Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Blue Screen [Solved]


  • This topic is locked This topic is locked

#1
chillndan

chillndan

    Member

  • Member
  • PipPip
  • 19 posts
Computer will boot up fine, Windows 7, and come to the screen where you can select different users. When you select a user, the computer starts working, a black screen appears then a Windows Blue Screen to the effect of "A problem has been detected & windows is shutting down to prevent..." Have run MalWare and Spybot and they detect a problem but can't clean it. I have attached the old timer files.

Attached Files


  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thank you Gringo,

Results of Security Check:
Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Java 7 Update 7
Java version out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

Results of AdwCleaner:

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 21:02:09
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dan - CHANCEY03
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Dan\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Users\Dan\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Dani\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Hallie\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Kaelin\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Sue\AppData\LocalLow\AskToolbar
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2132 octets] - [27/11/2012 21:02:09]

########## EOF - C:\AdwCleaner[R1].txt - [2192 octets] ##########

Results of RogueKiller:

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Dan [Admin rights]
Mode : Remove -- Date : 11/27/2012 21:30:54

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EALX-759BA1 +++++
--- User ---
[MBR] 8e7f865b02c6d2ef28008975127a5464
[BSP] e08fd3ce005c7ac8b2bfad9577990c7b : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 26880 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 55132160 | Size: 926948 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] a0acb494643a1e98b76a210d84feca04
[BSP] e08fd3ce005c7ac8b2bfad9577990c7b : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 26880 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 55132160 | Size: 926948 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] a0acb494643a1e98b76a210d84feca04
[BSP] e08fd3ce005c7ac8b2bfad9577990c7b : Windows Vista MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 26880 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 55132160 | Size: 926948 Mo

Finished : << RKreport[2]_D_11272012_02d2130.txt >>
RKreport[1]_S_11272012_02d2130.txt ; RKreport[2]_D_11272012_02d2130.txt



Thank you.
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#6
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, I finally had time to run ComboFix. I had to run this several times, I received the blue screen while trying to run it. Report:

ComboFix 12-12-02.01 - Dan 12/03/2012 8:25.3.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.7176 [GMT -5:00]
Running from: c:\users\Dan\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\5043.tmp
c:\programdata\Microsoft\Windows\DRM\5044.tmp
c:\windows\RPSETUP.EXE.LOG
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 13:32 . 2012-12-03 13:32 -------- d-----w- c:\users\Sue\AppData\Local\temp
2012-12-03 13:32 . 2012-12-03 13:32 -------- d-----w- c:\users\Kaelin\AppData\Local\temp
2012-12-03 13:32 . 2012-12-03 13:32 -------- d-----w- c:\users\Hallie\AppData\Local\temp
2012-12-03 13:32 . 2012-12-03 13:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 13:32 . 2012-12-03 13:32 -------- d-----w- c:\users\Dani\AppData\Local\temp
2012-11-29 02:58 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 02:58 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 02:58 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-29 02:58 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-29 02:54 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-29 02:54 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-29 02:54 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-29 02:54 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-29 02:54 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 02:54 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 02:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-29 02:54 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-29 02:54 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-28 21:19 . 2012-11-28 21:19 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Malwarebytes
2012-11-28 00:49 . 2012-11-28 00:49 -------- d-----w- c:\users\Dan\AppData\Local\CrashDumps
2012-11-28 00:05 . 2012-11-28 00:05 -------- d-----w- c:\users\Dan\AppData\Local\ElevatedDiagnostics
2012-11-27 11:01 . 2012-12-03 12:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-27 11:00 . 2012-11-27 11:00 -------- d-----w- c:\users\Dan\AppData\Local\Programs
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2012-11-27 01:43 . 2010-01-07 21:07 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 01:43 . 2010-01-07 21:07 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 01:10 . 2012-11-20 01:10 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-20 01:10 . 2012-11-20 01:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-11-20 00:35 . 2012-11-20 00:35 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Puem
2012-11-20 00:35 . 2012-11-20 00:35 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Omuhc
2012-11-19 21:09 . 2012-11-19 21:10 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Odcy
2012-11-19 21:09 . 2012-11-19 21:09 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Xaes
2012-11-19 21:07 . 2012-11-19 21:08 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Otbade
2012-11-18 20:02 . 2012-11-18 20:17 -------- d-----w- c:\users\Dan\AppData\Roaming\Yznoe
2012-11-18 20:02 . 2012-11-18 20:02 -------- d-----w- c:\windows\Sun
2012-11-13 23:55 . 2012-11-13 23:55 -------- d-----w- c:\users\Sue\AppData\Roaming\ICAClient
2012-11-13 23:55 . 2012-11-13 23:55 -------- d-----w- c:\users\Sue\AppData\Local\Citrix
2012-11-13 00:54 . 2012-11-15 23:34 -------- d-----w- c:\users\Kaelin\AppData\Local\CrashDumps
2012-11-13 00:54 . 2012-11-13 00:54 -------- d-----w- c:\users\Kaelin\AppData\Local\Adobe
2012-11-11 23:11 . 2012-11-11 23:11 -------- d-----w- c:\users\Dani\AppData\Local\Apple Computer
2012-11-11 23:10 . 2012-11-11 23:10 -------- d-----w- c:\users\Dani\AppData\Roaming\ICAClient
2012-11-11 23:10 . 2012-11-11 23:10 -------- d-----w- c:\users\Dani\AppData\Local\Citrix
2012-11-07 20:47 . 2012-11-07 20:47 -------- d-----w- c:\users\Kaelin\AppData\Roaming\ICAClient
2012-11-07 20:47 . 2012-11-07 20:47 -------- d-----w- c:\users\Kaelin\AppData\Local\Citrix
2012-11-07 20:46 . 2012-11-07 20:46 -------- d-----w- c:\users\Hallie\AppData\Roaming\ICAClient
2012-11-07 20:42 . 2012-11-07 20:42 -------- d-----w- c:\users\Hallie\AppData\Local\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\users\Dan\AppData\Roaming\ICAClient
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\programdata\Citrix
2012-11-07 11:53 . 2012-11-20 03:45 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\users\Dan\AppData\Local\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\program files (x86)\Citrix
2012-11-07 11:49 . 2012-11-07 11:49 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer
2012-11-06 00:17 . 2012-11-06 00:20 -------- d-----w- c:\users\Sue\AppData\Local\CrashDumps
2012-11-04 13:57 . 2012-11-04 13:57 -------- d-----w- c:\users\Sue\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-11-28 02:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 02:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 02:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 10:08 . 2012-10-13 10:08 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-05 23:44 . 2012-10-05 23:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-05 23:44 . 2012-10-05 23:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-05 23:44 . 2012-10-05 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-23 16:24 . 2010-06-24 16:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-14 19:19 . 2012-10-10 23:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 23:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 07:39 . 2012-09-07 07:39 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-09-07 07:39 . 2012-09-07 07:39 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-09-07 07:39 . 2012-09-07 07:39 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-09-07 07:39 . 2012-09-07 07:39 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-09-07 07:39 . 2012-09-07 07:39 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-09-07 07:39 . 2012-09-07 07:39 491520 ----a-w- c:\windows\system32\mssph.dll
2012-09-07 07:39 . 2012-09-07 07:39 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-09-07 07:39 . 2012-09-07 07:39 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-09-07 07:39 . 2012-09-07 07:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-09-07 07:39 . 2012-09-07 07:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-09-07 07:39 . 2012-09-07 07:39 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-09-07 07:39 . 2012-09-07 07:39 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-09-07 07:39 . 2012-09-07 07:39 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-09-07 07:39 . 2012-09-07 07:39 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-09-07 07:39 . 2012-09-07 07:39 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-09-07 07:39 . 2012-09-07 07:39 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-09-07 07:39 . 2012-09-07 07:39 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-09-07 07:39 . 2012-09-07 07:39 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-07 07:39 . 2012-09-07 07:39 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-09-07 07:39 . 2012-09-07 07:39 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-07 07:39 . 2012-09-07 07:39 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-09-07 07:39 . 2012-09-07 07:39 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-09-07 07:39 . 2012-09-07 07:39 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-07 07:39 . 2012-09-07 07:39 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-09-07 07:39 . 2012-09-07 07:39 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-09-07 07:39 . 2012-09-07 07:39 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-09-07 07:39 . 2012-09-07 07:39 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-09-07 07:39 . 2012-09-07 07:39 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-09-07 07:39 . 2012-09-07 07:39 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-07 07:39 . 2012-09-07 07:39 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-07 07:39 . 2012-09-07 07:39 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-09-07 07:39 . 2012-09-07 07:39 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-07 07:39 . 2012-09-07 07:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-07 07:39 . 2012-09-07 07:39 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-07 07:39 . 2012-09-07 07:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-07 07:39 . 2012-09-07 07:39 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-09-07 07:39 . 2012-09-07 07:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-09-07 07:39 . 2012-09-07 07:39 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-07 07:39 . 2012-09-07 07:39 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-09-07 07:39 . 2012-09-07 07:39 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-09-07 07:39 . 2012-09-07 07:39 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-07 07:39 . 2012-09-07 07:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-09-07 07:39 . 2012-09-07 07:39 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-09-07 07:39 . 2012-09-07 07:39 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-09-07 07:39 . 2012-09-07 07:39 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-09-07 07:39 . 2012-09-07 07:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-09-07 07:39 . 2012-09-07 07:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-09-07 07:39 . 2012-09-07 07:39 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-09-07 07:39 . 2012-09-07 07:39 2871808 ----a-w- c:\windows\explorer.exe
2012-09-07 07:39 . 2012-09-07 07:39 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-09-07 07:39 . 2012-09-07 07:39 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-09-07 07:39 . 2012-09-07 07:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-07 07:39 . 2012-09-07 07:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-09-07 07:39 . 2012-09-07 07:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-09-07 07:39 . 2012-09-07 07:39 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-07 07:39 . 2012-09-07 07:39 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-09-07 07:39 . 2012-09-07 07:39 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-07 07:39 . 2012-09-07 07:39 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-07 07:39 . 2012-09-07 07:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-07 07:39 . 2012-09-07 07:39 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-07 07:39 . 2012-09-07 07:39 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-09-07 07:39 . 2012-09-07 07:39 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-07 07:39 . 2012-09-07 07:39 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-07 07:39 . 2012-09-07 07:39 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-09-07 07:39 . 2012-09-07 07:39 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-07 07:39 . 2012-09-07 07:39 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-07 07:39 . 2012-09-07 07:39 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-09-07 07:39 . 2012-09-07 07:39 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-09-07 07:39 . 2012-09-07 07:39 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-09-07 07:39 . 2012-09-07 07:39 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-09-07 07:39 . 2012-09-07 07:39 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-09-07 07:39 . 2012-09-07 07:39 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-09-07 07:39 . 2012-09-07 07:39 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-09-07 07:39 . 2012-09-07 07:39 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-09-07 07:39 . 2012-09-07 07:39 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-09-07 07:39 . 2012-09-07 07:39 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-09-07 07:39 . 2012-09-07 07:39 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-09-07 07:39 . 2012-09-07 07:39 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-09-07 07:39 . 2012-09-07 07:39 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-09-07 07:39 . 2012-09-07 07:39 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-09-07 07:39 . 2012-09-07 07:39 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-09-07 07:39 . 2012-09-07 07:39 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-09-07 07:39 . 2012-09-07 07:39 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-09-07 07:39 . 2012-09-07 07:39 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-09-07 07:39 . 2012-09-07 07:39 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-09-07 07:39 . 2012-09-07 07:39 106496 ----a-w- c:\windows\system32\odbccu32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
"!DPLauncher"="c:\program files (x86)\Microsoft\DefaultPack\DPLauncher.EXE" [2012-10-17 59952]
.
c:\users\Kaelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
R2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-01-21 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-27 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-25 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 05:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-03 08:33:39
ComboFix-quarantined-files.txt 2012-12-03 13:33
.
Pre-Run: 896,204,894,208 bytes free
Post-Run: 895,999,651,840 bytes free
.
- - End Of File - - B580C3567830B95DA8AF73AB66ED555C

Thanks,
chillndan
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#8
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, no problems running, reports:

12:54:54.0128 2172 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:54:56.0140 2172 ============================================================
12:54:56.0140 2172 Current date / time: 2012/12/03 12:54:56.0140
12:54:56.0140 2172 SystemInfo:
12:54:56.0140 2172
12:54:56.0140 2172 OS Version: 6.1.7601 ServicePack: 1.0
12:54:56.0140 2172 Product type: Workstation
12:54:56.0140 2172 ComputerName: CHANCEY03
12:54:56.0140 2172 UserName: Dan
12:54:56.0140 2172 Windows directory: C:\Windows
12:54:56.0140 2172 System windows directory: C:\Windows
12:54:56.0140 2172 Running under WOW64
12:54:56.0140 2172 Processor architecture: Intel x64
12:54:56.0140 2172 Number of processors: 8
12:54:56.0140 2172 Page size: 0x1000
12:54:56.0140 2172 Boot type: Safe boot with network
12:54:56.0140 2172 ============================================================
12:54:56.0390 2172 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:54:56.0406 2172 ============================================================
12:54:56.0406 2172 \Device\Harddisk0\DR0:
12:54:56.0406 2172 MBR partitions:
12:54:56.0406 2172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x3480000
12:54:56.0406 2172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3494000, BlocksNum 0x71272000
12:54:56.0406 2172 ============================================================
12:54:56.0421 2172 C: <-> \Device\Harddisk0\DR0\Partition2
12:54:56.0421 2172 ============================================================
12:54:56.0421 2172 Initialize success
12:54:56.0421 2172 ============================================================
12:55:07.0419 5084 ============================================================
12:55:07.0419 5084 Scan started
12:55:07.0419 5084 Mode: Manual;
12:55:07.0419 5084 ============================================================
12:55:07.0560 5084 ================ Scan system memory ========================
12:55:07.0560 5084 System memory - ok
12:55:07.0560 5084 ================ Scan services =============================
12:55:07.0669 5084 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:55:07.0669 5084 1394ohci - ok
12:55:07.0700 5084 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:55:07.0700 5084 ACPI - ok
12:55:07.0716 5084 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:55:07.0716 5084 AcpiPmi - ok
12:55:07.0825 5084 [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:55:07.0825 5084 AdobeFlashPlayerUpdateSvc - ok
12:55:07.0825 5084 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:55:07.0840 5084 adp94xx - ok
12:55:07.0840 5084 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:55:07.0840 5084 adpahci - ok
12:55:07.0856 5084 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:55:07.0856 5084 adpu320 - ok
12:55:07.0887 5084 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:55:07.0887 5084 AeLookupSvc - ok
12:55:07.0950 5084 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
12:55:07.0950 5084 AERTFilters - ok
12:55:07.0996 5084 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:55:07.0996 5084 AFD - ok
12:55:08.0012 5084 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:55:08.0012 5084 agp440 - ok
12:55:08.0028 5084 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:55:08.0028 5084 ALG - ok
12:55:08.0028 5084 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:55:08.0028 5084 aliide - ok
12:55:08.0059 5084 [ 812349D328EB406815183A5D17B49E7C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:55:08.0059 5084 AMD External Events Utility - ok
12:55:08.0059 5084 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:55:08.0059 5084 amdide - ok
12:55:08.0059 5084 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:55:08.0059 5084 AmdK8 - ok
12:55:08.0215 5084 [ 0415FFE1B6A6EA141FEAFCA57567F57F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:55:08.0308 5084 amdkmdag - ok
12:55:08.0324 5084 [ DC24D6F38F17C0D643D9AA8A6852F8D0 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:55:08.0340 5084 amdkmdap - ok
12:55:08.0355 5084 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:55:08.0355 5084 AmdPPM - ok
12:55:08.0386 5084 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:55:08.0386 5084 amdsata - ok
12:55:08.0402 5084 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:55:08.0402 5084 amdsbs - ok
12:55:08.0418 5084 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:55:08.0418 5084 amdxata - ok
12:55:08.0433 5084 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:55:08.0433 5084 AppID - ok
12:55:08.0449 5084 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:55:08.0464 5084 AppIDSvc - ok
12:55:08.0464 5084 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:55:08.0464 5084 Appinfo - ok
12:55:08.0558 5084 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:55:08.0558 5084 Apple Mobile Device - ok
12:55:08.0574 5084 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:55:08.0574 5084 arc - ok
12:55:08.0574 5084 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:55:08.0574 5084 arcsas - ok
12:55:08.0652 5084 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:55:08.0667 5084 aspnet_state - ok
12:55:08.0683 5084 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:55:08.0683 5084 AsyncMac - ok
12:55:08.0714 5084 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:55:08.0714 5084 atapi - ok
12:55:08.0745 5084 [ D0B119D6F52BDCA8D204F79D27690209 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys
12:55:08.0745 5084 AthBTPort - ok
12:55:08.0808 5084 [ D24159FA178DCCE3B41226640D5E9C8D ] AtherosSvc C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
12:55:08.0823 5084 AtherosSvc - ok
12:55:08.0854 5084 [ 3D68A1EEF77307142636AF5127990BCB ] athr C:\Windows\system32\DRIVERS\athrx.sys
12:55:08.0886 5084 athr - ok
12:55:08.0932 5084 [ 230CF51113CD4B830B3BFD09B0D4C066 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
12:55:08.0932 5084 AtiHDAudioService - ok
12:55:08.0964 5084 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:55:08.0979 5084 AudioEndpointBuilder - ok
12:55:08.0979 5084 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:55:08.0979 5084 AudioSrv - ok
12:55:09.0026 5084 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:55:09.0026 5084 AxInstSV - ok
12:55:09.0073 5084 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:55:09.0073 5084 b06bdrv - ok
12:55:09.0120 5084 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:55:09.0120 5084 b57nd60a - ok
12:55:09.0213 5084 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
12:55:09.0213 5084 BBSvc - ok
12:55:09.0229 5084 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
12:55:09.0229 5084 BBUpdate - ok
12:55:09.0229 5084 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:55:09.0229 5084 BDESVC - ok
12:55:09.0260 5084 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:55:09.0260 5084 Beep - ok
12:55:09.0307 5084 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:55:09.0307 5084 BFE - ok
12:55:09.0338 5084 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:55:09.0369 5084 BITS - ok
12:55:09.0400 5084 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:55:09.0400 5084 blbdrive - ok
12:55:09.0463 5084 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:55:09.0463 5084 Bonjour Service - ok
12:55:09.0494 5084 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:55:09.0494 5084 bowser - ok
12:55:09.0525 5084 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:55:09.0525 5084 BrFiltLo - ok
12:55:09.0525 5084 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:55:09.0525 5084 BrFiltUp - ok
12:55:09.0525 5084 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:55:09.0525 5084 BridgeMP - ok
12:55:09.0556 5084 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:55:09.0556 5084 Browser - ok
12:55:09.0556 5084 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:55:09.0556 5084 Brserid - ok
12:55:09.0556 5084 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:55:09.0556 5084 BrSerWdm - ok
12:55:09.0556 5084 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:55:09.0572 5084 BrUsbMdm - ok
12:55:09.0572 5084 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:55:09.0572 5084 BrUsbSer - ok
12:55:09.0619 5084 [ 50D912C86B924C397DEAE7C813E25B78 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys
12:55:09.0619 5084 BTATH_A2DP - ok
12:55:09.0634 5084 [ 486362291E8C2AABC3698FCB0052D042 ] btath_avdt C:\Windows\system32\drivers\btath_avdt.sys
12:55:09.0634 5084 btath_avdt - ok
12:55:09.0666 5084 [ E6B734A37ADE36FE1A77035F4E484C8C ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys
12:55:09.0666 5084 BTATH_BUS - ok
12:55:09.0666 5084 [ FB3833E63FF602B69C2FF085846DCF43 ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys
12:55:09.0666 5084 BTATH_HCRP - ok
12:55:09.0697 5084 [ 371A11C1333BA526263A987A93ACDE3D ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys
12:55:09.0697 5084 BTATH_LWFLT - ok
12:55:09.0712 5084 [ ABCD3C16CA850A7594CEB9AD5D966810 ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys
12:55:09.0712 5084 BTATH_RCP - ok
12:55:09.0759 5084 [ E2BC720E66DA3E51E41D47C12FE353F1 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys
12:55:09.0759 5084 BtFilter - ok
12:55:09.0790 5084 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:55:09.0790 5084 BthEnum - ok
12:55:09.0806 5084 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:55:09.0806 5084 BTHMODEM - ok
12:55:09.0822 5084 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:55:09.0822 5084 BthPan - ok
12:55:09.0837 5084 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:55:09.0837 5084 BTHPORT - ok
12:55:09.0868 5084 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:55:09.0868 5084 bthserv - ok
12:55:09.0884 5084 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:55:09.0884 5084 BTHUSB - ok
12:55:09.0900 5084 catchme - ok
12:55:09.0915 5084 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:55:09.0915 5084 cdfs - ok
12:55:09.0962 5084 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:55:09.0962 5084 cdrom - ok
12:55:09.0978 5084 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:55:09.0978 5084 CertPropSvc - ok
12:55:09.0993 5084 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
12:55:09.0993 5084 cfwids - ok
12:55:10.0009 5084 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:55:10.0009 5084 circlass - ok
12:55:10.0040 5084 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:55:10.0040 5084 CLFS - ok
12:55:10.0087 5084 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:55:10.0087 5084 clr_optimization_v2.0.50727_32 - ok
12:55:10.0102 5084 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:55:10.0102 5084 clr_optimization_v2.0.50727_64 - ok
12:55:10.0196 5084 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:55:10.0258 5084 clr_optimization_v4.0.30319_32 - ok
12:55:10.0274 5084 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:55:10.0290 5084 clr_optimization_v4.0.30319_64 - ok
12:55:10.0321 5084 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
12:55:10.0321 5084 CmBatt - ok
12:55:10.0321 5084 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:55:10.0321 5084 cmdide - ok
12:55:10.0352 5084 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:55:10.0352 5084 CNG - ok
12:55:10.0383 5084 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
12:55:10.0383 5084 Compbatt - ok
12:55:10.0399 5084 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:55:10.0399 5084 CompositeBus - ok
12:55:10.0414 5084 COMSysApp - ok
12:55:10.0414 5084 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:55:10.0414 5084 crcdisk - ok
12:55:10.0446 5084 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:55:10.0446 5084 CryptSvc - ok
12:55:10.0492 5084 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
12:55:10.0492 5084 ctxusbm - ok
12:55:10.0524 5084 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:55:10.0524 5084 DcomLaunch - ok
12:55:10.0555 5084 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:55:10.0555 5084 defragsvc - ok
12:55:10.0617 5084 [ 88D5FE2109F1A52CF69BA410082A833A ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
12:55:10.0617 5084 DellDigitalDelivery - ok
12:55:10.0617 5084 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:55:10.0617 5084 DfsC - ok
12:55:10.0664 5084 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:55:10.0664 5084 Dhcp - ok
12:55:10.0664 5084 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:55:10.0664 5084 discache - ok
12:55:10.0695 5084 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:55:10.0695 5084 Disk - ok
12:55:10.0711 5084 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:55:10.0711 5084 Dnscache - ok
12:55:10.0726 5084 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:55:10.0726 5084 dot3svc - ok
12:55:10.0742 5084 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:55:10.0742 5084 DPS - ok
12:55:10.0773 5084 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:55:10.0773 5084 drmkaud - ok
12:55:10.0789 5084 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:55:10.0804 5084 DXGKrnl - ok
12:55:10.0820 5084 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:55:10.0820 5084 EapHost - ok
12:55:10.0867 5084 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:55:10.0898 5084 ebdrv - ok
12:55:10.0929 5084 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:55:10.0929 5084 EFS - ok
12:55:10.0976 5084 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:55:10.0976 5084 ehRecvr - ok
12:55:10.0992 5084 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:55:10.0992 5084 ehSched - ok
12:55:11.0023 5084 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:55:11.0023 5084 elxstor - ok
12:55:11.0023 5084 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:55:11.0023 5084 ErrDev - ok
12:55:11.0070 5084 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:55:11.0070 5084 EventSystem - ok
12:55:11.0070 5084 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:55:11.0070 5084 exfat - ok
12:55:11.0101 5084 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:55:11.0101 5084 fastfat - ok
12:55:11.0132 5084 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:55:11.0132 5084 Fax - ok
12:55:11.0148 5084 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:55:11.0148 5084 fdc - ok
12:55:11.0163 5084 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:55:11.0163 5084 fdPHost - ok
12:55:11.0194 5084 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:55:11.0194 5084 FDResPub - ok
12:55:11.0194 5084 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:55:11.0194 5084 FileInfo - ok
12:55:11.0210 5084 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:55:11.0210 5084 Filetrace - ok
12:55:11.0226 5084 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:55:11.0226 5084 flpydisk - ok
12:55:11.0241 5084 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:55:11.0241 5084 FltMgr - ok
12:55:11.0272 5084 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:55:11.0272 5084 FontCache - ok
12:55:11.0335 5084 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:55:11.0335 5084 FontCache3.0.0.0 - ok
12:55:11.0335 5084 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:55:11.0335 5084 FsDepends - ok
12:55:11.0350 5084 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:55:11.0350 5084 Fs_Rec - ok
12:55:11.0366 5084 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:55:11.0366 5084 fvevol - ok
12:55:11.0382 5084 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:55:11.0382 5084 gagp30kx - ok
12:55:11.0397 5084 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:55:11.0397 5084 GEARAspiWDM - ok
12:55:11.0429 5084 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:55:11.0444 5084 gpsvc - ok
12:55:11.0460 5084 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:55:11.0460 5084 hcw85cir - ok
12:55:11.0475 5084 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:55:11.0475 5084 HDAudBus - ok
12:55:11.0491 5084 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:55:11.0491 5084 HidBatt - ok
12:55:11.0491 5084 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:55:11.0491 5084 HidBth - ok
12:55:11.0491 5084 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:55:11.0491 5084 HidIr - ok
12:55:11.0522 5084 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:55:11.0522 5084 hidserv - ok
12:55:11.0553 5084 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:55:11.0553 5084 HidUsb - ok
12:55:11.0553 5084 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:55:11.0553 5084 hkmsvc - ok
12:55:11.0569 5084 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:55:11.0569 5084 HomeGroupListener - ok
12:55:11.0600 5084 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:55:11.0600 5084 HomeGroupProvider - ok
12:55:11.0600 5084 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:55:11.0600 5084 HpSAMD - ok
12:55:11.0647 5084 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:55:11.0647 5084 HTTP - ok
12:55:11.0678 5084 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:55:11.0678 5084 hwpolicy - ok
12:55:11.0709 5084 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:55:11.0709 5084 i8042prt - ok
12:55:11.0725 5084 [ D1753C06EE17E29352B065EACF3F10D0 ] iaStor C:\Windows\system32\drivers\iaStor.sys
12:55:11.0725 5084 iaStor - ok
12:55:11.0803 5084 [ 545462D0DBE24AF379BA869B7C185CCD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
12:55:11.0803 5084 IAStorDataMgrSvc - ok
12:55:11.0819 5084 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:55:11.0834 5084 iaStorV - ok
12:55:11.0865 5084 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:55:11.0865 5084 idsvc - ok
12:55:11.0881 5084 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:55:11.0881 5084 iirsp - ok
12:55:11.0897 5084 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:55:11.0897 5084 IKEEXT - ok
12:55:11.0959 5084 [ 40FB2F6CEB3FC935EC18D656D2758CD4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:55:12.0021 5084 IntcAzAudAddService - ok
12:55:12.0053 5084 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
12:55:12.0053 5084 IntcDAud - ok
12:55:12.0099 5084 [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
12:55:12.0099 5084 Intel® Capability Licensing Service Interface - ok
12:55:12.0115 5084 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:55:12.0115 5084 intelide - ok
12:55:12.0131 5084 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:55:12.0131 5084 intelppm - ok
12:55:12.0146 5084 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:55:12.0146 5084 IPBusEnum - ok
12:55:12.0146 5084 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:55:12.0146 5084 IpFilterDriver - ok
12:55:12.0162 5084 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:55:12.0162 5084 iphlpsvc - ok
12:55:12.0177 5084 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:55:12.0177 5084 IPMIDRV - ok
12:55:12.0193 5084 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:55:12.0193 5084 IPNAT - ok
12:55:12.0224 5084 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:55:12.0240 5084 iPod Service - ok
12:55:12.0271 5084 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:55:12.0271 5084 IRENUM - ok
12:55:12.0271 5084 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:55:12.0271 5084 isapnp - ok
12:55:12.0287 5084 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:55:12.0287 5084 iScsiPrt - ok
12:55:12.0333 5084 [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
12:55:12.0333 5084 iusb3hcs - ok
12:55:12.0365 5084 [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
12:55:12.0365 5084 iusb3hub - ok
12:55:12.0396 5084 [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
12:55:12.0396 5084 iusb3xhc - ok
12:55:12.0427 5084 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:55:12.0427 5084 kbdclass - ok
12:55:12.0443 5084 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:55:12.0443 5084 kbdhid - ok
12:55:12.0458 5084 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:55:12.0458 5084 KeyIso - ok
12:55:12.0474 5084 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:55:12.0474 5084 KSecDD - ok
12:55:12.0489 5084 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:55:12.0489 5084 KSecPkg - ok
12:55:12.0505 5084 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:55:12.0505 5084 ksthunk - ok
12:55:12.0521 5084 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:55:12.0521 5084 KtmRm - ok
12:55:12.0552 5084 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:55:12.0567 5084 LanmanServer - ok
12:55:12.0583 5084 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:55:12.0583 5084 LanmanWorkstation - ok
12:55:12.0630 5084 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:55:12.0630 5084 lltdio - ok
12:55:12.0645 5084 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:55:12.0645 5084 lltdsvc - ok
12:55:12.0661 5084 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:55:12.0661 5084 lmhosts - ok
12:55:12.0708 5084 [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:55:12.0708 5084 LMS - ok
12:55:12.0739 5084 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:55:12.0739 5084 LSI_FC - ok
12:55:12.0755 5084 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:55:12.0755 5084 LSI_SAS - ok
12:55:12.0755 5084 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:55:12.0755 5084 LSI_SAS2 - ok
12:55:12.0770 5084 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:55:12.0770 5084 LSI_SCSI - ok
12:55:12.0786 5084 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:55:12.0786 5084 luafv - ok
12:55:12.0879 5084 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys
12:55:12.0926 5084 LVUVC64 - ok
12:55:12.0973 5084 [ 9504F1DDA1B67FB8D526FD4F8CC882F3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
12:55:12.0973 5084 McAWFwk - ok
12:55:13.0035 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:55:13.0035 5084 McMPFSvc - ok
12:55:13.0051 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:13.0051 5084 mcmscsvc - ok
12:55:13.0051 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:13.0051 5084 McNaiAnn - ok
12:55:13.0051 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:13.0051 5084 McNASvc - ok
12:55:13.0098 5084 [ 44D0DA102FA7A1BE22FD7499E80DCF9B ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
12:55:13.0098 5084 McODS - ok
12:55:13.0098 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:13.0098 5084 McOobeSv - ok
12:55:13.0098 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
12:55:13.0098 5084 McProxy - ok
12:55:13.0145 5084 [ 597C77235621E7DDD32A68574FDE6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
12:55:13.0145 5084 McShield - ok
12:55:13.0160 5084 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:55:13.0160 5084 Mcx2Svc - ok
12:55:13.0191 5084 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:55:13.0191 5084 megasas - ok
12:55:13.0191 5084 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:55:13.0191 5084 MegaSR - ok
12:55:13.0238 5084 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:55:13.0238 5084 MEIx64 - ok
12:55:13.0269 5084 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
12:55:13.0269 5084 mfeapfk - ok
12:55:13.0301 5084 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
12:55:13.0301 5084 mfeavfk - ok
12:55:13.0316 5084 [ 134BB16F93A07C2C89B0B9C399382BDB ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:55:13.0316 5084 mfefire - ok
12:55:13.0332 5084 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
12:55:13.0332 5084 mfefirek - ok
12:55:13.0363 5084 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
12:55:13.0363 5084 mfehidk - ok
12:55:13.0379 5084 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
12:55:13.0379 5084 mfenlfk - ok
12:55:13.0394 5084 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
12:55:13.0394 5084 mferkdet - ok
12:55:13.0425 5084 [ 4D0ECD05ABB518EA323F651F4AB8458F ] mfevtp C:\Windows\system32\mfevtps.exe
12:55:13.0425 5084 mfevtp - ok
12:55:13.0425 5084 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
12:55:13.0441 5084 mfewfpk - ok
12:55:13.0457 5084 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:55:13.0457 5084 MMCSS - ok
12:55:13.0457 5084 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:55:13.0457 5084 Modem - ok
12:55:13.0472 5084 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:55:13.0472 5084 monitor - ok
12:55:13.0503 5084 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:55:13.0503 5084 mouclass - ok
12:55:13.0535 5084 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:55:13.0535 5084 mouhid - ok
12:55:13.0550 5084 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:55:13.0550 5084 mountmgr - ok
12:55:13.0566 5084 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:55:13.0566 5084 mpio - ok
12:55:13.0597 5084 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:55:13.0597 5084 mpsdrv - ok
12:55:13.0628 5084 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:55:13.0628 5084 MpsSvc - ok
12:55:13.0628 5084 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:55:13.0628 5084 MRxDAV - ok
12:55:13.0644 5084 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:55:13.0644 5084 mrxsmb - ok
12:55:13.0644 5084 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:55:13.0644 5084 mrxsmb10 - ok
12:55:13.0659 5084 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:55:13.0659 5084 mrxsmb20 - ok
12:55:13.0675 5084 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:55:13.0675 5084 msahci - ok
12:55:13.0691 5084 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:55:13.0706 5084 msdsm - ok
12:55:13.0706 5084 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:55:13.0706 5084 MSDTC - ok
12:55:13.0722 5084 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:55:13.0722 5084 Msfs - ok
12:55:13.0737 5084 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:55:13.0737 5084 mshidkmdf - ok
12:55:13.0753 5084 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:55:13.0753 5084 msisadrv - ok
12:55:13.0784 5084 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:55:13.0784 5084 MSiSCSI - ok
12:55:13.0784 5084 msiserver - ok
12:55:13.0800 5084 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
12:55:13.0800 5084 MSK80Service - ok
12:55:13.0815 5084 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:55:13.0815 5084 MSKSSRV - ok
12:55:13.0831 5084 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:55:13.0831 5084 MSPCLOCK - ok
12:55:13.0831 5084 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:55:13.0831 5084 MSPQM - ok
12:55:13.0862 5084 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:55:13.0862 5084 MsRPC - ok
12:55:13.0862 5084 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:55:13.0862 5084 mssmbios - ok
12:55:13.0878 5084 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:55:13.0878 5084 MSTEE - ok
12:55:13.0878 5084 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:55:13.0878 5084 MTConfig - ok
12:55:13.0893 5084 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:55:13.0893 5084 Mup - ok
12:55:13.0909 5084 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:55:13.0909 5084 napagent - ok
12:55:13.0940 5084 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:55:13.0940 5084 NativeWifiP - ok
12:55:13.0971 5084 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:55:13.0987 5084 NDIS - ok
12:55:14.0003 5084 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:55:14.0003 5084 NdisCap - ok
12:55:14.0034 5084 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:55:14.0034 5084 NdisTapi - ok
12:55:14.0065 5084 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:55:14.0065 5084 Ndisuio - ok
12:55:14.0081 5084 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:55:14.0081 5084 NdisWan - ok
12:55:14.0081 5084 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:55:14.0081 5084 NDProxy - ok
12:55:14.0112 5084 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:55:14.0112 5084 NetBIOS - ok
12:55:14.0127 5084 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:55:14.0127 5084 NetBT - ok
12:55:14.0127 5084 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:55:14.0127 5084 Netlogon - ok
12:55:14.0174 5084 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:55:14.0174 5084 Netman - ok
12:55:14.0205 5084 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:55:14.0268 5084 NetMsmqActivator - ok
12:55:14.0268 5084 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:55:14.0268 5084 NetPipeActivator - ok
12:55:14.0283 5084 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:55:14.0283 5084 netprofm - ok
12:55:14.0283 5084 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:55:14.0283 5084 NetTcpActivator - ok
12:55:14.0283 5084 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:55:14.0283 5084 NetTcpPortSharing - ok
12:55:14.0315 5084 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:55:14.0315 5084 nfrd960 - ok
12:55:14.0346 5084 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:55:14.0346 5084 NlaSvc - ok
12:55:14.0424 5084 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
12:55:14.0455 5084 NOBU - ok
12:55:14.0502 5084 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:55:14.0502 5084 Npfs - ok
12:55:14.0502 5084 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:55:14.0502 5084 nsi - ok
12:55:14.0517 5084 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:55:14.0517 5084 nsiproxy - ok
12:55:14.0549 5084 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:55:14.0549 5084 Ntfs - ok
12:55:14.0564 5084 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:55:14.0564 5084 Null - ok
12:55:14.0595 5084 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:55:14.0595 5084 nvraid - ok
12:55:14.0611 5084 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:55:14.0611 5084 nvstor - ok
12:55:14.0627 5084 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:55:14.0627 5084 nv_agp - ok
12:55:14.0627 5084 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:55:14.0627 5084 ohci1394 - ok
12:55:14.0673 5084 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:55:14.0673 5084 ose - ok
12:55:14.0767 5084 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:55:14.0829 5084 osppsvc - ok
12:55:14.0861 5084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:55:14.0876 5084 p2pimsvc - ok
12:55:14.0876 5084 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:55:14.0876 5084 p2psvc - ok
12:55:14.0892 5084 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:55:14.0892 5084 Parport - ok
12:55:14.0892 5084 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:55:14.0892 5084 partmgr - ok
12:55:14.0907 5084 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:55:14.0907 5084 PcaSvc - ok
12:55:14.0907 5084 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:55:14.0923 5084 pci - ok
12:55:14.0939 5084 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:55:14.0939 5084 pciide - ok
12:55:14.0970 5084 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:55:14.0970 5084 pcmcia - ok
12:55:14.0970 5084 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:55:14.0970 5084 pcw - ok
12:55:14.0985 5084 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:55:14.0985 5084 PEAUTH - ok
12:55:15.0063 5084 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:55:15.0079 5084 PerfHost - ok
12:55:15.0110 5084 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:55:15.0110 5084 pla - ok
12:55:15.0157 5084 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:55:15.0173 5084 PlugPlay - ok
12:55:15.0188 5084 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:55:15.0204 5084 PNRPAutoReg - ok
12:55:15.0204 5084 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:55:15.0204 5084 PNRPsvc - ok
12:55:15.0219 5084 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:55:15.0235 5084 PolicyAgent - ok
12:55:15.0297 5084 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll
12:55:15.0297 5084 Power - ok
12:55:15.0329 5084 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:55:15.0329 5084 PptpMiniport - ok
12:55:15.0329 5084 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:55:15.0329 5084 Processor - ok
12:55:15.0375 5084 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:55:15.0375 5084 ProfSvc - ok
12:55:15.0375 5084 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:55:15.0375 5084 ProtectedStorage - ok
12:55:15.0407 5084 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:55:15.0407 5084 Psched - ok
12:55:15.0438 5084 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:55:15.0453 5084 ql2300 - ok
12:55:15.0453 5084 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:55:15.0453 5084 ql40xx - ok
12:55:15.0469 5084 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:55:15.0469 5084 QWAVE - ok
12:55:15.0485 5084 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:55:15.0485 5084 QWAVEdrv - ok
12:55:15.0485 5084 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:55:15.0485 5084 RasAcd - ok
12:55:15.0516 5084 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:55:15.0516 5084 RasAgileVpn - ok
12:55:15.0516 5084 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:55:15.0531 5084 RasAuto - ok
12:55:15.0531 5084 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:55:15.0531 5084 Rasl2tp - ok
12:55:15.0547 5084 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:55:15.0547 5084 RasMan - ok
12:55:15.0547 5084 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:55:15.0547 5084 RasPppoe - ok
12:55:15.0563 5084 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:55:15.0563 5084 RasSstp - ok
12:55:15.0578 5084 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:55:15.0578 5084 rdbss - ok
12:55:15.0594 5084 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:55:15.0594 5084 rdpbus - ok
12:55:15.0609 5084 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:55:15.0609 5084 RDPCDD - ok
12:55:15.0625 5084 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:55:15.0625 5084 RDPENCDD - ok
12:55:15.0641 5084 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:55:15.0641 5084 RDPREFMP - ok
12:55:15.0656 5084 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:55:15.0656 5084 RDPWD - ok
12:55:15.0672 5084 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:55:15.0672 5084 rdyboost - ok
12:55:15.0687 5084 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:55:15.0687 5084 RemoteAccess - ok
12:55:15.0687 5084 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:55:15.0703 5084 RemoteRegistry - ok
12:55:15.0734 5084 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:55:15.0734 5084 RFCOMM - ok
12:55:15.0750 5084 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:55:15.0765 5084 RpcEptMapper - ok
12:55:15.0765 5084 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:55:15.0765 5084 RpcLocator - ok
12:55:15.0797 5084 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
12:55:15.0797 5084 RpcSs - ok
12:55:15.0812 5084 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:55:15.0812 5084 rspndr - ok
12:55:15.0843 5084 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:55:15.0859 5084 RTL8167 - ok
12:55:15.0859 5084 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:55:15.0859 5084 SamSs - ok
12:55:15.0875 5084 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:55:15.0875 5084 sbp2port - ok
12:55:15.0906 5084 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:55:15.0906 5084 SCardSvr - ok
12:55:15.0921 5084 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:55:15.0921 5084 scfilter - ok
12:55:15.0937 5084 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:55:15.0937 5084 Schedule - ok
12:55:15.0968 5084 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:55:15.0968 5084 SCPolicySvc - ok
12:55:15.0968 5084 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:55:15.0968 5084 SDRSVC - ok
12:55:15.0999 5084 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:55:15.0999 5084 secdrv - ok
12:55:16.0015 5084 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:55:16.0015 5084 seclogon - ok
12:55:16.0015 5084 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:55:16.0015 5084 SENS - ok
12:55:16.0031 5084 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:55:16.0031 5084 SensrSvc - ok
12:55:16.0046 5084 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:55:16.0046 5084 Serenum - ok
12:55:16.0046 5084 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:55:16.0046 5084 Serial - ok
12:55:16.0046 5084 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:55:16.0046 5084 sermouse - ok
12:55:16.0062 5084 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:55:16.0062 5084 SessionEnv - ok
12:55:16.0062 5084 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:55:16.0077 5084 sffdisk - ok
12:55:16.0077 5084 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:55:16.0077 5084 sffp_mmc - ok
12:55:16.0077 5084 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:55:16.0077 5084 sffp_sd - ok
12:55:16.0077 5084 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:55:16.0077 5084 sfloppy - ok
12:55:16.0140 5084 [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:55:16.0155 5084 SftService - ok
12:55:16.0171 5084 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:55:16.0171 5084 SharedAccess - ok
12:55:16.0187 5084 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:55:16.0187 5084 ShellHWDetection - ok
12:55:16.0187 5084 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:55:16.0202 5084 SiSRaid2 - ok
12:55:16.0202 5084 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:55:16.0202 5084 SiSRaid4 - ok
12:55:16.0249 5084 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
12:55:16.0249 5084 SkypeUpdate - ok
12:55:16.0265 5084 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:55:16.0265 5084 Smb - ok
12:55:16.0280 5084 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:55:16.0280 5084 SNMPTRAP - ok
12:55:16.0296 5084 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:55:16.0296 5084 spldr - ok
12:55:16.0327 5084 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:55:16.0343 5084 Spooler - ok
12:55:16.0374 5084 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:55:16.0421 5084 sppsvc - ok
12:55:16.0436 5084 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:55:16.0436 5084 sppuinotify - ok
12:55:16.0467 5084 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:55:16.0467 5084 srv - ok
12:55:16.0483 5084 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:55:16.0483 5084 srv2 - ok
12:55:16.0499 5084 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:55:16.0499 5084 srvnet - ok
12:55:16.0530 5084 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:55:16.0530 5084 SSDPSRV - ok
12:55:16.0545 5084 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:55:16.0545 5084 SstpSvc - ok
12:55:16.0561 5084 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:55:16.0561 5084 stexstor - ok
12:55:16.0592 5084 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:55:16.0592 5084 stisvc - ok
12:55:16.0608 5084 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
12:55:16.0608 5084 swenum - ok
12:55:16.0639 5084 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:55:16.0639 5084 swprv - ok
12:55:16.0670 5084 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:55:16.0686 5084 SysMain - ok
12:55:16.0701 5084 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:55:16.0701 5084 TabletInputService - ok
12:55:16.0717 5084 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:55:16.0717 5084 TapiSrv - ok
12:55:16.0717 5084 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:55:16.0717 5084 TBS - ok
12:55:16.0748 5084 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:55:16.0764 5084 Tcpip - ok
12:55:16.0795 5084 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:55:16.0811 5084 TCPIP6 - ok
12:55:16.0826 5084 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:55:16.0826 5084 tcpipreg - ok
12:55:16.0842 5084 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:55:16.0842 5084 TDPIPE - ok
12:55:16.0842 5084 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:55:16.0842 5084 TDTCP - ok
12:55:16.0873 5084 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:55:16.0889 5084 tdx - ok
12:55:16.0889 5084 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
12:55:16.0889 5084 TermDD - ok
12:55:16.0904 5084 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:55:16.0904 5084 TermService - ok
12:55:16.0920 5084 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:55:16.0920 5084 Themes - ok
12:55:16.0920 5084 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:55:16.0920 5084 THREADORDER - ok
12:55:16.0935 5084 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:55:16.0935 5084 TrkWks - ok
12:55:16.0967 5084 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:55:16.0967 5084 TrustedInstaller - ok
12:55:16.0982 5084 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:55:16.0982 5084 tssecsrv - ok
12:55:16.0998 5084 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:55:17.0013 5084 TsUsbFlt - ok
12:55:17.0013 5084 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
12:55:17.0013 5084 TsUsbGD - ok
12:55:17.0029 5084 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:55:17.0029 5084 tunnel - ok
12:55:17.0045 5084 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
12:55:17.0045 5084 uagp35 - ok
12:55:17.0045 5084 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:55:17.0045 5084 udfs - ok
12:55:17.0060 5084 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:55:17.0060 5084 UI0Detect - ok
12:55:17.0060 5084 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:55:17.0060 5084 uliagpkx - ok
12:55:17.0076 5084 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
12:55:17.0076 5084 umbus - ok
12:55:17.0076 5084 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
12:55:17.0076 5084 UmPass - ok
12:55:17.0107 5084 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
12:55:17.0107 5084 UMVPFSrv - ok
12:55:17.0169 5084 [ 0DFC9713D117B349E41A2A477448107A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:55:17.0169 5084 UNS - ok
12:55:17.0185 5084 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:55:17.0185 5084 upnphost - ok
12:55:17.0216 5084 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
12:55:17.0216 5084 USBAAPL64 - ok
12:55:17.0247 5084 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:55:17.0247 5084 usbccgp - ok
12:55:17.0263 5084 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:55:17.0263 5084 usbcir - ok
12:55:17.0279 5084 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
12:55:17.0279 5084 usbehci - ok
12:55:17.0310 5084 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:55:17.0325 5084 usbhub - ok
12:55:17.0357 5084 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:55:17.0357 5084 usbohci - ok
12:55:17.0388 5084 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:55:17.0388 5084 usbprint - ok
12:55:17.0388 5084 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:55:17.0388 5084 USBSTOR - ok
12:55:17.0403 5084 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:55:17.0403 5084 usbuhci - ok
12:55:17.0435 5084 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
12:55:17.0450 5084 usbvideo - ok
12:55:17.0450 5084 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:55:17.0450 5084 UxSms - ok
12:55:17.0466 5084 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:55:17.0466 5084 VaultSvc - ok
12:55:17.0481 5084 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:55:17.0481 5084 vdrvroot - ok
12:55:17.0497 5084 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:55:17.0497 5084 vds - ok
12:55:17.0497 5084 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:55:17.0497 5084 vga - ok
12:55:17.0513 5084 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:55:17.0513 5084 VgaSave - ok
12:55:17.0528 5084 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:55:17.0528 5084 vhdmp - ok
12:55:17.0528 5084 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:55:17.0528 5084 viaide - ok
12:55:17.0528 5084 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:55:17.0528 5084 volmgr - ok
12:55:17.0544 5084 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:55:17.0559 5084 volmgrx - ok
12:55:17.0575 5084 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:55:17.0575 5084 volsnap - ok
12:55:17.0575 5084 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
12:55:17.0591 5084 vsmraid - ok
12:55:17.0622 5084 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:55:17.0637 5084 VSS - ok
12:55:17.0669 5084 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
12:55:17.0669 5084 vwifibus - ok
12:55:17.0700 5084 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
12:55:17.0700 5084 vwififlt - ok
12:55:17.0700 5084 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:55:17.0700 5084 W32Time - ok
12:55:17.0715 5084 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
12:55:17.0715 5084 WacomPen - ok
12:55:17.0731 5084 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:55:17.0731 5084 WANARP - ok
12:55:17.0731 5084 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:55:17.0731 5084 Wanarpv6 - ok
12:55:17.0778 5084 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
12:55:17.0793 5084 WatAdminSvc - ok
12:55:17.0825 5084 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:55:17.0825 5084 wbengine - ok
12:55:17.0840 5084 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:55:17.0840 5084 WbioSrvc - ok
12:55:17.0856 5084 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:55:17.0856 5084 wcncsvc - ok
12:55:17.0856 5084 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:55:17.0856 5084 WcsPlugInService - ok
12:55:17.0856 5084 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
12:55:17.0856 5084 Wd - ok
12:55:17.0887 5084 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:55:17.0887 5084 Wdf01000 - ok
12:55:17.0903 5084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:55:17.0903 5084 WdiServiceHost - ok
12:55:17.0903 5084 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:55:17.0903 5084 WdiSystemHost - ok
12:55:17.0918 5084 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:55:17.0918 5084 WebClient - ok
12:55:17.0918 5084 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:55:17.0918 5084 Wecsvc - ok
12:55:17.0934 5084 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:55:17.0934 5084 wercplsupport - ok
12:55:17.0965 5084 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:55:17.0965 5084 WerSvc - ok
12:55:17.0981 5084 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:55:17.0981 5084 WfpLwf - ok
12:55:17.0996 5084 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
12:55:18.0012 5084 WimFltr - ok
12:55:18.0012 5084 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:55:18.0012 5084 WIMMount - ok
12:55:18.0027 5084 WinDefend - ok
12:55:18.0027 5084 WinHttpAutoProxySvc - ok
12:55:18.0074 5084 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:55:18.0074 5084 Winmgmt - ok
12:55:18.0105 5084 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:55:18.0137 5084 WinRM - ok
12:55:18.0168 5084 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
12:55:18.0168 5084 WinUsb - ok
12:55:18.0183 5084 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:55:18.0199 5084 Wlansvc - ok
12:55:18.0215 5084 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:55:18.0215 5084 wlcrasvc - ok
12:55:18.0261 5084 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:55:18.0293 5084 wlidsvc - ok
12:55:18.0293 5084 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:55:18.0293 5084 WmiAcpi - ok
12:55:18.0293 5084 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:55:18.0308 5084 wmiApSrv - ok
12:55:18.0308 5084 WMPNetworkSvc - ok
12:55:18.0324 5084 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:55:18.0324 5084 WPCSvc - ok
12:55:18.0324 5084 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:55:18.0324 5084 WPDBusEnum - ok
12:55:18.0339 5084 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:55:18.0339 5084 ws2ifsl - ok
12:55:18.0339 5084 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:55:18.0339 5084 wscsvc - ok
12:55:18.0339 5084 WSearch - ok
12:55:18.0402 5084 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:55:18.0433 5084 wuauserv - ok
12:55:18.0449 5084 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:55:18.0449 5084 WudfPf - ok
12:55:18.0480 5084 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:55:18.0480 5084 WUDFRd - ok
12:55:18.0495 5084 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:55:18.0495 5084 wudfsvc - ok
12:55:18.0527 5084 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:55:18.0527 5084 WwanSvc - ok
12:55:18.0573 5084 [ D83C2FF7EA53E66B8EA7901D710494EA ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
12:55:18.0573 5084 ZAtheros Bt&Wlan Coex Agent - ok
12:55:18.0605 5084 [ A3E1CEB2AFA02268DDD6522BA24B8F0E ] ZAtheros Wlan Agent C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
12:55:18.0605 5084 ZAtheros Wlan Agent - ok
12:55:18.0651 5084 ================ Scan global ===============================
12:55:18.0667 5084 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:55:18.0683 5084 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:55:18.0683 5084 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
12:55:18.0698 5084 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:55:18.0714 5084 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:55:18.0714 5084 [Global] - ok
12:55:18.0714 5084 ================ Scan MBR ==================================
12:55:18.0714 5084 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
12:55:18.0714 5084 Suspicious mbr (Forged): \Device\Harddisk0\DR0
12:55:18.0776 5084 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
12:55:18.0776 5084 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
12:55:18.0776 5084 ================ Scan VBR ==================================
12:55:18.0776 5084 [ CECDAF42A18B14FB150B204928411B82 ] \Device\Harddisk0\DR0\Partition1
12:55:18.0776 5084 \Device\Harddisk0\DR0\Partition1 - ok
12:55:18.0792 5084 [ C01FD5C53B3A1CC1B4DE6E365DBB0AE7 ] \Device\Harddisk0\DR0\Partition2
12:55:18.0792 5084 \Device\Harddisk0\DR0\Partition2 - ok
12:55:18.0792 5084 ============================================================
12:55:18.0792 5084 Scan finished
12:55:18.0792 5084 ============================================================
12:55:18.0792 4868 Detected object count: 1
12:55:18.0792 4868 Actual detected object count: 1
12:56:25.0217 4868 \Device\Harddisk0\DR0\# - copied to quarantine
12:56:25.0217 4868 \Device\Harddisk0\DR0 - copied to quarantine
12:56:25.0248 4868 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
12:56:25.0248 4868 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
12:56:25.0263 4868 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
12:56:25.0279 4868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
12:56:25.0279 4868 \Device\Harddisk0\DR0 - ok
12:56:25.0310 4868 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
12:56:31.0254 3400 Deinitialize success

Next one:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 12:59:09
-----------------------------
12:59:09.213 OS Version: Windows x64 6.1.7601 Service Pack 1
12:59:09.213 Number of processors: 8 586 0x3A09
12:59:09.213 ComputerName: CHANCEY03 UserName: Dan
12:59:10.227 Initialize success
13:00:01.692 AVAST engine defs: 12120300
13:01:24.419 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:01:24.419 Disk 0 Vendor: WDC_WD10 19.0 Size: 953869MB BusType: 3
13:01:24.434 Disk 0 MBR read successfully
13:01:24.434 Disk 0 MBR scan
13:01:24.434 Disk 0 Windows VISTA default MBR code
13:01:24.434 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
13:01:24.450 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 26880 MB offset 81920
13:01:24.450 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 926948 MB offset 55132160
13:01:24.466 Disk 0 scanning C:\Windows\system32\drivers
13:01:29.161 Service scanning
13:01:39.176 Modules scanning
13:01:39.176 Disk 0 trace - called modules:
13:01:39.192 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:01:39.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009a8e060]
13:01:39.192 3 CLASSPNP.SYS[fffff88001c0143f] -> nt!IofCallDriver -> [0xfffffa800713e910]
13:01:39.192 5 ACPI.sys[fffff88000fa37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007141050]
13:01:40.674 AVAST engine scan C:\Windows
13:01:42.702 AVAST engine scan C:\Windows\system32
13:03:07.083 AVAST engine scan C:\Windows\system32\drivers
13:03:13.120 AVAST engine scan C:\Users\Dan
13:03:48.033 AVAST engine scan C:\ProgramData
13:04:15.879 Scan finished successfully
13:04:58.654 Disk 0 MBR has been saved successfully to "C:\Users\Dan\Downloads\MBR.dat"
13:04:58.670 The log file has been saved successfully to "C:\Users\Dan\Downloads\aswMBR.txt"


Thanks,
chillndan
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#10
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Report from Combofix:

ComboFix 12-12-02.01 - Dan 12/03/2012 17:00:38.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8155.6785 [GMT -5:00]
Running from: c:\users\Dan\Downloads\ComboFix.exe
Command switches used :: c:\users\Dan\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dan\AppData\Local\Temp\{B1D0DC5F-9F6D-4A06-BA57-0D6FA8079AF6}\fpb.tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-03 to 2012-12-03 )))))))))))))))))))))))))))))))
.
.
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\users\Sue\AppData\Local\temp
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\users\Kaelin\AppData\Local\temp
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\users\Hallie\AppData\Local\temp
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-03 22:03 . 2012-12-03 22:03 -------- d-----w- c:\users\Dani\AppData\Local\temp
2012-12-03 17:56 . 2012-12-03 17:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-29 02:58 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-29 02:58 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-29 02:58 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-29 02:58 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-29 02:54 . 2012-10-08 12:19 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-29 02:54 . 2012-10-08 11:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-29 02:54 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-29 02:54 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-29 02:54 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-29 02:54 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-29 02:54 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-29 02:54 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-29 02:54 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-28 21:19 . 2012-11-28 21:19 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Malwarebytes
2012-11-28 00:49 . 2012-11-28 00:49 -------- d-----w- c:\users\Dan\AppData\Local\CrashDumps
2012-11-28 00:05 . 2012-12-03 14:38 -------- d-----w- c:\users\Dan\AppData\Local\ElevatedDiagnostics
2012-11-27 11:01 . 2012-12-03 12:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-27 11:00 . 2012-11-27 11:00 -------- d-----w- c:\users\Dan\AppData\Local\Programs
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\users\Dan\AppData\Roaming\Malwarebytes
2012-11-27 01:43 . 2010-01-07 21:07 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-27 01:43 . 2012-11-27 01:43 -------- d-----w- c:\programdata\Malwarebytes
2012-11-27 01:43 . 2010-01-07 21:07 22104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-20 01:10 . 2012-11-20 01:10 -------- d-----w- c:\program files\Common Files\logishrd
2012-11-20 01:10 . 2012-11-20 01:10 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-11-20 00:35 . 2012-11-20 00:35 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Puem
2012-11-20 00:35 . 2012-11-20 00:35 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Omuhc
2012-11-19 21:09 . 2012-11-19 21:10 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Odcy
2012-11-19 21:09 . 2012-11-19 21:09 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Xaes
2012-11-19 21:07 . 2012-11-19 21:08 -------- d-----w- c:\users\Kaelin\AppData\Roaming\Otbade
2012-11-18 20:02 . 2012-11-18 20:17 -------- d-----w- c:\users\Dan\AppData\Roaming\Yznoe
2012-11-18 20:02 . 2012-11-18 20:02 -------- d-----w- c:\windows\Sun
2012-11-13 23:55 . 2012-11-13 23:55 -------- d-----w- c:\users\Sue\AppData\Roaming\ICAClient
2012-11-13 23:55 . 2012-11-13 23:55 -------- d-----w- c:\users\Sue\AppData\Local\Citrix
2012-11-13 00:54 . 2012-11-15 23:34 -------- d-----w- c:\users\Kaelin\AppData\Local\CrashDumps
2012-11-13 00:54 . 2012-11-13 00:54 -------- d-----w- c:\users\Kaelin\AppData\Local\Adobe
2012-11-11 23:11 . 2012-11-11 23:11 -------- d-----w- c:\users\Dani\AppData\Local\Apple Computer
2012-11-11 23:10 . 2012-11-11 23:10 -------- d-----w- c:\users\Dani\AppData\Roaming\ICAClient
2012-11-11 23:10 . 2012-11-11 23:10 -------- d-----w- c:\users\Dani\AppData\Local\Citrix
2012-11-07 20:47 . 2012-11-07 20:47 -------- d-----w- c:\users\Kaelin\AppData\Roaming\ICAClient
2012-11-07 20:47 . 2012-11-07 20:47 -------- d-----w- c:\users\Kaelin\AppData\Local\Citrix
2012-11-07 20:46 . 2012-11-07 20:46 -------- d-----w- c:\users\Hallie\AppData\Roaming\ICAClient
2012-11-07 20:42 . 2012-11-07 20:42 -------- d-----w- c:\users\Hallie\AppData\Local\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\users\Dan\AppData\Roaming\ICAClient
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\programdata\Citrix
2012-11-07 11:53 . 2012-11-20 03:45 -------- d-----w- c:\program files (x86)\Common Files\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\users\Dan\AppData\Local\Citrix
2012-11-07 11:53 . 2012-11-07 11:53 -------- d-----w- c:\program files (x86)\Citrix
2012-11-07 11:49 . 2012-11-07 11:49 -------- d-----w- c:\users\Dan\AppData\Roaming\Apple Computer
2012-11-06 00:17 . 2012-11-06 00:20 -------- d-----w- c:\users\Sue\AppData\Local\CrashDumps
2012-11-04 13:57 . 2012-11-04 13:57 -------- d-----w- c:\users\Sue\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-11-28 02:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 02:18 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 02:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-13 10:08 . 2012-10-13 10:08 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-10-05 23:44 . 2012-10-05 23:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-05 23:44 . 2012-10-05 23:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-10-05 23:44 . 2012-10-05 23:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-23 16:24 . 2010-06-24 16:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-14 19:19 . 2012-10-10 23:29 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 23:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 07:39 . 2012-09-07 07:39 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-09-07 07:39 . 2012-09-07 07:39 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-09-07 07:39 . 2012-09-07 07:39 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-09-07 07:39 . 2012-09-07 07:39 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-09-07 07:39 . 2012-09-07 07:39 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-09-07 07:39 . 2012-09-07 07:39 491520 ----a-w- c:\windows\system32\mssph.dll
2012-09-07 07:39 . 2012-09-07 07:39 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-09-07 07:39 . 2012-09-07 07:39 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-09-07 07:39 . 2012-09-07 07:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-09-07 07:39 . 2012-09-07 07:39 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-09-07 07:39 . 2012-09-07 07:39 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-09-07 07:39 . 2012-09-07 07:39 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-09-07 07:39 . 2012-09-07 07:39 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-09-07 07:39 . 2012-09-07 07:39 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-09-07 07:39 . 2012-09-07 07:39 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-09-07 07:39 . 2012-09-07 07:39 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-09-07 07:39 . 2012-09-07 07:39 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-09-07 07:39 . 2012-09-07 07:39 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-09-07 07:39 . 2012-09-07 07:39 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-09-07 07:39 . 2012-09-07 07:39 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-09-07 07:39 . 2012-09-07 07:39 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-09-07 07:39 . 2012-09-07 07:39 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-09-07 07:39 . 2012-09-07 07:39 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-09-07 07:39 . 2012-09-07 07:39 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-09-07 07:39 . 2012-09-07 07:39 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-09-07 07:39 . 2012-09-07 07:39 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-09-07 07:39 . 2012-09-07 07:39 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-09-07 07:39 . 2012-09-07 07:39 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-09-07 07:39 . 2012-09-07 07:39 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-09-07 07:39 . 2012-09-07 07:39 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-09-07 07:39 . 2012-09-07 07:39 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-09-07 07:39 . 2012-09-07 07:39 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-09-07 07:39 . 2012-09-07 07:39 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-09-07 07:39 . 2012-09-07 07:39 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-09-07 07:39 . 2012-09-07 07:39 77312 ----a-w- c:\windows\system32\packager.dll
2012-09-07 07:39 . 2012-09-07 07:39 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-09-07 07:39 . 2012-09-07 07:39 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-09-07 07:39 . 2012-09-07 07:39 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-09-07 07:39 . 2012-09-07 07:39 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-09-07 07:39 . 2012-09-07 07:39 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-09-07 07:39 . 2012-09-07 07:39 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-09-07 07:39 . 2012-09-07 07:39 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-09-07 07:39 . 2012-09-07 07:39 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-09-07 07:39 . 2012-09-07 07:39 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-09-07 07:39 . 2012-09-07 07:39 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-09-07 07:39 . 2012-09-07 07:39 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-09-07 07:39 . 2012-09-07 07:39 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-09-07 07:39 . 2012-09-07 07:39 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-09-07 07:39 . 2012-09-07 07:39 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-09-07 07:39 . 2012-09-07 07:39 2871808 ----a-w- c:\windows\explorer.exe
2012-09-07 07:39 . 2012-09-07 07:39 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-09-07 07:39 . 2012-09-07 07:39 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-09-07 07:39 . 2012-09-07 07:39 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-09-07 07:39 . 2012-09-07 07:39 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-09-07 07:39 . 2012-09-07 07:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-09-07 07:39 . 2012-09-07 07:39 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-09-07 07:39 . 2012-09-07 07:39 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-09-07 07:39 . 2012-09-07 07:39 3216384 ----a-w- c:\windows\system32\msi.dll
2012-09-07 07:39 . 2012-09-07 07:39 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-09-07 07:39 . 2012-09-07 07:39 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-09-07 07:39 . 2012-09-07 07:39 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-09-07 07:39 . 2012-09-07 07:39 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-09-07 07:39 . 2012-09-07 07:39 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-09-07 07:39 . 2012-09-07 07:39 5120 ----a-w- c:\windows\system32\wmi.dll
2012-09-07 07:39 . 2012-09-07 07:39 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-09-07 07:39 . 2012-09-07 07:39 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-09-07 07:39 . 2012-09-07 07:39 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-09-07 07:39 . 2012-09-07 07:39 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-09-07 07:39 . 2012-09-07 07:39 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-09-07 07:39 . 2012-09-07 07:39 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-09-07 07:39 . 2012-09-07 07:39 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-09-07 07:39 . 2012-09-07 07:39 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-09-07 07:39 . 2012-09-07 07:39 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-09-07 07:39 . 2012-09-07 07:39 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2012-09-07 07:39 . 2012-09-07 07:39 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-09-07 07:39 . 2012-09-07 07:39 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2012-09-07 07:39 . 2012-09-07 07:39 1118720 ----a-w- c:\windows\system32\sbe.dll
2012-09-07 07:39 . 2012-09-07 07:39 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-09-07 07:39 . 2012-09-07 07:39 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-09-07 07:39 . 2012-09-07 07:39 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-09-07 07:39 . 2012-09-07 07:39 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-09-07 07:39 . 2012-09-07 07:39 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-09-07 07:39 . 2012-09-07 07:39 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-09-07 07:39 . 2012-09-07 07:39 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-09-07 07:39 . 2012-09-07 07:39 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-09-07 07:39 . 2012-09-07 07:39 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-09-07 07:39 . 2012-09-07 07:39 106496 ----a-w- c:\windows\system32\odbccu32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files (x86)\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2011-12-22 362432]
"Malwarebytes Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
.
c:\users\Kaelin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
2;2 UNS;Intel® Management and Security Application User Notification Service [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-25 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-27 16152]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2011-06-29 91864]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [2011-12-29 106144]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-01-11 627936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-05-25 162224]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [2011-12-27 76960]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-12-29 36000]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-10-18 93712]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-12-29 338592]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-12-29 110752]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-12-29 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-12-29 167584]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-12-29 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-12-29 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-12-29 548000]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-27 356120]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-27 787736]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-24 648808]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-07 05:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-41371798.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-12-03 17:07:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-03 22:07
ComboFix2.txt 2012-12-03 13:33
.
Pre-Run: 905,115,090,944 bytes free
Post-Run: 905,145,069,568 bytes free
.
- - End Of File - - BEFA6D2A02ED15BA88E2BE1AAD58C885

I did receive the error "Illegal operation attempted on a registry key that has been marked for deletion." I restarted the computer.
No other problems.

The computer seems to be running fine.

Thanks,
chillndan
  • 0

Advertisements


#11
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#12
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OK, here it is:

Adobe Flash Player 11 ActiveX
Adobe Reader X MUI
Apple Application Support
Apple Software Update
Bing Bar
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell WLAN and Bluetooth Client Installation
eBay
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Multimedia Card Reader
Online Plug-in
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Self-service Plug-in
Skype™ 5.10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

Thanks,
chillndan
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Bing Bar
Java 7 Update 7
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

  • 0

#14
chillndan

chillndan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Log from MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

12/4/2012 8:54:41 PM
mbam-log-2012-12-04 (20-54-41).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|J:\|K:\|)
Objects scanned: 273965
Time elapsed: 17 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Report from HiJack this:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:55:58 PM, on 12/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
C:\Users\Dan\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120923174349.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 15615 bytes

When trying to check for updates for Malwarebytes' Anti-Malware, I got an error, "Error Code 732." Tried multiple times and received error each time.

Computer seems to be running fine.

Thanks,
chillndan
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Uninstall Malwarebytes

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs and Features
  • Uninstall Malwarebytes' Anti-Malware
  • Restart your computer very important
  • Download and run mbam-clean.exe from here
  • It will ask to restart your computer, please allow it to do so very important
  • After the computer restarts, temporarily disable your Anti-Virus and install the latest version of Malwarebytes' Anti-Malware from here
  • Note: You will need to reactivate the program using the license you were sent via email if using the Pro version
  • Launch the program and set the Protection and Registration. Then go to the UPDATE tab if not done during installation and check for updates.
    Restart the computer again and verify that MBAM is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications. You may use the guides posted in the FAQ's here or post to ask and we'll explain how to do it.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP