Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Wife´s Lap Infected [Solved]


  • This topic is locked This topic is locked

#1
hcelizondo

hcelizondo

    Member

  • Member
  • PipPip
  • 32 posts
Hi Guys, mi wife's lap is infected. I barely use this computer but today i was updating itunes and then i received a message indicating me that the McAffee suscription had expired. I have been trying to test MSE for some time and I thought it was the perfect chance to do it. I proceed to uninstall McAffee and after googling for the MSE dowload page it took me to a porn site.... after that i managed to download MSE but it simple doesn´t start. So it´s clear for me that it is infected :(. Here is the OTL log:

Thanks in advance for your help
***************************
OTL logfile created on: 31/10/2012 20:49:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Patty\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: México | Language: ESM | Date Format: dd/MM/yyyy

2,91 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 45,10% Memory free
5,82 Gb Paging File | 3,39 Gb Available in Paging File | 58,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220,69 Gb Total Space | 172,30 Gb Free Space | 78,08% Space Free | Partition Type: NTFS
Drive E: | 62,64 Gb Total Space | 49,99 Gb Free Space | 79,81% Space Free | Partition Type: FAT32

Computer Name: PATTY-PC | User Name: Patty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Patty\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll ()
MOD - C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_es_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll ()


========== Services (SafeList) ==========

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NisSrv) -- c:\Archivos de programa\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Archivos de programa\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (STacSV) -- C:\Archivos de programa\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV - (EvtEng) -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (MyWiFiDHCPDNS) -- C:\Archivos de programa\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV - (RegSrvc) -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (wlcrasvc) -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (osppsvc) -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Archivos de programa\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (epmntdrv) -- C:\Windows\SysNative\epmntdrv.sys ()
DRV:64bit: - (EuGdiDrv) -- C:\Windows\SysNative\EuGdiDrv.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys (Research in Motion Ltd)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (pavboot) -- C:\Windows\SysNative\drivers\pavboot64.sys (Panda Security, S.L.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\SysWOW64\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\SysWOW64\EuGdiDrv.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/22
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Patty\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Patty\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Patty\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/26 22:32:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:32:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/08 12:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/26 22:32:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/26 18:32:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/02 18:11:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Extensions
[2012/10/26 15:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patty\AppData\Roaming\mozilla\Firefox\Profiles\1txoolt0.default\extensions
[2012/10/26 18:32:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/10/26 18:32:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/10/26 18:32:34 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 20:00:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/20 09:09:37 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Patty\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Patty\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120830160508.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120830160508.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Archivos de programa\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Archivos de programa\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Archivos de programa\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MHWDFSXR] C:\Users\Patty\AppData\Roaming\nlsbresd.dll ()
O4 - Startup: C:\Users\Patty\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{866D97DA-7F33-457A-B6DD-94B6144EFDCE}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06FA93F-3A43-49DE-B5B6-A6FF21BA541C}: DhcpNameServer = 172.5.1.161
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2f921d5f-b4a4-11e0-b964-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2f921d5f-b4a4-11e0-b964-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 20:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/10/31 20:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/10/31 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Roaming\Malwarebytes
[2012/10/31 15:35:36 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{148187C9-03B6-4F01-957E-416C083CB11F}
[2012/10/31 15:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/31 15:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/31 15:30:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/31 15:30:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/10/31 15:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/31 15:10:10 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{189DE18B-7AD3-4FA3-8F69-72CFAAA939AC}
[2012/10/27 08:13:27 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{21741ABB-5D0E-4DE4-80D4-F3901F0A18AC}
[2012/10/26 18:32:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/26 17:20:02 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{2FC73D52-6B27-4D8A-A204-793D2C689111}
[2012/10/26 15:13:21 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{80B2E84F-1921-485B-853A-7F4BC9ED0581}
[2012/10/23 11:49:12 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{7B6F927D-4CD5-4AE7-B929-776ABF31370A}
[2012/10/22 16:07:53 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{93FA5C45-045C-48A5-A1B6-843F64EFB65A}
[2012/10/18 13:19:26 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{DCCC2940-6680-48B4-A026-F07B702C8389}
[2012/10/13 08:12:07 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{9744576C-571A-437A-9FA6-E3310DA5DDF5}
[2012/10/10 09:41:51 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{C9F67D13-5772-47BD-A4DF-D62E6266D5AF}
[2012/10/08 08:20:34 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{08D6F5E1-E275-4965-9D5B-D1CDF20872DE}
[2012/10/05 22:51:48 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{8BF9F4BF-A29E-4017-9BFD-7C53FB3AA8AA}
[2012/10/05 10:18:45 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{4E91E815-F85D-4B69-9C4F-C7E086005BB0}
[2012/10/04 12:46:52 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{F48DD61F-C805-472D-8557-7C5E7A0BC85D}
[2012/10/03 09:14:13 | 000,000,000 | ---D | C] -- C:\Users\Patty\AppData\Local\{AB4FAD8B-98A7-4B40-8130-DCFDEE2391FC}

========== Files - Modified Within 30 Days ==========

[2012/10/31 20:52:05 | 000,001,046 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
[2012/10/31 20:39:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:39:26 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 20:37:12 | 001,702,308 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/31 20:37:12 | 000,760,998 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2012/10/31 20:37:12 | 000,657,274 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/31 20:37:12 | 000,163,374 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2012/10/31 20:37:12 | 000,125,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/31 20:31:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/31 20:31:38 | 2342,916,096 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 20:29:07 | 000,001,912 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/10/31 20:23:59 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/31 19:10:00 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003UA.job
[2012/10/31 19:03:01 | 000,001,066 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
[2012/10/31 16:52:06 | 000,000,994 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
[2012/10/31 16:10:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003Core.job
[2012/10/31 16:03:00 | 000,001,044 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
[2012/10/31 15:30:53 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/23 22:00:31 | 000,135,755 | ---- | M] () -- C:\wubildr
[2012/10/13 10:00:39 | 000,086,016 | RHS- | M] () -- C:\Users\Patty\AppData\Roaming\nlsbresd.dll
[2012/10/10 09:53:40 | 000,002,487 | ---- | M] () -- C:\Users\Patty\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/10/31 20:29:07 | 000,001,912 | ---- | C] () -- C:\windows\epplauncher.mif
[2012/10/31 20:29:00 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/10/31 15:30:53 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/23 22:00:32 | 000,135,755 | ---- | C] () -- C:\wubildr
[2012/10/13 10:00:39 | 000,086,016 | RHS- | C] () -- C:\Users\Patty\AppData\Roaming\nlsbresd.dll
[2012/09/19 14:35:27 | 000,019,840 | ---- | C] () -- C:\windows\SysWow64\EuEpmGdi.dll
[2012/09/19 14:35:26 | 002,468,520 | ---- | C] () -- C:\windows\SysWow64\BootMan.exe
[2012/09/19 14:35:24 | 000,086,408 | ---- | C] () -- C:\windows\SysWow64\setupempdrv03.exe
[2012/09/19 14:35:24 | 000,008,456 | ---- | C] () -- C:\windows\SysWow64\EuGdiDrv.sys
[2012/09/19 14:35:23 | 000,014,216 | ---- | C] () -- C:\windows\SysWow64\epmntdrv.sys
[2012/02/26 22:25:19 | 000,230,495 | ---- | C] () -- C:\windows\hpoins46.dat
[2012/02/23 15:44:23 | 000,006,656 | ---- | C] () -- C:\Users\Patty\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/05 21:29:16 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\OpenVideo.dll
[2011/07/22 17:15:50 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/07/22 17:15:49 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/07/22 17:15:49 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/07/22 17:15:48 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/07/22 17:15:48 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/07/22 17:15:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/07/22 17:14:59 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/07/22 17:14:59 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/07/22 17:14:59 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/22 17:14:59 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/07/22 17:14:59 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/07/22 17:14:59 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/07/22 17:14:59 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/07/22 15:23:49 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/07/22 15:11:00 | 001,680,282 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/07/22 15:05:17 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/04 16:54:20 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Blackberry Desktop
[2012/03/21 11:00:07 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Fingertapps
[2012/07/02 21:15:13 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\IDT
[2011/07/30 15:38:24 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\OpenOffice.org
[2011/08/04 10:03:16 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\PCDr
[2012/02/12 20:56:19 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Research In Motion
[2012/08/30 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\SoftGrid Client
[2011/09/02 18:11:05 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\Thunderbird
[2011/07/30 18:00:28 | 000,000,000 | ---D | M] -- C:\Users\Patty\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Gringo,
First of all thank you so much for your help.

Security check log:
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.1 Adobe Reader out of Date!
Mozilla Firefox (16.0.2)
Mozilla Thunderbird (6.0.1) Thunderbird out of Date!
Google Chrome 20.0.1132.47
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
  • 0

#4
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
adwcleaner log:
# AdwCleaner v2.006 - Fichero creado el 01/11/2012 a 07:39:36
# Actualizado el 30/10/2012 por Xplode
# Sistema operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Usuario : Patty - PATTY-PC
# Modo de inicio : Normal
# Ejecutado desde : C:\Users\Patty\Downloads\adwcleaner.exe
# Opción [Supresión]


***** [Servicios] *****


***** [Ficheros / Carpetas] *****

Carpeta Suprimido : C:\Program Files (x86)\Ask.com
Carpeta Suprimido : C:\ProgramData\Ask
Carpeta Suprimido : C:\Users\Hector\AppData\LocalLow\AskToolbar
Carpeta Suprimido : C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\bk9s1kn1.default\extensions\[email protected]
Carpeta Suprimido : C:\Users\Patty\AppData\LocalLow\AskToolbar
Carpeta Suprimido : C:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Fichero Suprimido : C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\bk9s1kn1.default\searchplugins\Askcom.xml

***** [Registro] *****

Clave Supprimida : HKCU\Software\APN
Clave Supprimida : HKCU\Software\AppDataLow\Software
Clave Supprimida : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Clave Supprimida : HKCU\Software\Softonic
Clave Supprimida : HKLM\Software\APN
Clave Supprimida : HKLM\Software\AskToolbar
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Clave Supprimida : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Clave Supprimida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Clave Supprimida : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Clave Supprimida : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Clave Supprimida : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Clave Supprimida : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Clave Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Clave Supprimida : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Clave Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Valor Supprimida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Valor Supprimida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Navegadores] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] El registro no contiene ninguna entrada ilegítima.

-\\ Mozilla Firefox v16.0.2 (en-US)

Nombre del perfil : default
Fichero : C:\Users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\1txoolt0.default\prefs.js

Supprimida : user_pref("browser.search.defaultengine", "Ask.com");
Supprimida : user_pref("browser.search.defaultenginename", "Ask.com");
Supprimida : user_pref("browser.search.order.1", "Ask.com");
Supprimida : user_pref("browser.search.selectedEngine", "Ask.com");
Supprimida : user_pref("extensions.asktb.ff-original-keyword-url", "");

Nombre del perfil : default
Fichero : C:\Users\Hector\AppData\Roaming\Mozilla\Firefox\Profiles\bk9s1kn1.default\prefs.js

Supprimida : user_pref("browser.search.defaultengine", "Ask.com");
Supprimida : user_pref("browser.search.defaultenginename", "Ask.com");
Supprimida : user_pref("browser.search.order.1", "Ask.com");
Supprimida : user_pref("browser.search.selectedEngine", "Ask.com");
Supprimida : user_pref("extensions.asktb.ff-original-keyword-url", "");

-\\ Google Chrome v22.0.1229.94

Fichero : C:\Users\Patty\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] El fichero no contiene ninguna entrada ilegítima.

*************************

AdwCleaner[S1].txt - [4935 octets] - [01/11/2012 07:39:36]

########## EOF - C:\AdwCleaner[S1].txt - [4995 octets] ##########
  • 0

#5
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
RogueKiller:
RogueKiller V8.2.1 [10/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Patty [Admin rights]
Mode : Remove -- Date : 11/01/2012 08:03:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : MHWDFSXR (rundll32 "C:\Users\Patty\AppData\Roaming\nlsbresd.dll",Rpfikn) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-75ZEST0 +++++
--- User ---
[MBR] 2f1157d8f890a62424bac69cb3161f96
[BSP] f6576b2712478cda73e4b47768909947 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 225983 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 493741710 | Size: 64158 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi the computer seems to be doing much better now. MSE is able to run now on the system (I had to disable it for Combofix). However Combofix stalled. It did finish, deleted 3 files but it freezed on the perparing log report step. It's been there for 20 minutes not doinf anything. Do you want me to run it again?
  • 0

#8
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
after waiting another 10 minutes the log finally popped up:

ComboFix 12-10-31.03 - Patty 01/11/2012 10:46:31.1.4 - x64
Running from: c:\users\Patty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Patty\AppData\Roaming\nlsbresd.dll
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 16:57 . 2012-11-01 16:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-01 16:57 . 2012-11-01 16:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 02:42 . 2012-11-01 02:42 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43F7A5FB-0ECA-4998-9439-923EE0731DA3}\gapaengine.dll
2012-11-01 02:42 . 2012-10-12 06:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBFB3E1A-FA3D-45DF-8025-4312A15C05CF}\mpengine.dll
2012-11-01 02:28 . 2012-11-01 02:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-01 02:28 . 2012-11-01 02:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-01 02:22 . 2012-11-01 02:22 -------- d-----w- c:\users\Patty\AppData\Roaming\Malwarebytes
2012-10-31 21:30 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files\iPod
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files\iTunes
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 15:50 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 15:50 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 15:50 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 15:50 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 15:50 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 15:50 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 15:48 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 15:48 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 15:48 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 15:48 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 15:48 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 15:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 15:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 15:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:27 . 2012-01-04 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-30 01:54 . 2012-08-31 13:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 14:11 . 2012-08-31 14:11 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 14:11 . 2011-07-30 20:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 04:03 . 2012-08-31 04:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 21:04 . 2012-08-30 21:04 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-24 11:15 . 2012-09-24 03:08 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 03:08 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 03:09 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 03:09 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 03:09 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 03:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 03:09 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 03:09 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 03:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 03:09 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 03:09 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 03:09 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 03:09 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 03:09 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 03:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 03:09 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 03:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 03:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 03:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 03:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 03:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 03:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 15:27 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:27 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:27 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:27 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-30 20:31 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 19:01 . 2011-07-30 21:30 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 19:01 . 2011-07-30 21:30 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 15:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-01 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-02 1255736]
R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Controlador del adaptador Intel® Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
- c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 20:58]
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
- c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 20:58]
.
2012-10-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003Core.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 21:05]
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003UA.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 21:05]
.
2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
- c:\users\Patty\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:58]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
- c:\users\Patty\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\1txoolt0.default\
FF - ExtSQL: !HIDDEN! 2012-02-26 22:32; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-01 11:16:49
ComboFix-quarantined-files.txt 2012-11-01 17:16
ComboFix2.txt 2012-08-29 21:18
.
Pre-Run: 185,704,644,608 bytes libres
Post-Run: 185,702,240,256 bytes libres
.
- - End Of File - - 7556723CB257BC1F4E7CF32F631A7364
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#10
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
TDSSKiller:
13:14:41.0078 8136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:14:41.0671 8136 ============================================================
13:14:41.0671 8136 Current date / time: 2012/11/01 13:14:41.0671
13:14:41.0671 8136 SystemInfo:
13:14:41.0671 8136
13:14:41.0671 8136 OS Version: 6.1.7601 ServicePack: 1.0
13:14:41.0671 8136 Product type: Workstation
13:14:41.0671 8136 ComputerName: PATTY-PC
13:14:41.0671 8136 UserName: Patty
13:14:41.0671 8136 Windows directory: C:\windows
13:14:41.0671 8136 System windows directory: C:\windows
13:14:41.0671 8136 Running under WOW64
13:14:41.0671 8136 Processor architecture: Intel x64
13:14:41.0671 8136 Number of processors: 4
13:14:41.0671 8136 Page size: 0x1000
13:14:41.0671 8136 Boot type: Normal boot
13:14:41.0671 8136 ============================================================
13:14:42.0576 8136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:14:42.0654 8136 ============================================================
13:14:42.0654 8136 \Device\Harddisk0\DR0:
13:14:42.0654 8136 MBR partitions:
13:14:42.0654 8136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
13:14:42.0654 8136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x1B95FE8E
13:14:42.0654 8136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D6DE68E, BlocksNum 0x7D4F033
13:14:42.0654 8136 ============================================================
13:14:42.0716 8136 C: <-> \Device\Harddisk0\DR0\Partition2
13:14:42.0763 8136 E: <-> \Device\Harddisk0\DR0\Partition3
13:14:42.0763 8136 ============================================================
13:14:42.0763 8136 Initialize success
13:14:42.0763 8136 ============================================================
13:14:56.0663 3228 ============================================================
13:14:56.0663 3228 Scan started
13:14:56.0663 3228 Mode: Manual;
13:14:56.0663 3228 ============================================================
13:14:56.0959 3228 ================ Scan system memory ========================
13:14:56.0959 3228 System memory - ok
13:14:56.0959 3228 ================ Scan services =============================
13:14:57.0287 3228 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:14:57.0287 3228 1394ohci - ok
13:14:57.0333 3228 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:14:57.0349 3228 ACPI - ok
13:14:57.0380 3228 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:14:57.0380 3228 AcpiPmi - ok
13:14:57.0474 3228 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:14:57.0474 3228 AdobeARMservice - ok
13:14:57.0536 3228 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
13:14:57.0552 3228 adp94xx - ok
13:14:57.0630 3228 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
13:14:57.0645 3228 adpahci - ok
13:14:57.0661 3228 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
13:14:57.0661 3228 adpu320 - ok
13:14:57.0692 3228 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:14:57.0692 3228 AeLookupSvc - ok
13:14:57.0770 3228 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:14:57.0786 3228 AESTFilters - ok
13:14:57.0833 3228 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:14:57.0848 3228 AFD - ok
13:14:57.0879 3228 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:14:57.0879 3228 agp440 - ok
13:14:57.0895 3228 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:14:57.0895 3228 ALG - ok
13:14:57.0926 3228 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:14:57.0926 3228 aliide - ok
13:14:57.0942 3228 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:14:57.0957 3228 amdide - ok
13:14:57.0989 3228 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
13:14:57.0989 3228 AmdK8 - ok
13:14:58.0020 3228 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
13:14:58.0020 3228 AmdPPM - ok
13:14:58.0051 3228 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:14:58.0051 3228 amdsata - ok
13:14:58.0098 3228 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
13:14:58.0098 3228 amdsbs - ok
13:14:58.0113 3228 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:14:58.0129 3228 amdxata - ok
13:14:58.0191 3228 [ 24ED0EB2B2558970176ECEE680F8F806 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
13:14:58.0191 3228 ApfiltrService - ok
13:14:58.0238 3228 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:14:58.0238 3228 AppID - ok
13:14:58.0269 3228 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:14:58.0269 3228 AppIDSvc - ok
13:14:58.0316 3228 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:14:58.0316 3228 Appinfo - ok
13:14:58.0379 3228 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:14:58.0379 3228 Apple Mobile Device - ok
13:14:58.0457 3228 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
13:14:58.0472 3228 arc - ok
13:14:58.0503 3228 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
13:14:58.0503 3228 arcsas - ok
13:14:58.0628 3228 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:14:58.0659 3228 aspnet_state - ok
13:14:58.0691 3228 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:14:58.0691 3228 AsyncMac - ok
13:14:58.0722 3228 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:14:58.0722 3228 atapi - ok
13:14:58.0784 3228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:14:58.0800 3228 AudioEndpointBuilder - ok
13:14:58.0815 3228 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:14:58.0815 3228 AudioSrv - ok
13:14:58.0862 3228 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:14:58.0862 3228 AxInstSV - ok
13:14:58.0925 3228 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
13:14:58.0940 3228 b06bdrv - ok
13:14:58.0971 3228 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:14:58.0971 3228 b57nd60a - ok
13:14:59.0096 3228 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
13:14:59.0112 3228 BBSvc - ok
13:14:59.0127 3228 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
13:14:59.0127 3228 BBUpdate - ok
13:14:59.0174 3228 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:14:59.0190 3228 BDESVC - ok
13:14:59.0221 3228 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:14:59.0221 3228 Beep - ok
13:14:59.0268 3228 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:14:59.0283 3228 BFE - ok
13:14:59.0330 3228 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
13:14:59.0377 3228 BITS - ok
13:14:59.0424 3228 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:14:59.0424 3228 blbdrive - ok
13:14:59.0564 3228 [ 6D625A18DDFCD0464B914B71293AD837 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
13:14:59.0595 3228 Bluetooth Device Monitor - ok
13:14:59.0673 3228 [ 74B2BF80D966CFE8BC8005D19E40608D ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
13:14:59.0705 3228 Bluetooth Media Service - ok
13:14:59.0767 3228 [ 707BF27D30ADAB7798C69D5BF41C7131 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
13:14:59.0814 3228 Bluetooth OBEX Service - ok
13:14:59.0892 3228 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:14:59.0892 3228 Bonjour Service - ok
13:14:59.0923 3228 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:14:59.0923 3228 bowser - ok
13:14:59.0939 3228 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
13:14:59.0954 3228 BrFiltLo - ok
13:14:59.0970 3228 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
13:14:59.0970 3228 BrFiltUp - ok
13:15:00.0017 3228 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
13:15:00.0032 3228 BridgeMP - ok
13:15:00.0079 3228 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
13:15:00.0079 3228 Browser - ok
13:15:00.0110 3228 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:15:00.0126 3228 Brserid - ok
13:15:00.0157 3228 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:15:00.0157 3228 BrSerWdm - ok
13:15:00.0188 3228 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:15:00.0188 3228 BrUsbMdm - ok
13:15:00.0188 3228 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:15:00.0204 3228 BrUsbSer - ok
13:15:00.0251 3228 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:15:00.0251 3228 BthEnum - ok
13:15:00.0282 3228 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
13:15:00.0282 3228 BTHMODEM - ok
13:15:00.0313 3228 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:15:00.0329 3228 BthPan - ok
13:15:00.0375 3228 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
13:15:00.0407 3228 BTHPORT - ok
13:15:00.0438 3228 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:15:00.0438 3228 bthserv - ok
13:15:00.0453 3228 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
13:15:00.0453 3228 BTHUSB - ok
13:15:00.0485 3228 [ 3676BEAA7D842047D30E95D59B241F22 ] btmaux C:\windows\system32\DRIVERS\btmaux.sys
13:15:00.0500 3228 btmaux - ok
13:15:00.0563 3228 [ FA0E7B5AFB8FD335234916764A2D6CF9 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys
13:15:00.0578 3228 btmhsf - ok
13:15:00.0609 3228 catchme - ok
13:15:00.0641 3228 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:15:00.0656 3228 cdfs - ok
13:15:00.0703 3228 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:15:00.0703 3228 cdrom - ok
13:15:00.0750 3228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:15:00.0750 3228 CertPropSvc - ok
13:15:00.0765 3228 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
13:15:00.0765 3228 circlass - ok
13:15:00.0797 3228 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:15:00.0797 3228 CLFS - ok
13:15:00.0859 3228 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:15:00.0859 3228 clr_optimization_v2.0.50727_32 - ok
13:15:00.0906 3228 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:15:00.0921 3228 clr_optimization_v2.0.50727_64 - ok
13:15:01.0015 3228 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:15:01.0046 3228 clr_optimization_v4.0.30319_32 - ok
13:15:01.0077 3228 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:15:01.0093 3228 clr_optimization_v4.0.30319_64 - ok
13:15:01.0124 3228 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:15:01.0124 3228 CmBatt - ok
13:15:01.0140 3228 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:15:01.0155 3228 cmdide - ok
13:15:01.0187 3228 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:15:01.0187 3228 CNG - ok
13:15:01.0202 3228 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
13:15:01.0218 3228 Compbatt - ok
13:15:01.0233 3228 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
13:15:01.0233 3228 CompositeBus - ok
13:15:01.0249 3228 COMSysApp - ok
13:15:01.0265 3228 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
13:15:01.0265 3228 crcdisk - ok
13:15:01.0327 3228 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
13:15:01.0327 3228 CryptSvc - ok
13:15:01.0389 3228 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
13:15:01.0389 3228 CtClsFlt - ok
13:15:01.0531 3228 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:15:01.0562 3228 cvhsvc - ok
13:15:01.0671 3228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:15:01.0702 3228 DcomLaunch - ok
13:15:01.0780 3228 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:15:01.0780 3228 defragsvc - ok
13:15:01.0843 3228 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:15:01.0858 3228 DfsC - ok
13:15:01.0890 3228 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:15:01.0905 3228 Dhcp - ok
13:15:01.0936 3228 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:15:01.0936 3228 discache - ok
13:15:01.0983 3228 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
13:15:01.0983 3228 Disk - ok
13:15:02.0014 3228 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:15:02.0014 3228 Dnscache - ok
13:15:02.0046 3228 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:15:02.0046 3228 dot3svc - ok
13:15:02.0077 3228 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:15:02.0077 3228 DPS - ok
13:15:02.0092 3228 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:15:02.0092 3228 drmkaud - ok
13:15:02.0139 3228 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:15:02.0170 3228 DXGKrnl - ok
13:15:02.0217 3228 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:15:02.0217 3228 EapHost - ok
13:15:02.0326 3228 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
13:15:02.0451 3228 ebdrv - ok
13:15:02.0467 3228 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:15:02.0467 3228 EFS - ok
13:15:02.0546 3228 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:15:02.0671 3228 ehRecvr - ok
13:15:02.0702 3228 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:15:02.0749 3228 ehSched - ok
13:15:02.0811 3228 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
13:15:02.0827 3228 elxstor - ok
13:15:02.0858 3228 [ 9EAFB3B3B60B8AD958985152A9309ACA ] epmntdrv C:\windows\system32\epmntdrv.sys
13:15:02.0889 3228 epmntdrv - ok
13:15:02.0905 3228 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:15:02.0905 3228 ErrDev - ok
13:15:02.0951 3228 [ FB949ED2C93C878A189039F3D7730942 ] EuGdiDrv C:\windows\system32\EuGdiDrv.sys
13:15:02.0983 3228 EuGdiDrv - ok
13:15:03.0029 3228 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:15:03.0045 3228 EventSystem - ok
13:15:03.0201 3228 [ 8B6C9924B0D333DBF76086B8258A0891 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:15:03.0248 3228 EvtEng - ok
13:15:03.0279 3228 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:15:03.0279 3228 exfat - ok
13:15:03.0310 3228 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:15:03.0310 3228 fastfat - ok
13:15:03.0388 3228 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:15:03.0404 3228 Fax - ok
13:15:03.0419 3228 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
13:15:03.0435 3228 fdc - ok
13:15:03.0451 3228 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:15:03.0451 3228 fdPHost - ok
13:15:03.0466 3228 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:15:03.0466 3228 FDResPub - ok
13:15:03.0497 3228 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:15:03.0497 3228 FileInfo - ok
13:15:03.0513 3228 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:15:03.0513 3228 Filetrace - ok
13:15:03.0529 3228 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
13:15:03.0529 3228 flpydisk - ok
13:15:03.0544 3228 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:15:03.0560 3228 FltMgr - ok
13:15:03.0607 3228 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
13:15:03.0653 3228 FontCache - ok
13:15:03.0700 3228 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:15:03.0716 3228 FontCache3.0.0.0 - ok
13:15:03.0731 3228 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:15:03.0731 3228 FsDepends - ok
13:15:03.0778 3228 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
13:15:03.0778 3228 fssfltr - ok
13:15:03.0887 3228 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:15:03.0934 3228 fsssvc - ok
13:15:03.0965 3228 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:15:03.0965 3228 Fs_Rec - ok
13:15:04.0012 3228 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:15:04.0012 3228 fvevol - ok
13:15:04.0043 3228 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
13:15:04.0043 3228 gagp30kx - ok
13:15:04.0090 3228 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:15:04.0106 3228 GEARAspiWDM - ok
13:15:04.0153 3228 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:15:04.0184 3228 gpsvc - ok
13:15:04.0215 3228 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:15:04.0215 3228 hcw85cir - ok
13:15:04.0262 3228 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:15:04.0277 3228 HdAudAddService - ok
13:15:04.0277 3228 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
13:15:04.0277 3228 HDAudBus - ok
13:15:04.0309 3228 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
13:15:04.0309 3228 HidBatt - ok
13:15:04.0324 3228 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
13:15:04.0324 3228 HidBth - ok
13:15:04.0340 3228 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
13:15:04.0340 3228 HidIr - ok
13:15:04.0355 3228 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
13:15:04.0371 3228 hidserv - ok
13:15:04.0402 3228 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:15:04.0402 3228 HidUsb - ok
13:15:04.0433 3228 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:15:04.0433 3228 hkmsvc - ok
13:15:04.0480 3228 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:15:04.0480 3228 HomeGroupListener - ok
13:15:04.0543 3228 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:15:04.0543 3228 HomeGroupProvider - ok
13:15:04.0652 3228 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:15:04.0667 3228 hpqcxs08 - ok
13:15:04.0683 3228 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:15:04.0699 3228 hpqddsvc - ok
13:15:04.0730 3228 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:15:04.0730 3228 HpSAMD - ok
13:15:04.0777 3228 [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:15:04.0823 3228 HPSLPSVC - ok
13:15:04.0870 3228 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:15:04.0901 3228 HTTP - ok
13:15:04.0917 3228 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:15:04.0917 3228 hwpolicy - ok
13:15:04.0933 3228 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
13:15:04.0933 3228 i8042prt - ok
13:15:04.0995 3228 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:15:04.0995 3228 iaStor - ok
13:15:05.0073 3228 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:15:05.0073 3228 IAStorDataMgrSvc - ok
13:15:05.0104 3228 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:15:05.0120 3228 iaStorV - ok
13:15:05.0151 3228 [ 653A38B868A5F20BB506AB57AC41B936 ] iBtFltCoex C:\windows\system32\DRIVERS\iBtFltCoex.sys
13:15:05.0151 3228 iBtFltCoex - ok
13:15:05.0213 3228 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:15:05.0260 3228 idsvc - ok
13:15:05.0541 3228 [ 174BCAC474DE13B2650E444CF124828E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
13:15:05.0775 3228 igfx - ok
13:15:05.0806 3228 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
13:15:05.0806 3228 iirsp - ok
13:15:05.0853 3228 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:15:05.0884 3228 IKEEXT - ok
13:15:05.0947 3228 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
13:15:05.0947 3228 intaud_WaveExtensible - ok
13:15:06.0009 3228 [ AE594CC17C33AC146739494615E14851 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
13:15:06.0025 3228 IntcDAud - ok
13:15:06.0071 3228 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:15:06.0071 3228 intelide - ok
13:15:06.0103 3228 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:15:06.0103 3228 intelppm - ok
13:15:06.0134 3228 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:15:06.0134 3228 IPBusEnum - ok
13:15:06.0165 3228 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:15:06.0165 3228 IpFilterDriver - ok
13:15:06.0181 3228 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:15:06.0196 3228 iphlpsvc - ok
13:15:06.0196 3228 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:15:06.0212 3228 IPMIDRV - ok
13:15:06.0227 3228 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:15:06.0227 3228 IPNAT - ok
13:15:06.0290 3228 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:15:06.0321 3228 iPod Service - ok
13:15:06.0368 3228 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:15:06.0368 3228 IRENUM - ok
13:15:06.0383 3228 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:15:06.0383 3228 isapnp - ok
13:15:06.0415 3228 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:15:06.0430 3228 iScsiPrt - ok
13:15:06.0446 3228 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys
13:15:06.0461 3228 iwdbus - ok
13:15:06.0477 3228 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
13:15:06.0477 3228 kbdclass - ok
13:15:06.0508 3228 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:15:06.0508 3228 kbdhid - ok
13:15:06.0524 3228 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:15:06.0524 3228 KeyIso - ok
13:15:06.0555 3228 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:15:06.0555 3228 KSecDD - ok
13:15:06.0571 3228 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:15:06.0586 3228 KSecPkg - ok
13:15:06.0586 3228 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:15:06.0586 3228 ksthunk - ok
13:15:06.0633 3228 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:15:06.0633 3228 KtmRm - ok
13:15:06.0680 3228 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
13:15:06.0695 3228 LanmanServer - ok
13:15:06.0727 3228 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:15:06.0727 3228 LanmanWorkstation - ok
13:15:06.0789 3228 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:15:06.0789 3228 lltdio - ok
13:15:06.0836 3228 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:15:06.0836 3228 lltdsvc - ok
13:15:06.0851 3228 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:15:06.0867 3228 lmhosts - ok
13:15:06.0929 3228 [ 0803906D607A9B83184447B75B60ECC2 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:15:06.0929 3228 LMS - ok
13:15:06.0961 3228 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
13:15:06.0961 3228 LSI_FC - ok
13:15:07.0023 3228 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
13:15:07.0023 3228 LSI_SAS - ok
13:15:07.0039 3228 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
13:15:07.0039 3228 LSI_SAS2 - ok
13:15:07.0054 3228 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
13:15:07.0054 3228 LSI_SCSI - ok
13:15:07.0085 3228 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:15:07.0085 3228 luafv - ok
13:15:07.0117 3228 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:15:07.0117 3228 Mcx2Svc - ok
13:15:07.0132 3228 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
13:15:07.0132 3228 megasas - ok
13:15:07.0163 3228 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
13:15:07.0179 3228 MegaSR - ok
13:15:07.0210 3228 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
13:15:07.0210 3228 MEIx64 - ok
13:15:07.0241 3228 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:15:07.0241 3228 MMCSS - ok
13:15:07.0257 3228 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:15:07.0257 3228 Modem - ok
13:15:07.0257 3228 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:15:07.0273 3228 monitor - ok
13:15:07.0288 3228 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:15:07.0288 3228 mouclass - ok
13:15:07.0319 3228 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:15:07.0319 3228 mouhid - ok
13:15:07.0335 3228 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:15:07.0335 3228 mountmgr - ok
13:15:07.0413 3228 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:15:07.0413 3228 MozillaMaintenance - ok
13:15:07.0507 3228 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
13:15:07.0507 3228 MpFilter - ok
13:15:07.0522 3228 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:15:07.0538 3228 mpio - ok
13:15:07.0553 3228 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:15:07.0553 3228 mpsdrv - ok
13:15:07.0600 3228 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:15:07.0647 3228 MpsSvc - ok
13:15:07.0663 3228 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:15:07.0678 3228 MRxDAV - ok
13:15:07.0709 3228 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:15:07.0709 3228 mrxsmb - ok
13:15:07.0756 3228 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:15:07.0756 3228 mrxsmb10 - ok
13:15:07.0787 3228 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:15:07.0787 3228 mrxsmb20 - ok
13:15:07.0803 3228 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:15:07.0803 3228 msahci - ok
13:15:07.0819 3228 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:15:07.0819 3228 msdsm - ok
13:15:07.0834 3228 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:15:07.0834 3228 MSDTC - ok
13:15:07.0865 3228 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:15:07.0865 3228 Msfs - ok
13:15:07.0881 3228 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:15:07.0881 3228 mshidkmdf - ok
13:15:07.0912 3228 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:15:07.0912 3228 msisadrv - ok
13:15:07.0959 3228 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:15:07.0959 3228 MSiSCSI - ok
13:15:07.0975 3228 msiserver - ok
13:15:07.0990 3228 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:15:08.0006 3228 MSKSSRV - ok
13:15:08.0053 3228 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:15:08.0053 3228 MsMpSvc - ok
13:15:08.0084 3228 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:15:08.0084 3228 MSPCLOCK - ok
13:15:08.0099 3228 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:15:08.0099 3228 MSPQM - ok
13:15:08.0146 3228 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:15:08.0162 3228 MsRPC - ok
13:15:08.0177 3228 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
13:15:08.0177 3228 mssmbios - ok
13:15:08.0193 3228 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:15:08.0193 3228 MSTEE - ok
13:15:08.0209 3228 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
13:15:08.0209 3228 MTConfig - ok
13:15:08.0224 3228 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:15:08.0224 3228 Mup - ok
13:15:08.0287 3228 [ 6ED8935257672F4CD04A88A0F3DE093D ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:15:08.0302 3228 MyWiFiDHCPDNS - ok
13:15:08.0333 3228 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:15:08.0365 3228 napagent - ok
13:15:08.0396 3228 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:15:08.0396 3228 NativeWifiP - ok
13:15:08.0474 3228 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:15:08.0505 3228 NDIS - ok
13:15:08.0521 3228 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:15:08.0521 3228 NdisCap - ok
13:15:08.0552 3228 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:15:08.0552 3228 NdisTapi - ok
13:15:08.0567 3228 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:15:08.0583 3228 Ndisuio - ok
13:15:08.0599 3228 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:15:08.0599 3228 NdisWan - ok
13:15:08.0614 3228 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:15:08.0614 3228 NDProxy - ok
13:15:08.0661 3228 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:15:08.0708 3228 Net Driver HPZ12 - ok
13:15:08.0739 3228 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:15:08.0739 3228 NetBIOS - ok
13:15:08.0755 3228 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:15:08.0770 3228 NetBT - ok
13:15:08.0786 3228 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:15:08.0786 3228 Netlogon - ok
13:15:08.0833 3228 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:15:08.0848 3228 Netman - ok
13:15:08.0895 3228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:08.0895 3228 NetMsmqActivator - ok
13:15:08.0911 3228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:08.0911 3228 NetPipeActivator - ok
13:15:08.0942 3228 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:15:08.0957 3228 netprofm - ok
13:15:08.0973 3228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:08.0973 3228 NetTcpActivator - ok
13:15:08.0973 3228 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:15:08.0989 3228 NetTcpPortSharing - ok
13:15:09.0176 3228 [ 5D262402B0634C998F8CBCEAD7DD8676 ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
13:15:09.0347 3228 NETwNs64 - ok
13:15:09.0379 3228 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
13:15:09.0379 3228 nfrd960 - ok
13:15:09.0425 3228 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
13:15:09.0425 3228 NisDrv - ok
13:15:09.0472 3228 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
13:15:09.0488 3228 NisSrv - ok
13:15:09.0519 3228 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
13:15:09.0535 3228 NlaSvc - ok
13:15:09.0535 3228 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:15:09.0550 3228 Npfs - ok
13:15:09.0566 3228 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:15:09.0566 3228 nsi - ok
13:15:09.0581 3228 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:15:09.0581 3228 nsiproxy - ok
13:15:09.0659 3228 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:15:09.0722 3228 Ntfs - ok
13:15:09.0737 3228 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:15:09.0737 3228 Null - ok
13:15:09.0769 3228 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\windows\system32\DRIVERS\nusb3hub.sys
13:15:09.0784 3228 nusb3hub - ok
13:15:09.0800 3228 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\windows\system32\DRIVERS\nusb3xhc.sys
13:15:09.0815 3228 nusb3xhc - ok
13:15:09.0862 3228 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:15:09.0862 3228 nvraid - ok
13:15:09.0878 3228 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:15:09.0893 3228 nvstor - ok
13:15:09.0909 3228 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:15:09.0925 3228 nv_agp - ok
13:15:09.0940 3228 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:15:09.0940 3228 ohci1394 - ok
13:15:10.0003 3228 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:15:10.0003 3228 ose - ok
13:15:10.0174 3228 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:15:10.0299 3228 osppsvc - ok
13:15:10.0330 3228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:15:10.0330 3228 p2pimsvc - ok
13:15:10.0361 3228 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:15:10.0377 3228 p2psvc - ok
13:15:10.0408 3228 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
13:15:10.0408 3228 Parport - ok
13:15:10.0439 3228 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:15:10.0439 3228 partmgr - ok
13:15:10.0502 3228 [ 8A0F8A9580D9F2FC512A35D5709088A9 ] pavboot C:\windows\system32\drivers\pavboot64.sys
13:15:10.0502 3228 pavboot - ok
13:15:10.0533 3228 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:15:10.0533 3228 PcaSvc - ok
13:15:10.0564 3228 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:15:10.0564 3228 pci - ok
13:15:10.0580 3228 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:15:10.0580 3228 pciide - ok
13:15:10.0611 3228 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
13:15:10.0611 3228 pcmcia - ok
13:15:10.0627 3228 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:15:10.0627 3228 pcw - ok
13:15:10.0642 3228 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:15:10.0658 3228 PEAUTH - ok
13:15:10.0751 3228 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:15:10.0767 3228 PerfHost - ok
13:15:10.0814 3228 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:15:10.0861 3228 pla - ok
13:15:10.0907 3228 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:15:10.0923 3228 PlugPlay - ok
13:15:10.0985 3228 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:15:11.0017 3228 Pml Driver HPZ12 - ok
13:15:11.0032 3228 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:15:11.0032 3228 PNRPAutoReg - ok
13:15:11.0048 3228 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:15:11.0048 3228 PNRPsvc - ok
13:15:11.0079 3228 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:15:11.0095 3228 PolicyAgent - ok
13:15:11.0141 3228 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:15:11.0141 3228 Power - ok
13:15:11.0188 3228 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:15:11.0188 3228 PptpMiniport - ok
13:15:11.0219 3228 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
13:15:11.0219 3228 Processor - ok
13:15:11.0251 3228 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:15:11.0266 3228 ProfSvc - ok
13:15:11.0282 3228 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:15:11.0282 3228 ProtectedStorage - ok
13:15:11.0313 3228 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:15:11.0313 3228 Psched - ok
13:15:11.0344 3228 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
13:15:11.0360 3228 PxHlpa64 - ok
13:15:11.0422 3228 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
13:15:11.0469 3228 ql2300 - ok
13:15:11.0500 3228 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
13:15:11.0500 3228 ql40xx - ok
13:15:11.0531 3228 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:15:11.0547 3228 QWAVE - ok
13:15:11.0563 3228 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:15:11.0563 3228 QWAVEdrv - ok
13:15:11.0578 3228 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:15:11.0578 3228 RasAcd - ok
13:15:11.0625 3228 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:15:11.0625 3228 RasAgileVpn - ok
13:15:11.0656 3228 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:15:11.0656 3228 RasAuto - ok
13:15:11.0672 3228 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:15:11.0672 3228 Rasl2tp - ok
13:15:11.0719 3228 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:15:11.0734 3228 RasMan - ok
13:15:11.0765 3228 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:15:11.0765 3228 RasPppoe - ok
13:15:11.0781 3228 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:15:11.0781 3228 RasSstp - ok
13:15:11.0797 3228 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:15:11.0812 3228 rdbss - ok
13:15:11.0828 3228 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
13:15:11.0828 3228 rdpbus - ok
13:15:11.0859 3228 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:15:11.0859 3228 RDPCDD - ok
13:15:11.0890 3228 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:15:11.0890 3228 RDPENCDD - ok
13:15:11.0906 3228 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:15:11.0906 3228 RDPREFMP - ok
13:15:11.0937 3228 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:15:11.0953 3228 RDPWD - ok
13:15:11.0968 3228 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:15:11.0984 3228 rdyboost - ok
13:15:12.0077 3228 [ 189C5A8D2098E0AA14FD157A954B34FC ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:15:12.0124 3228 RegSrvc - ok
13:15:12.0171 3228 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:15:12.0187 3228 RemoteAccess - ok
13:15:12.0202 3228 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:15:12.0218 3228 RemoteRegistry - ok
13:15:12.0249 3228 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:15:12.0249 3228 RFCOMM - ok
13:15:12.0296 3228 [ AD42432D22940B4215177BE113E4919C ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
13:15:12.0311 3228 RimUsb - ok
13:15:12.0358 3228 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
13:15:12.0358 3228 RimVSerPort - ok
13:15:12.0389 3228 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
13:15:12.0405 3228 ROOTMODEM - ok
13:15:12.0530 3228 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:15:12.0577 3228 RoxMediaDB12OEM - ok
13:15:12.0608 3228 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:15:12.0623 3228 RoxWatch12 - ok
13:15:12.0655 3228 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:15:12.0655 3228 RpcEptMapper - ok
13:15:12.0686 3228 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:15:12.0686 3228 RpcLocator - ok
13:15:12.0717 3228 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
13:15:12.0733 3228 RpcSs - ok
13:15:12.0748 3228 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:15:12.0748 3228 rspndr - ok
13:15:12.0811 3228 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
13:15:12.0826 3228 RSUSBSTOR - ok
13:15:12.0873 3228 [ 2777226EE8BF50B059D7A7C90177E99C ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
13:15:12.0889 3228 RTL8167 - ok
13:15:12.0904 3228 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:15:12.0904 3228 SamSs - ok
13:15:12.0951 3228 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:15:12.0951 3228 sbp2port - ok
13:15:12.0967 3228 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:15:12.0982 3228 SCardSvr - ok
13:15:12.0998 3228 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:15:12.0998 3228 scfilter - ok
13:15:13.0029 3228 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:15:13.0076 3228 Schedule - ok
13:15:13.0107 3228 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:15:13.0107 3228 SCPolicySvc - ok
13:15:13.0123 3228 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:15:13.0138 3228 SDRSVC - ok
13:15:13.0169 3228 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:15:13.0169 3228 secdrv - ok
13:15:13.0185 3228 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:15:13.0185 3228 seclogon - ok
13:15:13.0232 3228 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
13:15:13.0232 3228 SENS - ok
13:15:13.0247 3228 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:15:13.0247 3228 SensrSvc - ok
13:15:13.0263 3228 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
13:15:13.0263 3228 Serenum - ok
13:15:13.0294 3228 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
13:15:13.0294 3228 Serial - ok
13:15:13.0341 3228 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
13:15:13.0341 3228 sermouse - ok
13:15:13.0372 3228 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:15:13.0388 3228 SessionEnv - ok
13:15:13.0403 3228 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:15:13.0403 3228 sffdisk - ok
13:15:13.0419 3228 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:15:13.0419 3228 sffp_mmc - ok
13:15:13.0435 3228 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:15:13.0435 3228 sffp_sd - ok
13:15:13.0450 3228 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
13:15:13.0466 3228 sfloppy - ok
13:15:13.0513 3228 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
13:15:13.0544 3228 Sftfs - ok
13:15:13.0622 3228 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:15:13.0637 3228 sftlist - ok
13:15:13.0653 3228 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
13:15:13.0669 3228 Sftplay - ok
13:15:13.0669 3228 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
13:15:13.0684 3228 Sftredir - ok
13:15:13.0778 3228 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:15:13.0825 3228 SftService - ok
13:15:13.0840 3228 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
13:15:13.0840 3228 Sftvol - ok
13:15:13.0871 3228 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:15:13.0871 3228 sftvsa - ok
13:15:13.0918 3228 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:15:13.0934 3228 SharedAccess - ok
13:15:13.0965 3228 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:15:13.0981 3228 ShellHWDetection - ok
13:15:14.0012 3228 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
13:15:14.0012 3228 SiSRaid2 - ok
13:15:14.0043 3228 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
13:15:14.0059 3228 SiSRaid4 - ok
13:15:14.0074 3228 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:15:14.0074 3228 Smb - ok
13:15:14.0121 3228 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:15:14.0121 3228 SNMPTRAP - ok
13:15:14.0137 3228 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:15:14.0137 3228 spldr - ok
13:15:14.0168 3228 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
13:15:14.0168 3228 Spooler - ok
13:15:14.0277 3228 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:15:14.0355 3228 sppsvc - ok
13:15:14.0371 3228 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:15:14.0371 3228 sppuinotify - ok
13:15:14.0417 3228 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:15:14.0417 3228 srv - ok
13:15:14.0449 3228 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:15:14.0449 3228 srv2 - ok
13:15:14.0480 3228 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:15:14.0480 3228 srvnet - ok
13:15:14.0511 3228 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:15:14.0527 3228 SSDPSRV - ok
13:15:14.0542 3228 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:15:14.0542 3228 SstpSvc - ok
13:15:14.0605 3228 [ B2D8B364A831427A5741F6C408FA8AE3 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:15:14.0620 3228 STacSV - ok
13:15:14.0651 3228 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
13:15:14.0651 3228 stexstor - ok
13:15:14.0698 3228 [ EF5ACDE92BA3F691BBFEF781CB063501 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
13:15:14.0714 3228 STHDA - ok
13:15:14.0761 3228 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
13:15:14.0761 3228 StillCam - ok
13:15:14.0823 3228 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:15:14.0854 3228 stisvc - ok
13:15:14.0901 3228 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:15:14.0963 3228 stllssvr - ok
13:15:14.0979 3228 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
13:15:14.0995 3228 swenum - ok
13:15:15.0026 3228 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:15:15.0041 3228 swprv - ok
13:15:15.0119 3228 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:15:15.0166 3228 SysMain - ok
13:15:15.0182 3228 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:15:15.0197 3228 TabletInputService - ok
13:15:15.0197 3228 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:15:15.0213 3228 TapiSrv - ok
13:15:15.0229 3228 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:15:15.0229 3228 TBS - ok
13:15:15.0291 3228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:15:15.0353 3228 Tcpip - ok
13:15:15.0431 3228 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:15:15.0447 3228 TCPIP6 - ok
13:15:15.0478 3228 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:15:15.0478 3228 tcpipreg - ok
13:15:15.0494 3228 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:15:15.0494 3228 TDPIPE - ok
13:15:15.0525 3228 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:15:15.0525 3228 TDTCP - ok
13:15:15.0556 3228 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:15:15.0556 3228 tdx - ok
13:15:15.0572 3228 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
13:15:15.0587 3228 TermDD - ok
13:15:15.0619 3228 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:15:15.0650 3228 TermService - ok
13:15:15.0681 3228 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:15:15.0681 3228 Themes - ok
13:15:15.0697 3228 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:15:15.0712 3228 THREADORDER - ok
13:15:15.0728 3228 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:15:15.0728 3228 TrkWks - ok
13:15:15.0790 3228 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:15:15.0806 3228 TrustedInstaller - ok
13:15:15.0821 3228 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:15:15.0821 3228 tssecsrv - ok
13:15:15.0853 3228 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:15:15.0853 3228 TsUsbFlt - ok
13:15:15.0868 3228 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
13:15:15.0868 3228 TsUsbGD - ok
13:15:15.0915 3228 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:15:15.0915 3228 tunnel - ok
13:15:15.0931 3228 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
13:15:15.0931 3228 uagp35 - ok
13:15:15.0962 3228 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:15:15.0977 3228 udfs - ok
13:15:16.0009 3228 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:15:16.0024 3228 UI0Detect - ok
13:15:16.0040 3228 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:15:16.0055 3228 uliagpkx - ok
13:15:16.0087 3228 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:15:16.0102 3228 umbus - ok
13:15:16.0118 3228 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
13:15:16.0118 3228 UmPass - ok
13:15:16.0258 3228 [ EB79C6C91A99930015EF29AE7FA802D1 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:15:16.0367 3228 UNS - ok
13:15:16.0399 3228 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:15:16.0414 3228 upnphost - ok
13:15:16.0445 3228 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
13:15:16.0461 3228 USBAAPL64 - ok
13:15:16.0508 3228 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:15:16.0508 3228 usbccgp - ok
13:15:16.0539 3228 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:15:16.0539 3228 usbcir - ok
13:15:16.0570 3228 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:15:16.0570 3228 usbehci - ok
13:15:16.0617 3228 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:15:16.0617 3228 usbhub - ok
13:15:16.0633 3228 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:15:16.0633 3228 usbohci - ok
13:15:16.0648 3228 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys
13:15:16.0648 3228 usbprint - ok
13:15:16.0679 3228 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:15:16.0695 3228 USBSTOR - ok
13:15:16.0711 3228 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:15:16.0711 3228 usbuhci - ok
13:15:16.0742 3228 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
13:15:16.0742 3228 usbvideo - ok
13:15:16.0773 3228 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:15:16.0773 3228 UxSms - ok
13:15:16.0789 3228 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:15:16.0789 3228 VaultSvc - ok
13:15:16.0820 3228 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:15:16.0820 3228 vdrvroot - ok
13:15:16.0851 3228 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:15:16.0882 3228 vds - ok
13:15:16.0898 3228 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:15:16.0898 3228 vga - ok
13:15:16.0898 3228 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:15:16.0898 3228 VgaSave - ok
13:15:16.0913 3228 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:15:16.0913 3228 vhdmp - ok
13:15:16.0945 3228 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:15:16.0945 3228 viaide - ok
13:15:16.0960 3228 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:15:16.0976 3228 volmgr - ok
13:15:16.0991 3228 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:15:16.0991 3228 volmgrx - ok
13:15:17.0023 3228 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:15:17.0023 3228 volsnap - ok
13:15:17.0069 3228 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
13:15:17.0069 3228 vsmraid - ok
13:15:17.0132 3228 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:15:17.0194 3228 VSS - ok
13:15:17.0210 3228 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:15:17.0210 3228 vwifibus - ok
13:15:17.0225 3228 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:15:17.0225 3228 vwififlt - ok
13:15:17.0272 3228 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:15:17.0272 3228 vwifimp - ok
13:15:17.0303 3228 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:15:17.0303 3228 W32Time - ok
13:15:17.0335 3228 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
13:15:17.0335 3228 WacomPen - ok
13:15:17.0350 3228 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:15:17.0366 3228 WANARP - ok
13:15:17.0366 3228 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:15:17.0366 3228 Wanarpv6 - ok
13:15:17.0444 3228 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
13:15:17.0491 3228 WatAdminSvc - ok
13:15:17.0553 3228 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:15:17.0600 3228 wbengine - ok
13:15:17.0631 3228 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:15:17.0631 3228 WbioSrvc - ok
13:15:17.0647 3228 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:15:17.0662 3228 wcncsvc - ok
13:15:17.0693 3228 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:15:17.0693 3228 WcsPlugInService - ok
13:15:17.0725 3228 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
13:15:17.0725 3228 Wd - ok
13:15:17.0740 3228 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:15:17.0756 3228 Wdf01000 - ok
13:15:17.0756 3228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:15:17.0756 3228 WdiServiceHost - ok
13:15:17.0771 3228 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:15:17.0771 3228 WdiSystemHost - ok
13:15:17.0787 3228 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:15:17.0787 3228 WebClient - ok
13:15:17.0818 3228 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:15:17.0834 3228 Wecsvc - ok
13:15:17.0849 3228 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:15:17.0849 3228 wercplsupport - ok
13:15:17.0881 3228 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:15:17.0881 3228 WerSvc - ok
13:15:17.0912 3228 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:15:17.0912 3228 WfpLwf - ok
13:15:17.0943 3228 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
13:15:17.0959 3228 WimFltr - ok
13:15:17.0974 3228 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:15:17.0974 3228 WIMMount - ok
13:15:18.0005 3228 WinDefend - ok
13:15:18.0021 3228 WinHttpAutoProxySvc - ok
13:15:18.0099 3228 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:15:18.0161 3228 Winmgmt - ok
13:15:18.0239 3228 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:15:18.0286 3228 WinRM - ok
13:15:18.0364 3228 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:15:18.0395 3228 Wlansvc - ok
13:15:18.0442 3228 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:15:18.0458 3228 wlcrasvc - ok
13:15:18.0598 3228 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:15:18.0661 3228 wlidsvc - ok
13:15:18.0707 3228 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
13:15:18.0707 3228 WmiAcpi - ok
13:15:18.0754 3228 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:15:18.0817 3228 wmiApSrv - ok
13:15:18.0863 3228 WMPNetworkSvc - ok
13:15:18.0879 3228 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:15:18.0895 3228 WPCSvc - ok
13:15:18.0926 3228 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:15:18.0926 3228 WPDBusEnum - ok
13:15:18.0941 3228 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:15:18.0941 3228 ws2ifsl - ok
13:15:18.0973 3228 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
13:15:18.0973 3228 wscsvc - ok
13:15:19.0019 3228 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
13:15:19.0019 3228 WSDPrintDevice - ok
13:15:19.0019 3228 WSearch - ok
13:15:19.0113 3228 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:15:19.0191 3228 wuauserv - ok
13:15:19.0207 3228 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:15:19.0207 3228 WudfPf - ok
13:15:19.0238 3228 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:15:19.0253 3228 WUDFRd - ok
13:15:19.0269 3228 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:15:19.0285 3228 wudfsvc - ok
13:15:19.0316 3228 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
13:15:19.0316 3228 WwanSvc - ok
13:15:19.0347 3228 ================ Scan global ===============================
13:15:19.0378 3228 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:15:19.0425 3228 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
13:15:19.0441 3228 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
13:15:19.0472 3228 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:15:19.0519 3228 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:15:19.0519 3228 [Global] - ok
13:15:19.0519 3228 ================ Scan MBR ==================================
13:15:19.0534 3228 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:15:19.0862 3228 \Device\Harddisk0\DR0 - ok
13:15:19.0862 3228 ================ Scan VBR ==================================
13:15:19.0862 3228 [ 17E6064B18AA88ED8319B3238FE06A25 ] \Device\Harddisk0\DR0\Partition1
13:15:19.0862 3228 \Device\Harddisk0\DR0\Partition1 - ok
13:15:19.0893 3228 [ F0A7699473B69236324CE8399BBACB50 ] \Device\Harddisk0\DR0\Partition2
13:15:19.0893 3228 \Device\Harddisk0\DR0\Partition2 - ok
13:15:19.0924 3228 [ 0DA0711FE99B88A464A6F62F45BBBB2F ] \Device\Harddisk0\DR0\Partition3
13:15:19.0924 3228 \Device\Harddisk0\DR0\Partition3 - ok
13:15:19.0924 3228 ============================================================
13:15:19.0924 3228 Scan finished
13:15:19.0924 3228 ============================================================
13:15:19.0940 4460 Detected object count: 0
13:15:19.0940 4460 Actual detected object count: 0
  • 0

Advertisements


#11
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
aswMBR: it found 1 infection
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-01 14:21:59
-----------------------------
14:21:59.725 OS Version: Windows x64 6.1.7601 Service Pack 1
14:21:59.725 Number of processors: 4 586 0x2A07
14:21:59.725 ComputerName: PATTY-PC UserName: Patty
14:22:03.079 Initialize success
14:24:54.376 AVAST engine defs: 12110100
14:25:40.565 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:25:40.565 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
14:25:40.580 Disk 0 MBR read successfully
14:25:40.580 Disk 0 MBR scan
14:25:40.580 Disk 0 Windows 7 default MBR code
14:25:40.596 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
14:25:40.612 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
14:25:40.674 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225983 MB offset 30926848
14:25:40.721 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 64158 MB offset 493741710
14:25:40.892 Disk 0 scanning C:\windows\system32\drivers
14:25:55.479 Service scanning
14:26:36.599 Modules scanning
14:26:36.615 Disk 0 trace - called modules:
14:26:36.646 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
14:26:36.646 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005a27060]
14:26:36.646 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> [0xfffffa8003b07e40]
14:26:36.646 5 ACPI.sys[fffff88000f5a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003b0b050]
14:26:38.284 AVAST engine scan C:\windows
14:26:46.257 AVAST engine scan C:\windows\system32
14:31:36.502 AVAST engine scan C:\windows\system32\drivers
14:31:55.348 AVAST engine scan C:\Users\Patty
14:34:28.744 File: C:\Users\Patty\Desktop\RK_Quarantine\nlsbresd.dll.vir **INFECTED** Win32:Agent-AQFW [Trj]
14:35:47.509 AVAST engine scan C:\ProgramData
14:38:03.495 Scan finished successfully
14:39:18.611 Disk 0 MBR has been saved successfully to "C:\Users\Patty\Desktop\MBR.dat"
14:39:18.627 The log file has been saved successfully to "C:\Users\Patty\Desktop\aswMBR.txt"
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings hcelizondo

The file aswMBR found is allready quarantined

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#13
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Hi Gringo. Here it is combofix report:
ComboFix 12-10-31.03 - Patty 01/11/2012 19:28:21.2.4 - x64
Running from: c:\users\Patty\Desktop\ComboFix.exe
Command switches used :: c:\users\Patty\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-10-02 to 2012-11-02 )))))))))))))))))))))))))))))))
.
.
2012-11-02 01:33 . 2012-11-02 01:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-02 01:33 . 2012-11-02 01:33 -------- d-----w- c:\users\Hector\AppData\Local\temp
2012-11-02 01:33 . 2012-11-02 01:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 17:42 . 2012-10-12 06:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BD94867E-46AA-49F7-875C-37F5ED78C07D}\mpengine.dll
2012-11-01 17:20 . 2012-10-12 06:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-01 02:42 . 2012-11-01 02:42 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43F7A5FB-0ECA-4998-9439-923EE0731DA3}\gapaengine.dll
2012-11-01 02:28 . 2012-11-01 02:28 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-11-01 02:28 . 2012-11-01 02:29 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-01 02:22 . 2012-11-01 02:22 -------- d-----w- c:\users\Patty\AppData\Roaming\Malwarebytes
2012-10-31 21:30 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files\iPod
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files\iTunes
2012-10-31 21:30 . 2012-10-31 21:30 -------- d-----w- c:\program files (x86)\iTunes
2012-10-10 15:50 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 15:50 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 15:50 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 15:50 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 15:50 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 15:50 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 15:48 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 15:48 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 15:48 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 15:48 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 15:48 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 15:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 15:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 15:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 18:27 . 2012-01-04 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-30 01:54 . 2012-08-31 13:51 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 14:11 . 2012-08-31 14:11 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-31 14:11 . 2011-07-30 20:55 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-31 04:03 . 2012-08-31 04:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 04:03 . 2012-08-31 04:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 21:04 . 2012-08-30 21:04 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-08-24 11:15 . 2012-09-24 03:08 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 03:08 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 03:09 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 03:09 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 03:09 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 03:09 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 03:09 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 03:09 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 03:09 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 03:09 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 03:09 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 03:09 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 03:09 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 03:09 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 03:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 03:09 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 03:09 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 03:09 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 03:09 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 03:09 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 03:09 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 03:09 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 15:27 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 15:27 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 15:27 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 15:27 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-30 20:31 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-21 19:01 . 2011-07-30 21:30 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 19:01 . 2011-07-30 21:30 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 15:49 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-09-01 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-03-24 34200]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-02 1255736]
R3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2009-06-30 33800]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-03-27 1014096]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2012-03-27 1104208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2012-03-27 1304912]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2012-02-13 95232]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2012-02-13 747008]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2012-03-21 60928]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-08-23 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-03-24 25496]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-09-21 56344]
S3 NETwNs64;___ Controlador del adaptador Intel® Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-21 8505856]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
- c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 20:58]
.
2012-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
- c:\users\Patty\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-03 20:58]
.
2012-11-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003Core.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 21:05]
.
2012-11-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1003UA.job
- c:\users\Hector\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-30 21:05]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001Core.job
- c:\users\Patty\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:58]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-770254171-4196784553-780507908-1001UA.job
- c:\users\Patty\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-30 20:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-03-15 178960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-03-27 11407120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Patty\AppData\Roaming\Mozilla\Firefox\Profiles\1txoolt0.default\
FF - ExtSQL: !HIDDEN! 2012-02-26 22:32; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-01 19:36:44
ComboFix-quarantined-files.txt 2012-11-02 01:36
ComboFix2.txt 2012-11-01 17:16
ComboFix3.txt 2012-08-29 21:18
.
Pre-Run: 185,208,762,368 bytes libres
Post-Run: 185,294,749,696 bytes libres
.
- - End Of File - - 74D09F2A0CB63C4DE2B38291470D9E23
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
How are things running at this time?


gringo
  • 0

#15
hcelizondo

hcelizondo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
it looks fine now. No more redirecting to other web sites, as I said earlier MSE is up and running.I have just tested Home Sharing using Itunes (that's why I started working on this lap yesterday).

On teh other hand I'm thinking about getting rid of MSE and try avast instead. I have been reading some good reviews about it(for avast and avira) and it looks like avast is more user friendly (for my wife u know). Any recommendation?

Edited by hcelizondo, 01 November 2012 - 08:24 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP