness in pc response. The GUI appeared to be completely unresponsive except for mouse movement. No response to keystrokes or mouse clicks. After forcing a reboot by pressing the power button, I found the pc was showing the blue screen. eventually I was able to get the login screen. After login, pc continued to be extremely sluggish. However the pc began responding normally after mbam shut down with an error message. This occurred about 1 hour after re-start. Error message: Malwarebytes anti-malware encountered a problem and needed to close data in message: mbamservice.exe ver 3.2.13.0 offset 00006008 My mbam version is 2.1.8.1057 My Win XP Pro version is SP3 I uninstalled Mbam so that I don’t accidentally open the user interface and click ‘fix now’ (to turn on real time protection). That was one action that triggered the sluggishness. I have used MBAM successfully for some years on this pc. We have seen similar misbehavior on several other XP pc’s, also beginning on 7/24 and also involving Mbam. I am curious whether other people are also seeing this problem this week. I attach DDS logs made after uninstalling mbam (7/25 330pm) and after a subsequent reboot (510pm). EDIT: Most of our helpers will not download files that they did not specifically request that you attach... As you might guess, we have no way of knowing what might be in a downloaded file and malware creators might want to infect our helpers' computers... We allow plenty of room in a post to copy/paste your logs, so please use it rather than attaching a file unless asked... Please read the instructions at the top of each forum and our Instructions http://www.spywareinfoforum.com/index.php?showtopic=79038 Thank you... dds-150725-330pm.txt dds-150725-510pm.txt dds-attach 150725-330pm.txt dds-attach 150725-510pm.txt
  2. thanks very much for your courteous help. I will try the forum you recommended. I’m curious whether the fixes that were done were important on their own, separate from the question of whether they affected the main problems that concern me. For example, do you know whether some of them represent malware or are they just detritus from imperfect installations and updates?
  3. Thanks nasdaq for the suggestion. Unfortunately, this kb entry appears to refer to Windows 3.1 and is not relevant. By searching MS support, I found kb/957009, which said a time synchronization problem could be a cause. I re-sync’d to internet time. This didn’t work. -- Another experiment. I changed the Workgroup name After the change, I rebooted (as required) I found that the Net View command succeeded, but showed only the local pc. I found that browsing the windows network shows the new workgroup name (only this one), with the local pc listed as a member. When I open the local pc, I see its shares. I still cannot see the other pc’s on the lan. This is either a small bit of progress or just a fluke resulting from the reboot. -- I noticed that there is another Farbar software, called Farbar Service Scanner. Could this be helpful? I’m curious whether the fixes that were done were important on their own, separate from the question of whether they affected the main problems that concern me.
  4. After reboot net view command produced the 6118 error, as before.
  5. I ran the FRST fix. here's the log. I have not yet exercised the pc to see its behavior. === Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by Don at 2015-07-09 09:06:04 Run:1 Running from C:\Documents and Settings\Don\Desktop\Anti-Spyware Loaded Profiles: Don (Available Profiles: Don & User) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: EmptyTemp: CloseProcesses: HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION Toolbar: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X] U1 WS2IFSL; No ImagePath CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File End ***************** Restore point was successfully created. Processes closed successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => value restored successfully HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully. HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. cerc6 => Service removed successfully. IntelIde => Service removed successfully. MREMP50 => Service removed successfully. MREMPR5 => Service removed successfully. \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] => Error: No automatic fix found for this entry. MRENDIS5 => Service removed successfully. MRESP50 => Service removed successfully. WS2IFSL => Service removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}" => key removed successfully. Files\Intuit\QuickBooks\BbfDepCalc.ocx No File => Error: No automatic fix found for this entry. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}" => key removed successfully. CustomCLSID: => key could not remove. ErrorCode: 0xC000003B HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File => Error: No automatic fix found for this entry. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}" => key removed successfully. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}" => key removed successfully. Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File => Error: No automatic fix found for this entry. "HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}" => key removed successfully. EmptyTemp: => 618.9 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 09:07:15 ====
  6. Here is the FRST log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015 Ran by Don (administrator) on ASM20 on 09-07-2015 00:07:20 Running from C:\Documents and Settings\Don\Desktop\Anti-Spyware Loaded Profiles: Don (Available Profiles: Don & User) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe () C:\WINDOWS\system32\WLTRYSVC.EXE (Dell Inc.) C:\WINDOWS\system32\BCMWLTRY.EXE (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (CMS Products™, Inc.) C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (ArcSoft, Inc.) C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\WINDOWS\system32\WLTRAY.EXE (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Creative Technology Ltd.) C:\WINDOWS\OA015Mon.exe (Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Hewlett-Packard) C:\Program Files\HP\Button Manager\BM.exe (Insight Software Solutions) C:\Program Files\Keyboard Express 3\keyexp.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (ActiveState Tool Corp.) C:\Program Files\POPFile\wperl.exe () C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AESTFltr] => C:\WINDOWS\system32\AESTFltr.exe [737280 2009-07-07] (Andrea Electronics Corporation) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [495708 2010-05-19] (IDT, Inc.) HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-03] (Dell Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [292208 2010-06-04] (Alps Electric Co., Ltd.) HKLM\...\Run: [OA015Mon] => C:\WINDOWS\OA015Mon.exe [24576 2009-12-08] (Creative Technology Ltd.) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-24] (Google) HKLM\...\Run: [intuit SyncManager] => C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-02-27] (Intuit Inc. All rights reserved.) HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128232 2009-04-02] (CyberLink Corp.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-09-16] (RealNetworks, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\...\MountPoints2: {8daf831e-53bf-11e4-bfb9-5c260a241128} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssstars.scr [14336 2008-04-13] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation) AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2012-08-24] (Google) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk [2011-04-02] ShortcutTarget: Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe (Adobe Systems Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BounceBack Launcher.lnk [2012-09-30] ShortcutTarget: BounceBack Launcher.lnk -> C:\Program Files\CMS Products\BounceBack Express\BBStartup.exe () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk [2013-06-16] ShortcutTarget: HP Button Manager.lnk -> C:\Program Files\HP\Button Manager\BM.exe (Hewlett-Packard) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2012-09-29] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Keyboard Express 3.lnk [2012-08-25] ShortcutTarget: Keyboard Express 3.lnk -> C:\Program Files\Keyboard Express 3\keyexp.exe (Insight Software Solutions) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [2011-04-03] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2012-09-29] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2012-09-29] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to announce.lnk [2013-06-14] ShortcutTarget: Shortcut to announce.lnk -> C:\announce.txt () Startup: C:\Documents and Settings\Don\Start Menu\Programs\Startup\Run POPFile in background.lnk [2012-10-21] ShortcutTarget: Run POPFile in background.lnk -> C:\Program Files\POPFile\wperl.exe (ActiveState Tool Corp.) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Don\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Don\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Don\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Documents and Settings\Don\Application Data\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asmicro.com/applications/faq.htm HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "about:newtab" <======= ATTENTION SearchScopes: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=v-cHcpoFM6ZG5QzMpex4H-Z9FCM?q={searchTerms} BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2014-05-08] (Adobe Systems Incorporated) BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2013-08-14] (RealDownloader) BHO: Watch for Browser Events -> {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} -> C:\Program Files\Keyboard Express 3\kie.dll [2004-02-23] (Insight Software Solutions) Toolbar: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2B24B8F5-8FAD-4933-8E6C-3CAAEEA4D217} http://wireless-ucsecure.uchicago.edu/tools/xc_loader_activex.ocx DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://141.213.21.113/activex/AMC.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2015-02-27] (Intuit, Inc.) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll [2010-03-18] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{AB40CA81-8F91-4E57-93EA-2840F7062DD6}: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{B170342D-2DB5-4E53-9F22-2489A561518E}: [DhcpNameServer] 192.168.1.1 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.) FF Plugin: @canon.com/MycameraPlugin -> C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2013-10-09] (GARMIN Corp.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll [2013-09-16] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2013-08-14] (RealNetworks, Inc.) FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll [2013-09-16] (RealPlayer) FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2013-08-14] (RealDownloader) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-08-03] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1060284298-1965331169-1801674531-1003: @citrixonline.com/appdetectorplugin -> C:\Documents and Settings\Don\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll [2014-05-02] (Citrix Online) FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Don\Application Data\mozilla\plugins\npatgpc.dll [2015-06-26] (Cisco WebEx LLC) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-12-26] FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-16] Chrome: ======= CHR Profile: C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-07] CHR Extension: (Google Drive) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-07] CHR Extension: (YouTube) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-07] CHR Extension: (Google Search) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-07] CHR Extension: (RealDownloader) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-07-07] CHR Extension: (Cisco WebEx Extension) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-06-26] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12] CHR Extension: (Google Wallet) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-07] CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 BBWatcherService; C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe [36864 2008-01-02] (CMS Products™, Inc.) [File not signed] R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) [File not signed] R2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2010-03-24] (Broadcom Corporation) R2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2010-03-24] (Broadcom Corporation) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-08-24] (Google) S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () [File not signed] R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 QBCFMonitorService; C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-02-27] (Intuit) [File not signed] S3 QBFCService; C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-12-06] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-12-06] (Intuit Inc.) [File not signed] R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 STacSV; C:\Program Files\IDT\WDM\stacsv.exe [245842 2010-05-19] (IDT, Inc.) R2 uCamMonitor; C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) R2 wltrysvc; C:\WINDOWS\System32\bcmwltry.exe [2404352 2010-02-03] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 Acceler; C:\WINDOWS\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics) R3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation) R3 ArcSoftKsUFilter; C:\WINDOWS\System32\DRIVERS\ArcSoftKsUFilter.sys [14336 2008-04-25] (ArcSoft, Inc.) R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-03] (Broadcom Corporation) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 cvusbdrv; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation) S3 DCamUSBNovatek; C:\WINDOWS\System32\Drivers\nvtcam.sys [2696960 2010-07-14] (Hewlett-Packard) S3 DiMeiMC; C:\WINDOWS\System32\Drivers\DiMeiMC.sys [7832 2009-01-07] () [File not signed] R3 e1kexpress; C:\WINDOWS\System32\DRIVERS\e1k5132.sys [168616 2010-04-06] (Intel Corporation) R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [685056 2005-07-28] (Aladdin Knowledge Systems Ltd.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [98520 2015-07-08] (Malwarebytes Corporation) R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 OA015Afx; C:\WINDOWS\system32\Drivers\OA015Afx.sys [134144 2009-05-28] (Creative Technology Ltd.) R3 OA015Vid; C:\WINDOWS\System32\DRIVERS\OA015Vid.sys [273568 2010-05-31] (Creative Technology Ltd.) R0 PBADRV; C:\WINDOWS\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) R2 risdpcie; C:\WINDOWS\System32\DRIVERS\risdpe86.sys [59904 2010-03-19] (REDC) R0 stdflt; C:\WINDOWS\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1660691 2010-05-19] (IDT, Inc.) S0 cerc6; No ImagePath S4 IntelIde; No ImagePath S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-09 00:07 - 2015-07-09 00:07 - 00000000 ____D C:\FRST 2015-07-08 23:46 - 2015-07-09 00:07 - 00000000 ____D C:\Documents and Settings\Don\Local Settings\Temp 2015-07-08 23:46 - 2015-07-08 23:46 - 00000000 ____D C:\Documents and Settings\User\Local Settings\Temp 2015-07-08 23:46 - 2015-07-08 23:46 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp 2015-07-08 23:46 - 2015-07-08 23:46 - 00000000 ____D C:\Documents and Settings\Default User\Local Settings\Temp 2015-07-08 23:46 - 2015-07-08 23:28 - 00024064 _____ C:\WINDOWS\zoek-delete.exe 2015-07-08 23:28 - 2015-07-08 23:42 - 00000000 ____D C:\zoek_backup 2015-07-08 15:55 - 2015-07-08 15:55 - 00008691 _____ C:\Documents and Settings\Don\My Documents\RAW.dat 2015-06-30 16:00 - 2015-06-30 16:03 - 00000000 ____D C:\Documents and Settings\Don\My Documents\WD-1506 2015-06-26 15:01 - 2015-06-26 15:02 - 00000000 ____D C:\Program Files\WebEx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-09 00:07 - 2012-10-20 11:17 - 00000000 ____D C:\Documents and Settings\Don\Desktop\Anti-Spyware 2015-07-08 23:58 - 2014-04-03 00:55 - 00000384 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job 2015-07-08 23:58 - 2010-12-25 19:20 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp 2015-07-08 23:55 - 2012-08-08 23:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-07-08 23:52 - 2011-04-02 18:48 - 00000000 ____D C:\Temp 2015-07-08 23:52 - 2010-12-25 13:39 - 00655364 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-07-08 23:51 - 2010-12-25 19:17 - 01213999 _____ C:\WINDOWS\WindowsUpdate.log 2015-07-08 23:50 - 2012-09-30 22:37 - 00000000 ____D C:\Program Files\POPFile 2015-07-08 23:50 - 2011-04-02 18:39 - 00000000 ____D C:\Program Files\Keyboard Express 3 2015-07-08 23:49 - 2014-03-14 20:40 - 00000218 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-07-08 23:49 - 2013-07-07 15:19 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-08 23:49 - 2013-02-04 11:31 - 00000282 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 23:49 - 2013-02-04 11:31 - 00000274 _____ C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 23:49 - 2012-10-27 23:16 - 00000274 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 23:49 - 2008-04-13 19:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-07-08 23:48 - 2014-04-22 10:17 - 00098520 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-07-08 23:48 - 2012-08-25 15:16 - 08405015 _____ C:\WINDOWS\TempFile 2015-07-08 23:48 - 2010-12-25 19:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-07-08 23:48 - 2010-12-25 13:40 - 00000159 _____ C:\WINDOWS\wiadebug.log 2015-07-08 23:48 - 2010-12-25 13:40 - 00000048 _____ C:\WINDOWS\wiaservc.log 2015-07-08 23:46 - 2013-10-11 07:55 - 00820416 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2015-07-08 23:46 - 2012-09-30 14:16 - 00679517 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1060284298-1965331169-1801674531-1003-0.dat 2015-07-08 23:46 - 2012-09-30 14:16 - 00137242 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2015-07-08 23:46 - 2010-12-25 19:23 - 00000178 ___SH C:\Documents and Settings\Don\ntuser.ini 2015-07-08 23:46 - 2010-12-25 19:20 - 00032398 _____ C:\WINDOWS\SchedLgU.Txt 2015-07-08 23:42 - 2012-08-19 10:08 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2015-07-08 23:42 - 2010-12-25 19:23 - 00000000 ____D C:\Documents and Settings\Don 2015-07-08 23:36 - 2014-01-24 02:22 - 00000510 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 23:26 - 2013-07-07 15:19 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-08 23:23 - 2011-04-03 00:03 - 00002479 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk 2015-07-08 20:30 - 2015-01-02 20:25 - 02351104 _____ C:\Documents and Settings\Don\My Documents\DC Timelog 150101on.xls 2015-07-08 19:55 - 2012-08-08 23:41 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-07-08 19:55 - 2012-08-08 23:41 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-07-08 19:48 - 2015-05-30 17:07 - 00000606 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 15:00 - 2014-03-14 20:40 - 00000212 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-07-08 10:19 - 2011-04-03 00:03 - 00002477 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk 2015-07-08 09:59 - 2012-10-27 23:16 - 00000282 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-08 02:22 - 2012-09-30 21:28 - 00000000 ____D C:\Documents and Settings\Don\Local Settings\Application Data\BounceBack Express 2015-07-07 23:38 - 2013-02-25 00:17 - 00000322 ____N C:\WINDOWS\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1060284298-1965331169-1801674531-1003.job 2015-07-07 18:27 - 2013-07-07 15:20 - 00001813 ____N C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-07-07 09:39 - 2011-04-02 16:17 - 00000000 ____D C:\Documents and Settings\Don\My Documents\My PSP8 Files 2015-07-06 18:33 - 2011-04-03 00:03 - 00002465 ____N C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk 2015-07-06 10:03 - 2014-04-22 10:07 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-07-05 06:11 - 2012-10-20 15:16 - 00246952 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2015-07-03 00:07 - 2010-12-25 13:32 - 00000000 ____D C:\WINDOWS\Help 2015-07-01 10:59 - 2012-09-29 12:25 - 00000000 ____D C:\Documents and Settings\Don\Application Data\Skype 2015-06-27 13:28 - 2014-04-22 10:08 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-06-27 13:28 - 2012-10-20 16:17 - 00000777 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-06-26 16:20 - 2015-04-21 10:58 - 00000000 ____D C:\Documents and Settings\Don\Local Settings\Application Data\WebEx 2015-06-22 22:41 - 2012-09-22 13:19 - 00000000 __SHD C:\WINDOWS\CSC 2015-06-18 21:06 - 2012-11-01 16:55 - 00000000 ____D C:\V614r1 2015-06-18 08:41 - 2014-04-22 10:07 - 00121560 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-06-18 08:41 - 2012-10-20 16:17 - 00023256 ____N (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-06-16 22:24 - 2014-03-19 13:03 - 00000754 ____N C:\WINDOWS\wordpad.INI 2015-06-10 12:17 - 2013-07-15 15:19 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-06-10 12:11 - 2010-12-26 01:24 - 136900096 ____N (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-06-09 02:34 - 2011-04-02 18:50 - 00000000 ____D C:\V531r1 ==================== Files in the root of some directories ======= 2012-09-29 17:20 - 2012-09-29 17:24 - 0000918 ____N () C:\Documents and Settings\Don\Local Settings\Application Data\admin.anduril 2012-08-24 12:01 - 2015-02-12 17:00 - 0024064 ____N () C:\Documents and Settings\Don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-10-21 20:39 - 2012-10-21 20:39 - 0001292 ____N () C:\Documents and Settings\Don\Local Settings\Application Data\FASTWiz.html ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ and here is the FRST Addition log: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015 Ran by Don at 2015-07-09 00:07:58 Running from C:\Documents and Settings\Don\Desktop\Anti-Spyware Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1060284298-1965331169-1801674531-500 - Administrator - Enabled) ASPNET (S-1-5-21-1060284298-1965331169-1801674531-1005 - Limited - Enabled) Don (S-1-5-21-1060284298-1965331169-1801674531-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Don Guest (S-1-5-21-1060284298-1965331169-1801674531-501 - Limited - Enabled) HelpAssistant (S-1-5-21-1060284298-1965331169-1801674531-1000 - Limited - Disabled) SUPPORT_388945a0 (S-1-5-21-1060284298-1965331169-1801674531-1002 - Limited - Disabled) User (S-1-5-21-1060284298-1965331169-1801674531-1004 - Limited - Enabled) => %SystemDrive%\Documents and Settings\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7.30 (HKLM\...\{C0D81D7D-EF7F-4E07-B68A-AA2A5CD94C30}) (Version: 7.30.1 - Veeco) AccelerometerP11 (HKLM\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.00.12 - STMicroelectronics) ACT! (HKLM\...\ACT!) (Version: - ) Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.) Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated) Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) AJC Directory Synchronizer v1.16.6 (HKLM\...\AJC Directory Synchronizer_is1) (Version: - AJC Software) Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AXIS Media Control (HKLM\...\AXIS Media Control) (Version: - ) BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden BounceBack Express (HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\...\{95632566-071E-4A02-92C1-4BD907065736}) (Version: 8.0 - CMS Products) Canon Auto Update Service (HKLM\...\Auto Update Service) (Version: 1.1.0.13 - Canon Inc.) Canon Camera Access Library (HKLM\...\CAL) (Version: 8.5.0.2 - Canon Inc.) Canon DIGITAL CAMERA Solution Disk Software Guide (HKLM\...\Software Guide) (Version: 1.6.0.1 - Canon Inc.) CANON iMAGE GATEWAY MyCamera Download Plugin (HKLM\...\MyCamera Download Plugin) (Version: 3.1.1.2 - Canon Inc.) CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.) Canon MOV Decoder (HKLM\...\Canon MOV Decoder) (Version: 1.9.0.8 - Canon Inc.) Canon MOV Encoder (HKLM\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.) Canon PowerShot SX150 IS Camera User Guide (HKLM\...\CameraUserGuide-PSSX150IS) (Version: 1.0.0.1 - Canon Inc.) Canon Utilities CameraWindow DC 8 (HKLM\...\CameraWindowDC8) (Version: 8.6.0.11 - Canon Inc.) Canon Utilities CameraWindow Launcher (HKLM\...\CameraWindowLauncher) (Version: 7.6.0.1 - Canon Inc.) Canon Utilities Movie Uploader for YouTube (HKLM\...\MovieUploaderForYouTube) (Version: 1.3.0.3 - Canon Inc.) Canon Utilities MyCamera (HKLM\...\MyCamera) (Version: 7.5.0.1 - Canon Inc.) Canon Utilities PhotoStitch (HKLM\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM\...\ZoomBrowser EX) (Version: 6.8.0.10 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.) Cisco WebEx Meetings (HKLM\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM\...\{F17C3DC2-2ACA-4B0E-BDBF-ACE61B14E7CD}) (Version: 1.0.183 - Citrix) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Dell ControlVault Host Components Installer (Version: 1.7.459.360 - Broadcom Corporation) Hidden Dell Security Device Driver Pack (HKLM\...\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}) (Version: 1.4.055 - Dell Inc.) Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1007.101.210 - ALPS ELECTRIC CO., LTD.) DiscTrack Plus (HKLM\...\DiscTrack Plus) (Version: - ) Dropbox (HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) DSPDriver (HKLM\...\InstallShield_{5A85B978-5A76-47F0-9CA9-E09A72A702CD}) (Version: 1.00.0000 - Veeco) DSPDriver (Version: 1.00.0000 - Veeco) Hidden DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.) ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - ) Garmin Communicator Plugin (HKLM\...\{032A13FF-D26D-4844-9597-7EF698627985}) (Version: 4.1.0 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.) Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google) Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (Version: 1.3.27.5 - Google Inc.) Hidden GoToMeeting 7.2.2.2970 (HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\...\GoToMeeting) (Version: 7.2.2.2970 - CitrixOnline) Hardlock Device Drivers (HKLM\...\Hardlock Device Drivers) (Version: - ) High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) HiJackThis (HKLM\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro) HP Webcam Software Suite (HKLM\...\{D10FE2E3-B2DE-4B0E-ACBD-F87A566B9649}) (Version: - ArcSoft) HP Webcam Software Suite (HKLM\...\InstallShield_{F96B04F9-26A9-4384-AA17-77EACA1BA40B}) (Version: 1.00.0000 - Hewlett-Packard) IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6285.0 - IDT) Image Importer Wizard (HKLM\...\{20EDB9A7-887F-47ED-B1E6-E2831FAD276F}) (Version: 3.0 - ) Integrated Webcam Driver (1.01.01.0531) (HKLM\...\Creative OA015) (Version: 1.01.01.0531 - Creative Technology Ltd.) Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.2 - Intel) Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.10.5361 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation) Jasc Paint Shop Pro 8 (HKLM\...\{81A34902-9D0B-4920-A25C-4CDC5D14B328}) (Version: 8.00.0000 - Jasc Software Inc) Jasc Paint Shop Pro 8.10 Update Patch (HKLM\...\Jasc Paint Shop Pro 8.10 Update Patch) (Version: - ) Keyboard Express 3 (HKLM\...\Keyboard Express 3) (Version: 3.0 - Insight Software Solutions, Inc.) Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office 2000 SR-1 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.9327 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation) Microsoft SQL Server Management Studio Express (HKLM\...\{20608BFA-6068-48FE-A410-400F2A124C27}) (Version: 9.00.3042.00 - Microsoft Corporation) Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation) Nanoscope 5.31r1 (HKLM\...\Nanoscope 5.31r1) (Version: - ) NanoScope Analysis (HKLM\...\{9DE085E2-5F55-499F-9479-4CC8F21C14CE}) (Version: 1.40 - Bruker) National Instruments Software (HKLM\...\NI Uninstaller) (Version: - ) Network ScanGear Ver.1.4 (HKLM\...\{16EFC313-F083-4C16-AEB7-1FF1A4343540}) (Version: - ) NI LabVIEW Run-Time Engine 7.1 (Version: 7.1.157 - National Instruments) Hidden Passport 5 (HKLM\...\{A4688EFB-59DB-42F6-9118-36EDFC7C93E3}) (Version: 5.07.02 - ASAP Systems) PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5408 - CyberLink Corp.) QuickBooks (Version: 22.0.4016.2206 - Intuit Inc.) Hidden QuickBooks File Doctor (HKLM\...\{183FB66D-0455-4713-824A-0BD0C7EDDA5E}) (Version: 3.6.8 - Intuit) QuickBooks Pro 2012 (HKLM\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4016.2206 - Intuit Inc.) QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.) RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden RICOH Media Driver ver.2.11.01.02 (HKLM\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.11.01.02 - RICOH) Roxio Creator DE 10.3 (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.3 - Roxio) Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.) SPIP (Version: 6.2.6 - Image Metrology) Hidden SPIP (Version: 6.3.4 - Image Metrology) Hidden SPIP 6.2.6 (HKLM\...\InstallShield_{DE44D573-6FEE-4E19-A566-6B76F1910B3C}) (Version: 6.2.6 - Image Metrology) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TexasInstVCPDriver (HKLM\...\InstallShield_{5B4D3C86-33EF-4E69-8A93-E09055457C96}) (Version: 1.00.0000 - Veeco) TexasInstVCPDriver (Version: 1.00.0000 - Veeco) Hidden UPEK TouchChip Fingerprint Reader (Version: 1.2.0 - Dell Inc.) Hidden V614r1 (HKLM\...\{9B102AE1-04B4-473F-8C5F-F5FAF245E99C}) (Version: 6.14.0001 - Veeco) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WinDirStat 1.1.2 (HKU\S-1-5-21-1060284298-1965331169-1801674531-1003\...\WinDirStat) (Version: - ) Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) Windows Driver Package - Digital Instruments, Inc (umpusbxp) MultiportSerial (11/01/2004 1.2.11.03) (HKLM\...\8F6CE51DC42BBD5E6AA0B8FAE79C78953B60F507) (Version: 11/01/2004 1.2.11.03 - Digital Instruments, Inc) Windows Driver Package - Sheldon Instruments (SIPLXWDM) SIPLXWDM (01/12/2006 ) (HKLM\...\2D9D0338A06B2F657E88D8BB8A97DC4CE8DC616B) (Version: 01/12/2006 - Sheldon Instruments) Windows Driver Package - Texas Instruments (umpusbxp) Ports (11/01/2004 1.2.11.03) (HKLM\...\0E59206838A6ED10C029ADE214ED1C78B8ACAC12) (Version: 11/01/2004 1.2.11.03 - Texas Instruments) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) WinZip (HKLM\...\WinZip) (Version: 9.0 SR-1 (6224) - WinZip Computing, Inc.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Documents and Settings\Don\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{05EC5C13-D255-4592-9CCB-98615172F0D6}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{0ADF9C35-0D5E-4B75-88DD-B64868907E17}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{123FAF7F-3FB1-4B8F-AD18-0047401D436A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{37A2FC00-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{37A2FC02-1795-4679-94A3-A153F1A8BB54}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{4716D3CE-55DB-4D2A-818C-87D912895890}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{4844F3F7-2161-4AC4-B219-B3B4311782AA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{4A56F19E-9F50-4F43-93C8-050E44AA83A9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{4CA41277-032D-4a20-B225-371EBA96ABF2}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{4E5E74B5-8EB5-4859-A335-837EED412620}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5428A9ED-6CD8-11D6-9C8A-0001023DCAA2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{547C8F00-5567-4AE3-8BB0-CC3CE2AB9070}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{57D590F1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{596801D8-2C9D-4627-9C67-195CB81B655A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5B7331FA-8910-4748-A8A4-60B445041F28}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{5ED8AC89-B2DE-476D-8EEA-E170B2FCB058}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{7694F1CD-A55B-4B7C-8820-A90892EB4E9E}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{7DBF8260-30AD-4D1B-876A-8032B87B809F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{828E5386-74CF-4019-B356-C857CD028A7D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{82CC31B3-53B4-4161-A4E9-6B4F1290A6C8}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files\Citrix\GoToMeeting\2392\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{8572570D-12D9-4F2C-8BB8-EB8848178B94}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{8E590317-1329-11D1-B70B-00805F29CD16}\localserver32 -> C:\Program Files\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{8FEDE364-AB37-4551-80C9-6D468E222AB2}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F2-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F3-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F4-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F5-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F6-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{9D9B61F7-9E2B-492A-81B3-AA5A1CCFBC3A}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{A63E42D0-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{A63E42D2-9C63-47B5-ABF2-0C839EC20778}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{AF5E0A13-CEAB-47CE-991D-77E82CD1BF3F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{B10BFAC3-EFF1-40D9-ADA0-BEBE037C24CA}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{B66F2BF1-91EB-44CE-8088-AE4AE19D30A1}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBObjProxy.dll (Intuit Inc.) CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll No File CustomCLSID: HKU\S-1-5-21-1060284298-1965331169-1801674531-1003_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll No File CustomCLSID: HKU\S-1-5-2
  7. I ran Zoek as instructed. After the reboot, I was able to run Net view successfully. But it only saw the local pc, not another on the network. That other pc was also able to run net View, and listed itself and my laptop. Neither PC could browse the other using: run \\servername\ Zoek log follows. === Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Don on Wed 07/08/2015 at 23:30:27.78. Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Documents and Settings\Don\Desktop\Anti-Spyware\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 7/8/2015 11:32:56 PM Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Program Files\Garmin deleted successfully C:\Program Files\MSXML 4.0 deleted successfully C:\Program Files\Common Files\SWF Studio deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nuance deleted successfully C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser deleted successfully C:\Documents and Settings\Don\Application Data\Malwarebytes deleted successfully C:\Documents and Settings\NetworkService\Application Data\ID Vault deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Matrox deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\WMTools Downloaded Files deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\Program Files\Garmin not found C:\Program Files\ComPlus Applications deleted C:\Program Files\WindowsUpdate deleted C:\Program Files\Constant Guard Protection Suite deleted C:\Documents and Settings\Don\Application Data\PassportServers.txt deleted C:\Documents and Settings\Don\Application Data\FileDrTool.log deleted C:\Documents and Settings\Don\usrusmt2.tmp deleted C:\DOCUME~1\ALLUSE~1\APPLIC~1\Package Cache deleted C:\Documents and Settings\Don\Local Settings\Application Data\FASTWiz.log deleted C:\Documents and Settings\User\Local Settings\Application Data\d3d9caps.tmp deleted C:\WINDOWS\isRS-000.tmp deleted C:\WINDOWS\SET3.tmp deleted C:\WINDOWS\SET4.tmp deleted C:\WINDOWS\SET8.tmp deleted C:\WINDOWS\system32\GroupPolicy\Adm deleted C:\WINDOWS\system32\GroupPolicy\Machine deleted C:\WINDOWS\system32\GroupPolicy\User deleted C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/16/2013 09:41 AM] ==== Chromium Look ====================== Google Chrome Version: 43.0.2357.132 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions idhngdhcfkoamngbedgpaokgjbnpdiji - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[08/14/2013 03:24 PM] RealDownloader - Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Chrome Hotword Shared Module - Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Fix ====================== C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices110.fidelity.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices110.fidelity.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices120.fidelity.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices200.fidelity.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices200.fidelity.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices300.fidelity.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\https_workplaceservices300.fidelity.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage-journal deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.searshomeservices.com_0.localstorage deleted successfully C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_www.searshomeservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.asmicro.com/applications/faq.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.asmicro.com/applications/faq.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="about:newtab" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{22BBD2F6-EEBD-4C2A-8236-6FDD5FADE20E}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {22BBD2F6-EEBD-4C2A-8236-6FDD5FADE20E} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={ outputEncoding?}" {70D46D94-BF1E-45ED-B567-48701376298E} Google Desktop Url="http://127.0.0.1:4664/search&s=v-cHcpoFM6ZG5QzMpex4H-Z9FCM?q={searchTerms}" ==== Empty IE Cache ====================== C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Don\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully C:\Documents and Settings\Don\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Documents and Settings\Don\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=40 folders=16 15381080 bytes) ==== Empty Temp Folders ====================== C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully C:\Documents and Settings\Don\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully C:\Documents and Settings\NetworkService\Local Settings\Temp will be emptied at reboot C:\Documents and Settings\User\Local Settings\Temp emptied successfully C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\DOCUME~1\Don\LOCALS~1\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\RECYCLER successfully emptied ==== Deleting Files / Folders ====================== "C:\Documents and Settings\Don\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted "C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found "C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_358.dat" not found ==== EOF on Wed 07/08/2015 at 23:49:32.95 ======================
  8. One more recent oddity of my PC. When I open a powerpoint file, the "modified date" changes to the current date.
  9. Network problems on my Dell notebook pc (running Win XP SP3) started in April and were first noted on 4/27/15. The pc is used on two LANs, both are peer to peer networks containing Win XP pc’s. One of these LANs has a Win7 PC. My pc cannot browse the Windows Network beyond seeing the name of its workgroup. At the run command, opening shared folders on other pc’s (like \\server1\d) fails. Error: “The network path was not found.”. To access files on other pc’s on the LAN, the workaround is to “map network drive” using the server’s IP address and the share name. This works. My pc’s print jobs sometimes get lost, especially from adobe reader X. When this happens, status information in Windows Printers indicates that some Data was transferred. After a few minutes, an error is reported - job ‘did not print’. My pc sometimes interferes with network activities of other pc’s, e.g. print jobs from those pc’s may be lost. It is necessary for me to delete the failed job from my pc’s print queue. My pc cannot open certain databases served on other pc’s. I suspect this is related to server name problem, but the mapped drive workaround does not cure this problem. Troubleshooting in windows: The “net view” command fails with error: System error 6118 has occurred. The list of servers for this workgroup is not currently available (The only time Net View succeeded was on a network containing two pc’s and my pc booted first.) Sometimes the net view command fails on another pc on the network when my pc is on that LAN. My pc is not visible to the net view command run on another pc, nor is it listed as a client on the router. Online information found for error 6118 suggests that there is a possible conflict with the “Master Browser”. But I don’t know how to proceed. One day in May we shut down all pc’s on lan. reboot router. started one pc at a time. This identified my pc as the likely cause of network problems. This reboot seemed to eliminate the problem for other pc’s, where they were sometimes unable to browse the network properly. Other info My pc has been protected by MBAM since the beginning. I have followed the instructions for posting to this forum and my diagnostic reports follow. popups -- none hijacked browser - no AV or MBAM detections - no sluggish - no Recently I found that a second Dell notebook PC (XP SP3, with similar but not identical hardware) showed the same has the same “net view” problem. This occurred while my pc was attached to the network. == MBAM log follows === Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 7/2/2015 Scan Time: 12:18:04 AM Logfile: mbam-150702-0031am.txt Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.07.01.05 Rootkit Database: v2015.07.01.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows XP Service Pack 3 CPU: x86 File System: NTFS User: Don Scan Type: Threat Scan Result: Completed Objects Scanned: 379132 Time Elapsed: 24 min, 54 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) === DDS.txt follows === DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by Don at 8:25:04 on 2015-07-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3510.2380 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IDT\WDM\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\CMS Products\BounceBack Express\BBWatcherService.exe c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\DellTPad\Apoint.exe C:\WINDOWS\OA015Mon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\HP\Button Manager\BM.exe C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe C:\Program Files\Keyboard Express 3\keyexp.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files\POPFile\wperl.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.asmicro.com/applications/faq.htm BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll BHO: Watch for Browser Events: {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - c:\program files\keyboard express 3\kie.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe mRun: [iAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [Apoint] c:\program files\delltpad\Apoint.exe mRun: [OA015Mon] c:\windows\OA015Mon.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\don\startm~1\programs\startup\runpop~1.lnk - c:\program files\popfile\wperl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBStartup.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpbutt~1.lnk - c:\program files\hp\button manager\BM.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\intuit~1.lnk - c:\program files\common files\intuit\dataprotect\IntuitDataProtect.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\keyboa~1.lnk - c:\program files\keyboard express 3\keyexp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~2.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\intuit\quickbooks 2012\QBW32.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\announce.txt uPolicies-Explorer: NoDriveTypeAutoRun = dword:255 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2B24B8F5-8FAD-4933-8E6C-3CAAEEA4D217} - hxxp://wireless-ucsecure.uchicago.edu/tools/xc_loader_activex.ocx DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341884454265 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341884447015 DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://141.213.21.113/activex/AMC.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc.cab TCP: NameServer = 192.168.1.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{AB40CA81-8F91-4E57-93EA-2840F7062DD6} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 TCP: Interfaces\{B170342D-2DB5-4E53-9F22-2489A561518E} : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76 Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - c:\program files\intuit\quickbooks 2012\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - Notify: igfxcui - igfxdev.dll AppInit_DLLs= c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\43.0.2357.130\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 231960] R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-12-26 17072] R2 BBWatcherService;BBWatcherService;c:\program files\cms products\bounceback express\BBWatcherService.exe [2012-9-30 36864] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2010-3-24 812448] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2010-3-24 27040] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-12-26 13336] R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-12-26 60928] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-4-22 1871160] R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-4-22 1133880] R2 QBVSS;QBIDPService;c:\program files\common files\intuit\dataprotect\QBIDPService.exe [2011-12-6 1248256] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056] R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-12-25 59904] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\hp webcam software suite\magic-i visual effects 2\uCamMonitor.exe [2013-6-16 104960] R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-12-26 42672] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-12-25 113664] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2013-6-16 14336] R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-12-26 33832] R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-12-26 168616] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-12-26 132480] R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-12-26 260864] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-20 23256] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-4-22 98520] R3 OA015Afx;Provides a software interface to control audio effects of OA015 camera.;c:\windows\system32\drivers\OA015Afx.sys [2010-12-26 134144] R3 OA015Vid;Creative Camera OA015 Function Driver;c:\windows\system32\drivers\OA015Vid.sys [2010-12-26 273568] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008] S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\drivers\nvtcam.sys [2013-6-16 2696960] S3 DiMeiMC;MEI MC Stage;c:\windows\system32\drivers\DiMeiMC.sys [2012-11-12 7832] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2012-8-24 30192] . =============== File Associations =============== . ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE . =============== Created Last 30 ================ . 2015-07-02 02:30:29 9252600 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ddd3640e-0893-4e97-bb41-f780f703de76}\mpengine.dll 2015-07-01 00:43:56 9252600 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2015-06-26 19:01:48 -------- d-----w- c:\program files\WebEx . ==================== Find3M ==================== . 2015-07-02 11:54:47 98520 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-06-24 03:55:29 778416 ------w- c:\windows\system32\FlashPlayerApp.exe 2015-06-24 03:55:29 142512 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-06-18 12:41:46 121560 ------w- c:\windows\system32\drivers\mbamchameleon.sys 2015-06-18 12:41:36 23256 ------w- c:\windows\system32\drivers\mbam.sys . ============= FINISH: 8:25:41.29 =============== ====Security check log follows=== Results of screen317's Security Check version 1.004 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Reader 10.1.11 Adobe Reader out of Date! Google Chrome (43.0.2357.124) Google Chrome (43.0.2357.130) Google Chrome (Plugins...) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 4% ````````````````````End of Log``````````````````````
  10. Since my last post, I've installed some Dell updates and made other software changes. For the most part, the pc is now working ok. I will post a summary of these activities when I get time, as it may be helpful to others who use this forum.
  11. Thanks. I reviewed the MBAM logs. It never detected any bad objects, so it never removed anything. I'll look into the DirectX update. I'll probably post some news in a few days.
  12. After reading about write combining and frame buffers at: http://en.wikipedia.org/wiki/Write-combining and http://en.wikipedia.org/wiki/Framebuffer, I seems to me that the horizontal banded display is a failure that relates to Write combining within the frame buffer.
  13. There are other manifestations of the display problem. On 10/10/12 I was working in Word 2000 when I saw a black background that made a portion of text unreadable. This problem went away when I changed the Word display mode from "Web Layout" to "Normal". "Print layout" was also ok. >>>>Display setting change on 10/10/12<<<< At this time, I changed the Display properties at: Display properties - settings - advanced -troubleshoot the original settings were: Hardware acceleration is Full Enable Write combining is checked I changed to: Hardware accel = None disable write combining and rebooted to apply the new settings. On 10/12/12 I observed that the system seems to be well behaved. The only concern is slow graphic refresh rate. I worked with Word, Powerpoint and GotoMeeting with video display for a total of a couple hours each day on 10/11 and on 10/12. >>>Display setting change<<<< At the end of day on 10/12, I changed the display setting of Hardware acceleration, restoring it to "Full". Although I did not have to reboot, I did so. I saw that Word displayed faster. I left the system on over the weekend. on 10/15/12 the status was ok. but I worked with it only for 10 minutes that day. On 10/16 at noon, there was a problem: start menu would not open a few min. later I found it had opened. graphics painting in Adobe reader is slow - I can see the text area being painted. Later I figured out that this was due to disabling write combining. On 10/17/12 status was ok - able to open and close Start menu without getting the banded display. After working for a couple hours I decided the graphic painting is annoyingly slow. I enabled write combining at 427pm Reboot was required. I worked with the system for another hour with no problems. I left it on overnight. 10/18/12 - this morning I ran the DxDiag and have been working with the system for 1.5 hours with no problems.
  14. You asked: Do you remember when you started experiencing these things? Did it start suddenly or just gradually get worse? === I reviewed my notes. The problem started suddenly on 10/1/12, after the very first time that MBAM ran a scheduled scan. (See my very first post on this topic for additional details.)
  15. Sorry, I missed your earlier post. Here are the results from DxDiag. === ------------------ System Information ------------------ Time of this report: 10/18/2012, 09:30:21 Machine name: ASM20 Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_qfe.120821-1630) Language: English (Regional Setting: English) System Manufacturer: Dell Inc. System Model: Latitude E6510 BIOS: Default System BIOS Processor: Intel® Core i5 CPU M 460 @ 2.53GHz (4 CPUs) Memory: 3510MB RAM Page File: 919MB used, 4470MB available Windows Dir: C:\WINDOWS DirectX Version: DirectX 9.0c (4.09.0000.0904) DX Setup Parameters: Not found DxDiag Version: 5.03.2600.5512 32bit Unicode ------------ DxDiag Notes ------------ DirectX Files Tab: No problems found. Display Tab 1: No problems found. DirectDraw test results: All tests were successful. Direct3D 7 test results: All tests were successful. Direct3D 8 test results: All tests were successful. Direct3D 9 test results: All tests were successful. Sound Tab 1: DirectSound test results: All tests were successful. Music Tab: DirectMusic test results: All tests were successful. Input Tab: No problems found. Network Tab: No problems found. DirectPlay test results: All tests were successful. -------------------- DirectX Debug Levels -------------------- Direct3D: 0/4 (n/a) DirectDraw: 0/4 (retail) DirectInput: 0/5 (n/a) DirectMusic: 0/5 (n/a) DirectPlay: 0/9 (retail) DirectSound: 0/5 (retail) DirectShow: 0/6 (retail) --------------- Display Devices --------------- Card name: Intel® HD Graphics Manufacturer: Intel Corporation Chip type: Intel® HD Graphics (Core i5) DAC type: Internal Device Key: Enum\PCI\VEN_8086&DEV_0046&SUBSYS_040B1028&REV_02 Display Memory: 256.0 MB Current Mode: 1920 x 1080 (32 bit) (60Hz) Monitor: Plug and Play Monitor Monitor Max Res: 1600,1200 Driver Name: igxprd32.dll Driver Version: 6.14.0010.5284 (English) DDI Version: 9 (or higher) Driver Attributes: Final Retail Driver Date/Size: 7/20/2010 22:57:46, 58368 bytes WHQL Logo'd: Yes WHQL Date Stamp: n/a VDD: n/a Mini VDD: igxpmp32.sys Mini VDD Date: 7/20/2010 22:57:48, 2003584 bytes Device Identifier: {D7B78E66-4306-11CF-3C67-0124A3C2CB35} Vendor ID: 0x8086 Device ID: 0x0046 SubSys ID: 0x040B1028 Revision ID: 0x0002 Revision ID: 0x0002 Video Accel: Deinterlace Caps: n/a Registry: OK DDraw Status: Enabled D3D Status: Enabled AGP Status: Not Available DDraw Test Result: All tests were successful. D3D7 Test Result: All tests were successful. D3D8 Test Result: All tests were successful. D3D9 Test Result: All tests were successful. ------------- Sound Devices ------------- Description: IDT Audio Default Sound Playback: Yes Default Voice Playback: Yes Hardware ID: HDAUDIO\FUNC_01&VEN_111D&DEV_76D5&SUBSYS_1028040B&REV_1001 Manufacturer ID: 1 Product ID: 100 Type: WDM Driver Name: sthda.sys Driver Version: 5.10.6285.0000 (English) Driver Attributes: Final Retail WHQL Logo'd: Yes Date and Size: 5/19/2010 00:42:02, 1660691 bytes Other Files: Driver Provider: IDT HW Accel Level: Full Cap Flags: 0xB5B Min/Max Sample Rate: 44100, 192000 Static/Strm HW Mix Bufs: 1, 0 Static/Strm HW 3D Bufs: 0, 0 HW Memory: 0 Voice Management: No EAX 2.0 Listen/Src: No, No I3DL2 Listen/Src: No, No Sensaura ZoomFX: No Registry: OK Sound Test Result: All tests were successful. --------------------- Sound Capture Devices --------------------- Description: IDT Audio Default Sound Capture: Yes Default Voice Capture: Yes Driver Name: sthda.sys Driver Version: 5.10.6285.0000 (English) Driver Attributes: Final Retail Date and Size: 5/19/2010 00:42:02, 1660691 bytes Cap Flags: 0x41 Format Flags: 0xCC0 ----------- DirectMusic ----------- DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS DLS Version: 1.00.0016.0002 Acceleration: n/a Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port Microsoft MIDI Mapper [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal Microsoft GS Wavetable SW Synth [Emulated], Hardware (Not Kernel Mode), Output, No DLS, Internal Registry: OK Test Result: All tests were successful. ------------------- DirectInput Devices ------------------- Device Name: Mouse Attached: 1 Controller ID: n/a Vendor/Product ID: n/a FF Driver: n/a Device Name: Keyboard Attached: 1 Controller ID: n/a Vendor/Product ID: n/a FF Driver: n/a Poll w/ Interrupt: No Registry: OK ----------- USB Devices ----------- + USB Root Hub | Vendor/Product ID: 0x8086, 0x3B34 | Matching Device ID: usb\root_hub20 | Service: usbhub | Driver: usbhub.sys, 4/14/2008 01:15:38, 59520 bytes | Driver: usbd.sys, 4/13/2008 19:00:00, 4736 bytes | +-+ Generic USB Hub | | Vendor/Product ID: 0x8087, 0x0020 | | Location: USB Device | | Matching Device ID: usb\class_09 | | Service: usbhub | | Driver: usbhub.sys, 4/14/2008 01:15:38, 59520 bytes | | | +-+ USB Human Interface Device | | | Vendor/Product ID: 0x045E, 0x00CB | | | Location: Microsoft Basic Optical Mouse v2.0 | | | Matching Device ID: usb\class_03&subclass_01 | | | Service: HidUsb | | | Driver: hidusb.sys, 4/13/2008 19:00:00, 10368 bytes | | | Driver: hidclass.sys, 4/13/2008 19:00:00, 36864 bytes | | | Driver: hidparse.sys, 4/13/2008 19:00:00, 24960 bytes | | | Driver: hid.dll, 4/13/2008 19:00:00, 20992 bytes | | | | | +-+ HID-compliant mouse | | | | Vendor/Product ID: 0x045E, 0x00CB | | | | Matching Device ID: hid_device_system_mouse | | | | Service: mouhid | | | | Driver: mouclass.sys, 4/14/2008 01:09:48, 23040 bytes | | | | Driver: mouhid.sys, 4/13/2008 19:00:00, 12160 bytes ---------------- Gameport Devices ---------------- ------------ PS/2 Devices ------------ + Standard 101/102-Key or Microsoft Natural PS/2 Keyboard | Matching Device ID: *pnp0303 | Service: i8042prt | Driver: i8042prt.sys, 4/14/2008 01:48:02, 52480 bytes | Driver: kbdclass.sys, 4/13/2008 19:00:00, 24576 bytes | + Terminal Server Keyboard Driver | Matching Device ID: root\rdp_kbd | Upper Filters: kbdclass | Service: TermDD | Driver: termdd.sys, 4/14/2008 06:43:22, 40840 bytes | Driver: kbdclass.sys, 4/13/2008 19:00:00, 24576 bytes | + Dell Touchpad | Matching Device ID: acpi\dll040b | Upper Filters: ApfiltrService | Service: i8042prt | + Terminal Server Mouse Driver | Matching Device ID: root\rdp_mou | Upper Filters: mouclass | Service: TermDD | Driver: termdd.sys, 4/14/2008 06:43:22, 40840 bytes | Driver: mouclass.sys, 4/14/2008 01:09:48, 23040 bytes ---------------------------- DirectPlay Service Providers ---------------------------- DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512) DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512) DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512) DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512) Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512) IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512) Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512) Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512) DirectPlay Voice Wizard Tests: Full Duplex: Passed, Half Duplex: Passed, Mic: Passed DirectPlay Test Result: All tests were successful. Registry: OK ------------------- DirectPlay Adapters ------------------- DirectPlay8 TCP/IP Service Provider: Wireless Network Connection - IPv4 - ----------------------- DirectPlay Voice Codecs ----------------------- Voxware VR12 1.4kbit/s Voxware SC06 6.4kbit/s Voxware SC03 3.2kbit/s MS-PCM 64 kbit/s MS-ADPCM 32.8 kbit/s Microsoft GSM 6.10 13 kbit/s TrueSpeech 8.6 kbit/s ------------------------- DirectPlay Lobbyable Apps ------------------------- ------------------------ Disk & DVD/CD-ROM Drives ------------------------ Drive: C: Free Space: 80.4 GB Total Space: 100.0 GB File System: NTFS Model: WDC WD3200BEKT-00KA9T0 Drive: D: Free Space: 2.0 GB Total Space: 2.0 GB File System: NTFS Model: WDC WD3200BEKT-00KA9T0 Drive: E: Free Space: 202.2 GB Total Space: 203.2 GB File System: NTFS Model: WDC WD3200BEKT-00KA9T0 Drive: R: Model: PLDS DVD+-RW DU-8A3S Driver: c:\windows\system32\drivers\cdrom.sys, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 62976 bytes -------------- System Devices -------------- Name: Microsoft UAA Bus Driver for High Definition Audio Device ID: PCI\VEN_8086&DEV_3B56&SUBSYS_040B1028&REV_05\3&11583659&0&D8 Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 19:00:00, 144384 bytes Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 4 - 3B48 Device ID: PCI\VEN_8086&DEV_3B48&SUBSYS_00000000&REV_05\3&11583659&0&E3 Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:46, 68224 bytes Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 3 - 3B46 Device ID: PCI\VEN_8086&DEV_3B46&SUBSYS_00000000&REV_05\3&11583659&0&E2 Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:46, 68224 bytes Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 2 - 3B44 Device ID: PCI\VEN_8086&DEV_3B44&SUBSYS_00000000&REV_05\3&11583659&0&E1 Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:46, 68224 bytes Name: Intel® 5 Series/3400 Series Chipset Family PCI Express Root Port 1 - 3B42 Device ID: PCI\VEN_8086&DEV_3B42&SUBSYS_00000000&REV_05\3&11583659&0&E0 Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:46, 68224 bytes Name: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B3C Device ID: PCI\VEN_8086&DEV_3B3C&SUBSYS_040B1028&REV_05\3&11583659&0&D0 Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/14/2008 01:15:36, 30208 bytes Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5551 (English), 2/27/2008 12:02:34, 144128 bytes Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 06:42:10, 74240 bytes Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 01:15:38, 59520 bytes Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 7168 bytes Name: Intel® 5 Series/3400 Series Chipset Family USB Enhanced Host Controller - 3B34 Device ID: PCI\VEN_8086&DEV_3B34&SUBSYS_040B1028&REV_05\3&11583659&0&E8 Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/14/2008 01:15:36, 30208 bytes Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5551 (English), 2/27/2008 12:02:34, 144128 bytes Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/14/2008 06:42:10, 74240 bytes Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/14/2008 01:15:38, 59520 bytes Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 7168 bytes Name: Intel® Turbo Boost Technology Driver Device ID: PCI\VEN_8086&DEV_3B32&SUBSYS_040B1028&REV_05\3&11583659&0&FE Driver: C:\WINDOWS\system32\DRIVERS\Impcd.sys, 1.02.0000.1002 (English), 2/27/2010 00:31:24, 132480 bytes Name: Intel® 5 Series/3400 Series Chipset Family SMBus Controller - 3B30 Device ID: PCI\VEN_8086&DEV_3B30&SUBSYS_040B1028&REV_05\3&11583659&0&FB Driver: n/a Name: Intel® QM57 Express Chipset LPC Interface Controller - 3B07 Device ID: PCI\VEN_8086&DEV_3B07&SUBSYS_00000000&REV_05\3&11583659&0&F8 Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:42, 37248 bytes Name: Reserved - 2D13 Device ID: PCI\VEN_8086&DEV_2D13&SUBSYS_00000000&REV_02\3&4F11E61&0&13 Driver: n/a Name: Reserved - 2D12 Device ID: PCI\VEN_8086&DEV_2D12&SUBSYS_00000000&REV_02\3&4F11E61&0&12 Driver: n/a Name: QPI Physical 0 - 2D11 Device ID: PCI\VEN_8086&DEV_2D11&SUBSYS_00000000&REV_02\3&4F11E61&0&11 Driver: n/a Name: QPI Link 0 - 2D10 Device ID: PCI\VEN_8086&DEV_2D10&SUBSYS_00000000&REV_02\3&4F11E61&0&10 Driver: n/a Name: QuickPath Architecture System Address Decoder - 2D01 Device ID: PCI\VEN_8086&DEV_2D01&SUBSYS_00000000&REV_02\3&4F11E61&0&01 Driver: n/a Name: QuickPath Architecture Generic Non-core Registers - 2C62 Device ID: PCI\VEN_8086&DEV_2C62&SUBSYS_00000000&REV_02\3&4F11E61&0&00 Driver: n/a Name: Intel® ICH8M-E/ICH9M-E/5 Series SATA RAID Controller Device ID: PCI\VEN_8086&DEV_282A&SUBSYS_040B1028&REV_05\3&11583659&0&FA Driver: C:\WINDOWS\system32\DRIVERS\iaStor.sys, 9.06.0000.1014 (English), 3/3/2010 20:33:26, 435736 bytes Name: Intel® 82801 PCI Bridge - 2448 Device ID: PCI\VEN_8086&DEV_2448&SUBSYS_00000000&REV_A5\3&11583659&0&F0 Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/14/2008 01:06:46, 68224 bytes Name: Intel® 82577LM Gigabit Network Connection Device ID: PCI\VEN_8086&DEV_10EA&SUBSYS_040B1028&REV_05\3&11583659&0&C8 Driver: C:\WINDOWS\system32\DRIVERS\e1k5132.sys, 11.06.0092.0000 (English), 4/6/2010 01:35:56, 168616 bytes Driver: C:\WINDOWS\system32\e1k5132.din, 10/9/2009 12:43:54, 3187 bytes Driver: C:\WINDOWS\system32\NicCo2.dll, 1.02.0000.0000 (English), 8/7/2007 02:28:34, 28272 bytes Driver: C:\WINDOWS\system32\NicInstK.dll, 9.10.0041.0000 (English), 4/14/2010 01:47:46, 74944 bytes Driver: C:\WINDOWS\system32\e1kmsg.dll, 10.00.0059.0000 (English), 4/2/2010 01:56:24, 68264 bytes Name: Intel® HD Graphics Device ID: PCI\VEN_8086&DEV_0046&SUBSYS_040B1028&REV_02\3&11583659&0&10 Driver: C:\WINDOWS\system32\DRIVERS\igxpmp32.sys, 6.14.0010.5284 (English), 7/20/2010 22:57:48, 2003584 bytes Driver: C:\WINDOWS\system32\igxprd32.dll, 6.14.0010.5284 (English), 7/20/2010 22:57:46, 58368 bytes Driver: C:\WINDOWS\system32\igxpgd32.dll, 6.14.0010.5284 (English), 7/20/2010 22:57:46, 182784 bytes Driver: C:\WINDOWS\system32\igxpdv32.dll, 6.14.0010.5284 (English), 7/20/2010 22:57:56, 3482432 bytes Driver: C:\WINDOWS\system32\igxpdx32.dll, 6.14.0010.5284 (English), 7/20/2010 22:58:00, 4123648 bytes Driver: C:\WINDOWS\system32\igxpxk32.vp, 7/20/2010 22:29:16, 58558 bytes Driver: C:\WINDOWS\system32\igxpxs32.vp, 7/20/2010 23:20:44, 34304 bytes Driver: C:\WINDOWS\system32\igxpxa32.vp, 7/20/2010 22:29:18, 1023 bytes Driver: C:\WINDOWS\system32\igxpxa32.cpa, 7/20/2010 22:29:16, 1674683 bytes Driver: C:\WINDOWS\system32\igkrng575.bin, 7/20/2010 22:57:46, 870560 bytes Driver: C:\WINDOWS\system32\igcompkrng575.bin, 7/20/2010 22:57:46, 127868 bytes Driver: C:\WINDOWS\system32\hccutils.dll, 6.15.0010.5284 (English), 7/20/2010 22:36:18, 94720 bytes Driver: C:\WINDOWS\system32\igfxsrvc.dll, 6.15.0010.5284 (English), 7/20/2010 22:36:42, 57344 bytes Driver: C:\WINDOWS\system32\igfxsrvc.exe, 6.15.0010.5284 (English), 7/27/2010 23:33:04, 264216 bytes Driver: C:\WINDOWS\system32\igfxpph.dll, 6.15.0010.5284 (English), 7/20/2010 22:37:00, 194048 bytes Driver: C:\WINDOWS\system32\igfxcpl.cpl, 6.15.0010.5284 (English), 7/20/2010 22:37:00, 115200 bytes Driver: C:\WINDOWS\system32\igfxdev.dll, 6.15.0010.5284 (English), 7/20/2010 22:36:08, 214016 bytes Driver: C:\WINDOWS\system32\igfxdo.dll, 6.15.0010.5284 (English), 7/20/2010 22:36:50, 130048 bytes Driver: C:\WINDOWS\system32\igfxtray.exe, 6.15.0010.5284 (English), 7/27/2010 23:33:08, 136216 bytes Driver: C:\WINDOWS\system32\hkcmd.exe, 6.15.0010.5284 (English), 7/27/2010 23:32:54, 170008 bytes Driver: C:\WINDOWS\system32\igfxress.dll, 6.15.0010.5284 (English), 7/20/2010 22:35:52, 828928 bytes Driver: C:\WINDOWS\system32\igfxpers.exe, 6.15.0010.5284 (English), 7/27/2010 23:33:00, 145432 bytes Driver: C:\WINDOWS\system32\gfxSrvc.dll, 8.15.0010.5284 (English), 7/20/2010 22:36:12, 121344 bytes Driver: C:\WINDOWS\system32\GfxUI.exe, 8.15.0010.5284 (English), 7/27/2010 23:32:50, 3146264 bytes Driver: C:\WINDOWS\system32\GfxUI.exe.config, 7/20/2010 22:34:12, 151 bytes Driver: C:\WINDOWS\system32\IGFXDEVLib.dll, 1.00.0000.0000 (Invariant Language), 7/20/2010 22:36:10, 4096 bytes Driver: C:\WINDOWS\system32\igfxrchs.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:16, 81920 bytes Driver: C:\WINDOWS\system32\igfxrcht.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:18, 81920 bytes Driver: C:\WINDOWS\system32\igfxrdeu.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:20, 86016 bytes Driver: C:\WINDOWS\system32\igfxrenu.lrc, 6.15.0010.5284 (English), 7/20/2010 22:35:52, 85504 bytes Driver: C:\WINDOWS\system32\igfxresn.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:24, 86528 bytes Driver: C:\WINDOWS\system32\igfxrfra.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:20, 86528 bytes Driver: C:\WINDOWS\system32\igfxrita.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:22, 86016 bytes Driver: C:\WINDOWS\system32\igfxrjpn.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:22, 82944 bytes Driver: C:\WINDOWS\system32\igfxrkor.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:22, 82944 bytes Driver: C:\WINDOWS\system32\igfxrptb.lrc, 6.15.0010.5284 (English), 7/20/2010 22:37:24, 85504 bytes Driver: C:\WINDOWS\system32\Gfxres.ar-SA.resources, 7/20/2010 22:37:30, 139901 bytes Driver: C:\WINDOWS\system32\Gfxres.cs-CZ.resources, 7/20/2010 22:37:30, 118754 bytes Driver: C:\WINDOWS\system32\Gfxres.da-DK.resources, 7/20/2010 22:37:32, 114242 bytes Driver: C:\WINDOWS\system32\Gfxres.de-DE.resources, 7/20/2010 22:37:32, 122700 bytes Driver: C:\WINDOWS\system32\Gfxres.el-GR.resources, 7/20/2010 22:37:34, 178400 bytes Driver: C:\WINDOWS\system32\Gfxres.es-ES.resources, 7/20/2010 22:37:36, 122923 bytes Driver: C:\WINDOWS\system32\Gfxres.en-US.resources, 7/20/2010 22:37:16, 110205 bytes Driver: C:\WINDOWS\system32\Gfxres.fi-FI.resources, 7/20/2010 22:37:36, 118677 bytes Driver: C:\WINDOWS\system32\Gfxres.fr-FR.resources, 7/20/2010 22:37:38, 120781 bytes Driver: C:\WINDOWS\system32\Gfxres.he-IL.resources, 7/20/2010 22:37:38, 133740 bytes Driver: C:\WINDOWS\system32\Gfxres.hu-HU.resources, 7/20/2010 22:37:40, 119598 bytes Driver: C:\WINDOWS\system32\Gfxres.it-IT.resources, 7/20/2010 22:37:42, 125547 bytes Driver: C:\WINDOWS\system32\Gfxres.ja-JP.resources, 7/20/2010 22:37:42, 136402 bytes Driver: C:\WINDOWS\system32\Gfxres.ko-KR.resources, 7/20/2010 22:37:44, 123228 bytes Driver: C:\WINDOWS\system32\Gfxres.nb-NO.resources, 7/20/2010 22:37:44, 114833 bytes Driver: C:\WINDOWS\system32\Gfxres.nl-NL.resources, 7/20/2010 22:37:46, 119581 bytes Driver: C:\WINDOWS\system32\Gfxres.pl-PL.resources, 7/20/2010 22:37:48, 118409 bytes Driver: C:\WINDOWS\system32\Gfxres.pt-BR.resources, 7/20/2010 22:37:48, 120360 bytes Driver: C:\WINDOWS\system32\Gfxres.pt-PT.resources, 7/20/2010 22:37:50, 119058 bytes Driver: C:\WINDOWS\system32\Gfxres.ru-RU.resources, 7/20/2010 22:37:50, 165374 bytes Driver: C:\WINDOWS\system32\Gfxres.sk-SK.resources, 7/20/2010 22:37:52, 118049 bytes Driver: C:\WINDOWS\system32\Gfxres.sl-SI.resources, 7/20/2010 22:37:54, 114354 bytes Driver: C:\WINDOWS\system32\Gfxres.sv-SE.resources, 7/20/2010 22:37:54, 119341 bytes Driver: C:\WINDOWS\system32\Gfxres.th-TH.resources, 7/20/2010 22:37:56, 189534 bytes Driver: C:\WINDOWS\system32\Gfxres.tr-TR.resources, 7/20/2010 22:37:56, 121165 bytes Driver: C:\WINDOWS\system32\Gfxres.zh-CN.resources, 7/20/2010 22:37:58, 102872 bytes Driver: C:\WINDOWS\system32\Gfxres.zh-TW.resources, 7/20/2010 22:38:00, 104033 bytes Driver: C:\WINDOWS\system32\igfxext.exe, 6.15.0010.5284 (English), 7/27/2010 23:32:58, 178712 bytes Driver: C:\WINDOWS\system32\igfxexps.dll, 6.15.0010.5284 (English), 7/20/2010 22:36:54, 23552 bytes Driver: C:\WINDOWS\system32\ig4icd32.dll, 6.14.0010.5284 (English), 7/20/2010 22:45:28, 10963456 bytes Driver: C:\WINDOWS\system32\igfxCoIn_v5284.dll, 1.02.0030.0000 (English), 7/20/2010 23:05:50, 81920 bytes Name: Intel® processor DRAM Controller - 0044 Device ID: PCI\VEN_8086&DEV_0044&SUBSYS_00000000&REV_02\3&11583659&0&00 Driver: n/a Name: DW1501 Wireless-N WLAN Half-Mini Card Device ID: PCI\VEN_14E4&DEV_4727&SUBSYS_00101028&REV_01\4&1D521A10&0&00E1 Driver: C:\WINDOWS\system32\DRIVERS\BCMWL5.SYS, 5.60.0048.0035 (English), 2/3/2010 04:47:36, 2696448 bytes Name: OHCI Compliant IEEE 1394 Host Controller Device ID: PCI\VEN_1180&DEV_E832&SUBSYS_040B1028&REV_03\4&DBAB9B0&0&04E2 Driver: C:\WINDOWS\system32\DRIVERS\ohci1394.sys, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 61696 bytes Driver: C:\WINDOWS\system32\DRIVERS\1394bus.sys, 5.01.2600.5689 (English), 10/3/2008 07:12:00, 53504 bytes Driver: C:\WINDOWS\system32\DRIVERS\nic1394.sys, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 61824 bytes Driver: C:\WINDOWS\system32\DRIVERS\arp1394.sys, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 60800 bytes Driver: C:\WINDOWS\system32\DRIVERS\enum1394.sys, 5.01.2600.0000 (English), 8/17/2001 09:46:40, 6400 bytes Name: Ricoh PCIe SD/MMC Host Controller Device ID: PCI\VEN_1180&DEV_E822&SUBSYS_040B1028&REV_03\4&DBAB9B0&0&01E2 Driver: C:\WINDOWS\system32\DRIVERS\risdpe86.sys, 6.10.0002.0022 (Japanese), 3/19/2010 17:39:08, 59904 bytes Driver: C:\WINDOWS\system32\RiSDIcon.dll, 1.00.0000.0001 (Japanese), 5/28/2009 19:24:38, 196608 bytes Driver: C:\WINDOWS\system32\RiMMCIcon.dll, 1.00.0000.0001 (Japanese), 5/28/2009 19:24:16, 188416 bytes Name: Generic CardBus Controller Device ID: PCI\VEN_1180&DEV_E476&SUBSYS_040B1028&REV_02\4&DBAB9B0&0&00E2 Driver: C:\WINDOWS\system32\DRIVERS\pcmcia.sys, 5.01.2600.5512 (English), 4/13/2008 19:00:00, 120192 bytes ------------------ DirectX Components ------------------ ddraw.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 279552 bytes ddrawex.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 27136 bytes dxapi.sys: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 10496 bytes d3d8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 1179648 bytes d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 8192 bytes d3d9.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 1689088 bytes d3dim.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 436224 bytes d3dim700.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 824320 bytes d3dramp.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 590336 bytes d3drm.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 350208 bytes d3dxof.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 47616 bytes d3dpmesh.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 34816 bytes dplay.dll: 5.00.2134.0001 English Final Retail 4/13/2008 19:00:00 33040 bytes dplayx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 229888 bytes dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 23552 bytes dpwsock.dll: 5.00.2134.0001 English Final Retail 4/13/2008 19:00:00 42768 bytes dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 57344 bytes dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 29696 bytes dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 17920 bytes dpnet.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 375296 bytes dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 3072 bytes dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 3072 bytes dpvoice.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 212480 bytes dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 83456 bytes dpvvox.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 116736 bytes dpvacm.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 21504 bytes dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 35328 bytes dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 60928 bytes dpserial.dll: 5.00.2134.0001 English Final Retail 4/13/2008 19:00:00 53520 bytes dinput.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 158720 bytes dinput8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 181760 bytes dimap.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 44032 bytes diactfrm.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 394240 bytes joy.cpl: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 68608 bytes gcdef.dll: 5.01.2600.0000 English Final Retail 4/13/2008 19:00:00 76800 bytes pid.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 35328 bytes dsound.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 367616 bytes dsound3d.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 1293824 bytes dswave.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 19456 bytes dsdmo.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 181248 bytes dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 71680 bytes dmusic.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 104448 bytes dmband.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 28672 bytes dmcompos.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 61440 bytes dmime.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 181248 bytes dmloader.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 35840 bytes dmstyle.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 105984 bytes dmsynth.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 103424 bytes dmscript.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 82432 bytes dx7vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 619008 bytes dx8vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 1227264 bytes dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 2113536 bytes mfc40.dll: 4.01.0000.6151 English Beta Retail 9/18/2010 02:53:25 954368 bytes mfc42.dll: 6.02.8081.0000 English Final Retail 2/8/2011 09:33:55 978944 bytes wsock32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 19:00:00 22528 bytes amstream.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 70656 bytes devenum.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 59904 bytes dxmasf.dll: 6.04.0009.1133 English Final Retail 4/13/2008 19:00:00 498742 bytes mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 35328 bytes mpg2splt.ax: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 148992 bytes msdmo.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 14336 bytes encapi.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 20480 bytes qasf.dll: 11.00.5721.5145 English Final Retail 10/18/2006 22:47:18 211456 bytes qcap.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 192512 bytes qdv.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 279040 bytes qdvd.dll: 6.05.2600.6169 English Final Retail 11/3/2011 11:28:36 386048 bytes qedit.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 562176 bytes qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 733696 bytes quartz.dll: 6.05.2600.6169 English Final Retail 11/3/2011 11:28:36 1292288 bytes strmdll.dll: 4.01.0000.3938 English Final Retail 8/26/2009 04:00:21 247326 bytes iac25_32.ax: 2.00.0005.0053 English Final Retail 4/13/2008 19:00:00 199680 bytes ir41_32.ax: 4.51.0016.0003 English Final Retail 4/13/2008 19:00:00 848384 bytes ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/13/2008 19:00:00 120320 bytes ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/13/2008 19:00:00 338432 bytes ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/13/2008 19:00:00 755200 bytes ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/13/2008 19:00:00 200192 bytes ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/13/2008 19:00:00 183808 bytes ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/13/2008 19:00:00 154624 bytes mswebdvd.dll: 6.05.2600.5857 English Final Retail 8/5/2009 05:01:48 204800 bytes ks.sys: 5.03.2600.5512 English Final Retail 4/14/2008 01:46:38 141056 bytes ksproxy.ax: 5.03.2600.5512 English Final Retail 4/14/2008 06:42:44 129536 bytes ksuser.dll: 5.03.2600.5512 English Final Retail 4/14/2008 06:41:58 4096 bytes stream.sys: 5.03.2600.5512 English Final Retail 4/14/2008 01:15:16 49408 bytes mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:52 5376 bytes mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 20:09:52 4992 bytes mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:54 7552 bytes swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 4352 bytes mstee.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:52 5504 bytes ipsink.ax: 5.03.2600.5512 English Final Retail 4/14/2008 01:42:44 16384 bytes mpeg2data.ax: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 118272 bytes ndisip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:24 10880 bytes streamip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:22 15232 bytes msvidctl.dll: 6.05.2600.5512 English Final Retail 4/13/2008 19:00:00 1428992 bytes slip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:24 11136 bytes nabtsfec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:26 85248 bytes ccdecode.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:24 17024 bytes vbisurf.ax: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 30208 bytes msyuv.dll: 5.03.2600.5908 English Final Retail 11/27/2009 13:11:44 17920 bytes kstvtune.ax: 5.03.2600.5512 English Final Retail 4/14/2008 06:42:44 61952 bytes ksxbar.ax: 5.03.2600.5512 English Final Retail 4/14/2008 06:42:44 43008 bytes kswdmcap.ax: 5.03.2600.5512 English Final Retail 4/14/2008 06:42:44 91136 bytes vfwwdm32.dll: 5.01.2600.5512 English Final Retail 4/14/2008 06:42:10 53760 bytes wstcodec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 20:16:26 19200 bytes wstdecod.dll: 5.03.2600.5512 English Final Retail 4/13/2008 19:00:00 50688 bytes ------------------ DirectShow Filters ------------------ WDM Streaming VBI Codecs: NABTS/FEC VBI Codec,0x00200000,2,1,,5.03.2600.5512 CC Decoder,0x00200000,2,1,,5.03.2600.5512 WST Codec,0x00200000,1,1,,5.03.2600.5512 DirectShow Filters: WMAudio Decoder DMO,0x00800800,1,1,, WMAPro over S/PDIF DMO,0x00600800,1,1,, WMA Voice Decoder DMO,0x00600800,1,1,, G2M Session Decoder,0x00600000,1,1,, Mpeg4s Decoder DMO,0x00800001,1,1,, WMV Screen decoder DMO,0x00800001,1,1,, WMVideo Decoder DMO,0x00800001,1,1,, Mpeg43 Decoder DMO,0x00800001,1,1,, Mpeg4 Decoder DMO,0x00800001,1,1,, WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000 CyberLink AudioCD Filter,0x00600000,0,1,CLAudioCD.ax,5.00.0000.4417 Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.6169 DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512 Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.6169 WM ASF Reader,0x00400000,0,0,qasf.dll,11.00.5721.5145 Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5145 AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.6169 WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.6169 Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055 Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487 CyberLink DVD Navigator,0x00200000,0,3,CLNavX.ax,8.00.0000.2808 AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512 WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2600.6076 WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6169 Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055 WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000 Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487 MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.6169 SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.6169 CyberLink Audio Spectrum Analyzer,0x00200000,1,1,CLAudSpa.ax,1.00.0000.0924 MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.06.0000.0052 MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2600.5512 ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000 Canon MDP Motion-JPEG Decoder,0x00200000,1,1,CanonMDPMJPEGDecoder.ax,3.03.0000.0006 CyberLink Demultiplexer,0x00200000,1,0,cldemuxer.ax,1.00.0000.4528 Canon Motion-JPEG Encoder,0x00200000,1,1,CanonMJPEGEncoder.ax,3.02.0000.0004 Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6169 MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.6169 File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,11.00.5721.5145 WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000 Canon Mov File Parser Filter,0x00600001,1,1,CanonH264Filter.ax,1.09.0000.0008 DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512 Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487 Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.6169 Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000 WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASX file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145 NSC file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.6169 Windows Media source filter,0x00600000,0,2,wmpasf.dll,11.00.5721.5145 Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.6169 Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2600.6076 Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.6169 Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.6169 WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512 Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.6169 WM ASF Writer,0x00400000,0,0,qasf.dll,11.00.5721.5145 WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Canon Custom Resizer SaveMode,0x00200000,1,1,CanonDESResizer.ax,3.02.0000.0009 VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512 Canon Text Source Filter,0x00200000,0,1,CanonTextSourceFilter.ax,3.02.0000.0013 Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4504 CyberLink Audio Decoder,0x00200000,1,1,Claud.ax,6.03.0000.1124 File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512 Canon Image Rotation Filter,0x00200000,1,1,CanonRotateFilter.dll,1.08.0001.0029 Canon Motion-JPEG Decoder,0x00200001,1,1,CanonMJPEGDecoder.ax,3.02.0000.0006 WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000 DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.6169 Canon Mov File Parser Filter2,0x00600001,0,1,CanonH264Filter.ax,1.09.0000.0008 Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.6169 CyberLink TimeStretch Filter,0x00200000,1,1,clauts.ax,1.00.0000.5423 AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.6169 .RAM file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145 CyberLink Audio Effect,0x00200000,1,1,CLAudFx.ax,6.00.0000.5723 WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000 MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2600.5512 DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512 Canon Actual Data Length Setter,0x00200000,1,1,CanonActualDataLengthSetter.ax,3.02.0000.0005 Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053 CyberLink Tzan Filter,0x00200000,1,1,CLTzan.ax,3.00.0000.2514 Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,11.00.5721.5145 Canon H.264 Decode Filter,0x00600001,1,1,CanonH264Filter.ax,1.09.0000.0008 ASF DIB Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF ACM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF ICM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF URL Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145 9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000 Cyberlink SubTitle Importor,0x00200000,1,1,CLSubTitle.ax,1.00.0000.4716 Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5512 Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5512 WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000 WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Canon H.264 Encoder 1.8.0,0x00200001,1,1,CanonH264Encoder.ax,1.08.0000.0001 StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2600.6076 Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512 Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.6169 CyberLink Video Effect,0x00200000,1,1,CLVidFx.ax,1.00.0000.1523 CyberLink Video/SP Decoder,0x00600000,2,3,CLVSD.ax,8.02.0000.1117 AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6169 Canon Resizer,0x00200000,1,1,CanonResizer.ax,3.02.0000.0006 Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.6169 QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.6169 Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.6169 MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.6169 Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.6169 File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.6169 XML Playlist,0x00400000,1,0,wmpasf.dll,11.00.5721.5145 Canon WAV Dest,0x00200000,0,0,CanonWavDest.ax,3.02.0000.0004 CyberLink Line21 Decoder Filter,0x00200000,0,2,CLLine21.ax,4.00.0000.9027 AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512 Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.6169 File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.6169 File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.6169 WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000 Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512 QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.6169 MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.6169 psWav Dest,0x00200000,0,0,psWavDes.ax,1.01.0000.0002 Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003 Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003 WDM Streaming Tee/Splitter Devices: Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512 WDM Streaming Data Transforms: Microsoft Kernel Acoustic Echo Canceller,0x00000000,0,0,, Microsoft Kernel GS Wavetable Synthesizer,0x00200000,1,1,,5.03.2600.5512 Microsoft Kernel DLS Synthesizer,0x00200000,1,1,,5.03.2600.5512 Microsoft Kernel DRM Audio Descrambler,0x00200000,1,1,,5.03.2600.5512 Video Compressors: WMVideo8 Encoder DMO,0x00600800,1,1,, MSScreen encoder DMO,0x00600800,1,1,, WMVideo9 Encoder DMO,0x00600800,1,1,, MSScreen 9 encoder DMO,0x00600800,1,1,, DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512 Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055 MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.6169 Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512 Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512 Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512 Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512 Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512 Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512 Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512 Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512 Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512 Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512 Audio Compressors: WMA Voice Encoder DMO,0x00600800,1,1,, WM Speech Encoder DMO,0x00600800,1,1,, WMAudio Encoder DMO,0x00600800,1,1,, IAC2,0x00200000,1,1,quartz.dll,6.05.2600.6169 IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6169 PCM,0x00200000,1,1,quartz.dll,6.05.2600.6169 Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.6169 ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.6169 DSP Group TrueSpeech,0x00200000,1,1,quartz.dll,6.05.2600.6169 Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.6169 Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.6169 GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.6169 Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.6169 CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.6169 CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.6169 MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.6169 Audio Capture Sources: IDT Audio,0x00200000,0,0,qcap.dll,6.05.2600.5512 Midi Renderers: Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.6169 Microsoft GS Wavetable SW Synth,0x00200000,1,0,quartz.dll,6.05.2600.6169 WDM Streaming Capture Devices: IDT Audio,0x00000000,0,0,, Integrated Webcam,0x00200000,1,1,,5.03.2600.5512 WDM Streaming Rendering Devices: IDT Audio,0x00000000,0,0,, BDA Rendering Filters: BDA IP Sink,0x00200000,1,1,,5.03.2600.5512 Video Capture Sources: Integrated Webcam,0x00200000,1,1,,5.03.2600.5512 WDM Streaming Mixer Devices: Microsoft Kernel Wave Audio Mixer,0x00000000,0,0,, BDA CP/CA Filters: Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2600.6161 Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2600.6161 XDS Codec,0x00200000,0,0,encdec.dll,6.05.2600.6161 WDM Streaming Communication Transforms: Tee/Sink-to-Sink Converter,0x00200000,1,1,,5.03.2600.5512 Audio Renderers: IDT Audio,0x00200000,1,0,quartz.dll,6.05.2600.6169 CyberLink Audio Renderer,0x00200000,1,0,cladr.ax,6.00.0000.5222 Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.6169 Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.6169 DirectSound: IDT Audio,0x00200000,1,0,quartz.dll,6.05.2600.6169 WDM Streaming System Devices: IDT Audio,0x00200000,9,2,,5.03.2600.5512 BDA Receiver Component: BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5512 ====