Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Microsoft Scam - hacked


  • Please log in to reply

#1
Hangdown99

Hangdown99

    Member

  • Member
  • PipPip
  • 14 posts
We have reason to believe our coputer was compromised and may have an undetectable virus that could result in identity theft. My wife received a phone call from a person claiming to be with Microsoft. He told her our computer had viruses and we needed to purchase new software. She asked him to confirm he worked for MS and he told her he had our computer license ID and showed her where to locate the number on our computer. He recalled the number verbatim. He ask her to go to a website and she allowed him to remote into our computer. He was not on for long. When she told me what happened we called our cable provider and they gave us the number to Microsoft. Microsoft confirmed it was a scam.

I have been advised of what to do by various people. In terms of the computer, I have been told everything from reinstall Windows to buy a new computer. I have also been told that reinstalling Windows will not ensure 100% security. The latest thing I was told is to download and run DBan and then reinstall Windows. In addition, I have bought a new router and set up new passwords and am not broadcasting the SSID.

I need to know with 100% guarantee that my computer is clean. If I can never be assured of that then I will dump it and buy a new one. Please let me know if there is anything I can do salvage my computer.
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
If you have the windows disk then reinstall windows but have it remove the partitions first.

or you could just let us look at it:

Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp 
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL Extras logfile created on: 12/15/2012 9:21:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sdryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 69.03% Memory free
11.61 Gb Paging File | 8.84 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 353.99 Gb Free Space | 78.49% Space Free | Partition Type: NTFS

Computer Name: LOCKHART | User Name: sdryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FEFD52C-432A-429F-B5C6-59BAF261B3E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{126638A0-A89F-46CA-A3A0-7B7975712A66}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{191CF9C1-6421-439E-96AF-B1E680965D0C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A4D9A2D-8ADF-463C-8FE2-3E94AB30BD50}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{35F8A077-B94D-4D6B-BAAA-C0F4AF5395EB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{418F1354-59E0-490C-A8BF-743D63D3B914}" = lport=137 | protocol=17 | dir=in | app=system |
"{47B12787-FB44-4DD6-9363-F5393491327F}" = rport=445 | protocol=6 | dir=out | app=system |
"{4DCF786F-5A1F-4035-8585-F6F3ECBD7C86}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5F2524DE-044E-42FA-90FC-1D7AAB9582AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{60AA052B-FAD4-4BD7-9B6C-3D36A53C6A81}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{61E9E781-6514-4231-AEA9-D117C34D47CC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{67C96805-033D-45F2-A913-AF69F36EAF6F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73A8C30B-6C41-447A-8787-DB9F6F3CC4C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{78C8F852-50E4-42BE-9326-305D8EC22FCB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D85E7CB-46A8-43B1-9ADA-8084AD93FEEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9335E29F-E666-49F9-87FF-4343059EA177}" = rport=139 | protocol=6 | dir=out | app=system |
"{94F91B87-CB79-4751-9AA3-0B181AD17DE1}" = rport=138 | protocol=17 | dir=out | app=system |
"{986E9FCF-9CA3-48BE-B327-66929E181729}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DAAB45E-C0AB-42B4-B06B-02BAAD0DF934}" = lport=139 | protocol=6 | dir=in | app=system |
"{A2790CE4-B546-4E8F-8B3E-B00284FB5086}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A7214E24-463D-4502-9A0A-2974427F806E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A9481AFC-91D1-4A77-A0CB-37F191AECCBD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C1EE4180-4FBA-4C2B-9FED-ABEF51D8A336}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C92A0934-97C7-48B6-AA8C-39BEE8B580CB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{CE4D6FB3-9D95-4DBB-A873-8EDFD33D7915}" = rport=137 | protocol=17 | dir=out | app=system |
"{DED2FCDF-A9A7-4B7C-B7C8-3F907B7BC4C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E34934D1-EAAA-42DD-A290-DC7D5DB8BE7E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4BBDEA7-EF80-429E-B6B4-167ECFA9384E}" = lport=445 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01172B82-26B3-4306-95BD-6C0C24617259}" = protocol=58 | dir=out | [email protected],-503 |
"{055507B2-805A-4DBB-BB20-9774A88AEDE5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0624127A-23B9-4238-B33B-00C93A2C8D2D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{0BB68886-8876-4715-BE62-9AE15F0CB9AE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0E8AEBBB-F3DD-4B2E-A25B-4784D849EAB3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{10832DD9-F462-43AB-BDFC-CA4B858D404B}" = protocol=1 | dir=out | [email protected],-28544 |
"{1928DBE5-22E8-42EE-9D5E-70F7615F1449}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{197D705F-8FE8-4C5B-A189-2F0832CC505C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1BD0E5EF-64ED-4E59-A5CE-BADFA624D558}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D64F67E-C8CF-4DED-B85E-32436B680286}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{288797BC-348D-4C87-96FA-C6017ED4251B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{396E3C19-07D6-4A5C-ADF2-1EF8D26BAC95}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4A9D0C31-5DEE-4623-87DD-355789467A66}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{65A13182-9C62-49D2-A47C-DF9E66977559}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6B0A5B51-DDC0-4A54-B9CF-106B2F4FB91A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C1C46ED-7C0C-4B41-ABE1-0AA326215ED0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{700C6F01-FA08-47A5-B0E9-06CBAEBCF505}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7AE76143-E95C-4863-86E7-781A45FA8851}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7DF4CC88-9BBC-46F5-B28C-17883F27F1D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80562819-3F5A-412A-B2E3-14D10FCD94D6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{938AC743-C0E4-4B19-B02C-733FF9A8089A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A023FE3B-7C9B-40DC-8750-93C578D9242D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A4116F92-58AE-441B-8FFC-5AD5135CAEFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A7AF983D-8EDE-4B62-BA9B-9610A6EACF75}" = protocol=58 | dir=out | [email protected],-28546 |
"{B25C0DA6-A118-4222-AC52-894DBD120F9A}" = protocol=1 | dir=in | [email protected],-28543 |
"{B49B6184-D735-445A-A42F-A064B799C046}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B8BF097B-C0D3-4C6B-BC01-32E467DCA802}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BCAB30FB-6807-4ED7-B774-69C362DC84F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD12094B-B4B5-4C6F-991E-B285B8818EB8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C68D89A4-DC30-402E-96EF-F23E6C820719}" = protocol=6 | dir=out | app=system |
"{CAADFB6E-6A68-42BF-BB5E-26DCF871526F}" = protocol=58 | dir=in | app=system |
"{CF6772D3-8E6A-4D66-BF63-F63B0D8870B8}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D3E08E4D-E711-4E5D-9379-91E08FC73D0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D505D7A8-4415-4347-9C6A-800334C7E066}" = protocol=58 | dir=in | [email protected],-28545 |
"{D91C5986-7420-4AAD-9905-4E033409705C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DA000EE8-F089-42B8-8866-9204149AE63C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E0FD63ED-16DA-42D8-9244-CFF1AD9733D9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E6B1EFB3-EE05-469E-9CB4-81F33D057033}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDD44E3B-6373-428B-9EAC-922BDB0C7C26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F82466AD-7108-47B3-B814-8C03DB289EBB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAF125A5-E573-4E32-ABDE-775FB5577099}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Cisco Connect" = Cisco Connect
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Funnix Demo" = Funnix Demo
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"MSC" = McAfee SecurityCenter
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RealPlayer 12.0" = RealPlayer
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/4/2012 9:00:46 PM | Computer Name = lockhart | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
took longer than 90000 ms to complete a request. The process will be terminated.
Thread
id : 2632 (0xa48) Thread address : 0x000000007799135A Thread message : Build VSCORE.15.1.0.461
/ 5500.1093 Object being scanned = \Device\HarddiskVolume3\Windows\SysWOW64\en-US\mprmsg.dll.mui

by C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 4(0)(0) 4(0)(0)

7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 12/4/2012 9:32:01 PM | Computer Name = lockhart | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 12/4/2012 9:33:09 PM | Computer Name = lockhart | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 12/5/2012 10:14:02 AM | Computer Name = lockhart | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 12/7/2012 8:58:41 AM | Computer Name = lockhart | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 12/8/2012 1:41:34 PM | Computer Name = lockhart | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 12/8/2012 4:02:53 PM | Computer Name = lockhart | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/8/2012 4:02:53 PM | Computer Name = lockhart | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7214687

Error - 12/8/2012 4:02:53 PM | Computer Name = lockhart | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7214687

Error - 12/15/2012 10:51:52 AM | Computer Name = lockhart | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: The
remote name could not be resolved: 'wsvcdell.backup.com' at System.Net.HttpWebRequest.GetRequestStream(TransportContext&
context) at System.Net.HttpWebRequest.GetRequestStream() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters) at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error - 12/15/2012 11:14:30 AM | Computer Name = lockhart | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.69.0 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: dc4 Start Time:
01cddad63fe44fee Termination Time: 0 Application Path: C:\Users\sdryan\Desktop\OTL.exe

Report
Id:

[ Broadcom Wireless LAN Events ]
Error - 11/26/2012 8:00:17 AM | Computer Name = lockhart | Source = WLAN-Tray | ID = 0
Description = 06:00:14, Mon, Nov 26, 12 Error - Unable to gain access to user store


[ Dell Events ]
Error - 12/3/2010 9:53:56 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/5/2011 6:52:22 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/5/2011 6:52:22 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/5/2011 8:31:03 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/5/2011 8:31:03 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/12/2011 8:56:40 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 6/12/2011 8:56:40 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/10/2011 6:54:25 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/10/2011 6:54:25 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/19/2011 4:35:03 PM | Computer Name = lockhart | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 12/4/2012 8:56:15 PM | Computer Name = lockhart | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:54:58 PM on ?12/?4/?2012 was unexpected.

Error - 12/4/2012 8:57:33 PM | Computer Name = lockhart | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/4/2012 8:58:33 PM | Computer Name = lockhart | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.

Error - 12/4/2012 9:00:52 PM | Computer Name = lockhart | Source = Service Control Manager | ID = 7031
Description = The McAfee McShield service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 12/7/2012 9:52:27 AM | Computer Name = lockhart | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 12/8/2012 1:40:55 PM | Computer Name = lockhart | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/8/2012 1:41:25 PM | Computer Name = lockhart | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/8/2012 4:02:48 PM | Computer Name = lockhart | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 12/15/2012 10:51:19 AM | Computer Name = lockhart | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/15/2012 11:32:56 AM | Computer Name = lockhart | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#4
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 12/15/2012 9:21:36 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sdryan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.01 Gb Available Physical Memory | 69.03% Memory free
11.61 Gb Paging File | 8.84 Gb Available in Paging File | 76.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 353.99 Gb Free Space | 78.49% Space Free | Partition Type: NTFS

Computer Name: LOCKHART | User Name: sdryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/15 09:02:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sdryan\Desktop\OTL.exe
PRC - [2012/11/14 15:56:04 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/17 14:04:55 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/10/27 14:28:31 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/06 11:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 11:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/12/29 13:19:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/14 16:36:50 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012/11/14 16:36:49 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f8a5720490e4b18a525e77a06117b045\IAStorUtil.ni.dll
MOD - [2012/11/14 16:36:33 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/14 15:51:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/14 15:51:23 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\cf840dca36a7b949696ce331d0532d3e\System.Web.Services.ni.dll
MOD - [2012/11/14 15:51:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/14 15:50:57 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/14 15:50:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/14 15:50:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/14 15:50:24 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\aa983d1ad8df4422c0859ab4d6e19a83\UIAutomationProvider.ni.dll
MOD - [2012/11/14 15:50:24 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012/11/14 15:50:23 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/14 15:50:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/14 15:50:05 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/14 15:50:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/14 15:49:59 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/14 15:49:27 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/08/18 09:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/10 16:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/07/17 13:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 13:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 13:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/06/17 23:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 00:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 04:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/11/14 15:56:05 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 09:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/21 23:00:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/17 13:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 13:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 13:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 13:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 13:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 13:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 13:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/04/20 15:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/17 23:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/30 13:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 13:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/03/30 13:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/30 13:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/03/30 13:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/17 15:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 15:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 15:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/26 18:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 08:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/02/03 00:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 00:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 00:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=WLEM
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...98-1CD001781C90
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADSA_enUS437
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\sdryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 14:29:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/10/01 17:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/10/02 14:03:10 | 000,000,000 | ---D | M]

[2011/05/04 17:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sdryan\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\sdryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\sdryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120712163456.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120712163457.dll (McAfee, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_110_ActiveX.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\sdryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B1A662F-B86D-4EF9-9037-C1DFF4EC1D4B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/12/15 09:02:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sdryan\Desktop\OTL.exe
[2012/12/15 08:55:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/12/15 08:52:07 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{1C703839-D7C4-412D-90E4-4643BE1A604F}
[2012/12/08 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{AAFD8889-64DD-4B16-82CF-38796DC979D1}
[2012/12/07 06:58:53 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{A1BB2048-BBE2-4CE2-AA4F-999D1A87BC8A}
[2012/12/05 08:14:16 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{ACCEFC47-352C-45BB-8D23-A7A28A46E4DB}
[2012/12/04 19:03:15 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{A8CD2E1E-0606-4D70-A8B7-9BC0B7A083ED}
[2012/12/04 15:18:06 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Roaming\Malwarebytes
[2012/12/04 15:17:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/04 15:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/04 15:17:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/04 15:17:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/04 06:25:55 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{DC1C7498-1ED8-4E76-998A-F41A4D999DC7}
[2012/12/03 17:58:28 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Roaming\TeamViewer
[2012/12/03 17:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AMMYY
[2012/12/03 15:08:27 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{674C7DE5-CF03-44D6-80D8-B7AAE681F4E9}
[2012/12/02 08:15:22 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{F5641A54-35AD-489D-8CF9-4676CC1EB24A}
[2012/12/01 07:04:31 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{7644810E-BF19-40F7-9F15-04F243D59219}
[2012/11/30 09:21:54 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{55C1DA8D-724D-4966-8FFE-DDB83D6FCCEE}
[2012/11/29 06:15:49 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{5764CA6E-96C7-4836-84FB-AE0072CE05E6}
[2012/11/28 15:14:42 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{51CEAD79-BA3D-4E86-B030-AAC2EC6986E9}
[2012/11/26 06:01:13 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{B27310BA-D2EF-4556-823F-5FA69B70408F}
[2012/11/21 19:47:02 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{46C08D9C-1E1C-42A3-B4F7-75B79D0678FA}
[2012/11/21 07:02:03 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{4D0C91B7-1614-4BD0-9529-632E83C8A935}
[2012/11/20 11:00:14 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{B96E6181-B72E-4A30-B8D1-3783EC2506E4}
[2012/11/16 07:49:45 | 000,000,000 | ---D | C] -- C:\Users\sdryan\AppData\Local\{DCF6FD6B-681D-40E3-958D-DF472659F8A6}

========== Files - Modified Within 30 Days ==========

[2012/12/15 09:08:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/15 09:03:49 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 09:03:49 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/15 09:02:42 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_sdryan.job
[2012/12/15 09:02:41 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerResumeInstall_sdryan.job
[2012/12/15 09:02:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sdryan\Desktop\OTL.exe
[2012/12/15 08:50:54 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/15 08:50:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/15 08:50:21 | 378,548,223 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/15 08:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/04 18:48:24 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/04 18:48:24 | 000,627,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/04 18:48:24 | 000,107,638 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/04 15:17:51 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/02 20:28:46 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2012/12/15 09:02:41 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstallLogin_sdryan.job
[2012/12/15 09:02:41 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerResumeInstall_sdryan.job
[2012/12/04 18:48:24 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/04 15:17:51 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/05/20 19:35:11 | 000,000,000 | ---- | C] () -- C:\Users\sdryan\AppData\Local\{5C0D588A-735C-4D6F-AFC3-94CD69A6993D}

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< >

< >

< >

< >

< >

========== Files - Unicode (All) ==========
[2011/06/17 06:27:53 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline??????????s???????????????????p?????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline祓瑳浥潒瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡
[2011/06/17 06:27:53 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline??????????s???????????????????p?????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline祓瑳浥潒瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡
[2011/02/19 09:28:08 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline??????s???????????????????p?????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡屡潌慣屬
[2011/02/19 09:28:08 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline??????s???????????????????p?????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡屡潌慣屬
[2011/02/10 07:23:12 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓嘮䕂⸻半
[2011/02/10 07:23:12 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓嘮䕂⸻半
[2011/01/21 19:35:48 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline敲獜獹潷㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓
[2011/01/21 19:35:48 | 000,000,000 | ---D | M](C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline敲獜獹潷㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓
(C:\Users\sdryan\AppData\Local\DataSafeOnline??????s???????????????????p?????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡屡潌慣屬
(C:\Users\sdryan\AppData\Local\DataSafeOnline??????????s???????????????????p?????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline祓瑳浥潒瑯䌽尺楗摮睯s䕔偍䌽尺獕牥屳摳祲湡䅜灰慄慴䱜捯污呜浥p䵔㵐㩃啜敳獲獜牤慹屮灁䑰瑡
(C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓嘮䕂⸻半
(C:\Users\sdryan\AppData\Local\DataSafeOnline????????????????????????????????????????????) -- C:\Users\sdryan\AppData\Local\DataSafeOnline敲獜獹潷㙷㬴㩃停潲牧浡䘠汩獥⠠㡸⤶坜湩潤獷䰠癩履桓牡摥倀呁䕈员⸽佃㭍䔮䕘⸻䅂㭔䌮䑍⸻䉖㭓

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
I think Dell DataSafe is having a problem. Would be wise to uninstall it.

Also uninstall Java™ 6 Update 20 (64-bit) (obsolete - get the latest from Java.com using your 64-bit IE. Do not let them install foistware like the Ask toolbar, Yahoo Toolbar or McAfee Security Scan.)

the Ask Toolbar

and the Skype Toolbar. Adobe reader is obsolete and should be uninstalled and the latest version installed from adobe.com. Do not let them install foistware like the Ask toolbar, Yahoo Toolbar or McAfee Security Scan.

I don't really see any signs of malware but let's run through some scans and see if we find anything:



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Right click on TDSSKiller.exe and select Run As Administrator to start the program.

If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow

(When it finishes does it complain that it couldn't fix something? )



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

This next scan will take a long time. I like to let it run while I sleep:

se IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


(multiple replies are OK. It might be easier to post each log as you get it.)
  • 0

#6
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
swMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-16 10:34:25
-----------------------------
10:34:25.674 OS Version: Windows x64 6.1.7601 Service Pack 1
10:34:25.674 Number of processors: 4 586 0x2505
10:34:25.674 ComputerName: LOCKHART UserName: sdryan
10:34:27.998 Initialize success
10:36:00.749 AVAST engine defs: 12121600
10:36:54.538 The log file has been saved successfully to "C:\Users\sdryan\Desktop\aswMBR.txt"
  • 0

#7
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
ComboFix 12-12-14.01 - sdryan 12/16/2012 11:01:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5943.4434 [GMT -6:00]
Running from: c:\users\sdryan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0973DC18-0C0D-49C8-A322-2FDF7C4BC003}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{21433381-2091-4767-B354-45C3A759BA6A}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{75041143-3597-470F-A1C2-4290F8311D0C}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9048EECC-F01D-4EE1-9428-3B3046B1C116}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9C806D42-C615-468E-B115-E47A528C9706}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A5159826-855A-4446-A5ED-168245EF9190}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BC1CF819-6014-4889-918F-45AA5B1A6A0D}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C826AF85-DE62-46D9-B4A3-8A3D7DC3F1E0}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CA6E2D19-22D6-4A7D-AA6B-FFB1E597776B}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{CBFB895A-6E0A-401B-AADF-17ABC8FF499C}.xps
c:\users\sdryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\{DEB3BCCA-03A0-4428-B5D7-EE5F44355BA4}.xps
.
.
((((((((((((((((((((((((( Files Created from 2012-11-16 to 2012-12-16 )))))))))))))))))))))))))))))))
.
.
2012-12-16 17:48 . 2012-12-16 17:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-16 17:06 . 2012-12-16 17:06 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1209191B-1427-4500-812A-ACE64046E55F}\offreg.dll
2012-12-16 16:09 . 2012-12-16 16:09 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-16 16:08 . 2012-12-16 16:08 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-16 16:08 . 2012-12-16 16:08 -------- d-----w- c:\program files (x86)\Java
2012-12-15 15:37 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-15 15:37 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-15 15:36 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-15 15:36 . 2012-10-04 17:45 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-12-15 15:36 . 2012-10-04 17:41 424960 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-15 15:36 . 2012-10-04 17:41 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-12-15 15:36 . 2012-10-04 16:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-12-15 15:36 . 2012-10-04 15:21 338432 ----a-w- c:\windows\system32\conhost.exe
2012-12-15 15:33 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-15 15:33 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-15 15:31 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1209191B-1427-4500-812A-ACE64046E55F}\mpengine.dll
2012-12-04 21:18 . 2012-12-04 21:18 -------- d-----w- c:\users\sdryan\AppData\Roaming\Malwarebytes
2012-12-04 21:17 . 2012-12-04 21:17 -------- d-----w- c:\programdata\Malwarebytes
2012-12-04 21:17 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-04 21:17 . 2012-12-04 21:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-04 21:11 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-12-03 23:58 . 2012-12-03 23:58 -------- d-----w- c:\users\sdryan\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 16:41 . 2012-04-01 12:08 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 16:41 . 2011-05-16 11:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 16:08 . 2012-07-26 14:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-16 16:08 . 2012-07-26 14:11 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-16 15:51 . 2011-01-08 11:58 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-09 12:40 . 2010-01-05 23:04 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys
2012-11-09 12:37 . 2010-01-05 23:04 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2012-11-09 12:36 . 2010-10-22 05:07 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-11-09 12:36 . 2010-01-05 23:04 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2012-11-09 12:35 . 2010-01-05 23:04 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2012-11-09 12:34 . 2010-01-05 23:04 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2012-11-09 12:34 . 2010-01-05 23:04 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2012-11-09 12:33 . 2010-01-05 23:04 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2012-10-16 08:38 . 2012-11-27 21:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 21:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 21:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 21:24 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-13 21:24 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 21:24 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 21:24 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-15 15:35 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-13 21:24 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-13 21:24 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-13 21:24 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-13 21:24 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-13 21:24 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-13 21:24 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-13 21:24 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-13 21:24 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-13 21:24 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-13 21:24 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-13 21:24 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-13 21:23 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-13 21:23 95744 ----a-w- c:\windows\system32\synceng.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-20 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-10-27 273528]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\sdryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-9-20 30785672]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-11-09 106112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-11-09 339776]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-11-09 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-11-09 177680]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-11-09 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-11-09 515528]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 16:41]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 22:04]
.
2012-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 22:04]
.
2012-12-16 c:\windows\Tasks\ReclaimerUpdateFiles_sdryan.job
- c:\users\sdryan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-15 15:02]
.
2012-12-16 c:\windows\Tasks\ReclaimerUpdateXML_sdryan.job
- c:\users\sdryan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-15 15:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe - c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-16 12:08:18
ComboFix-quarantined-files.txt 2012-12-16 18:08
.
Pre-Run: 379,067,785,216 bytes free
Post-Run: 380,355,612,672 bytes free
.
- - End Of File - - A626CC967D235911E5E4120E59FCDD80
  • 0

#8
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
11:36:32.0462 5264 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:36:34.0474 5264 ============================================================
11:36:34.0474 5264 Current date / time: 2012/12/16 11:36:34.0474
11:36:34.0474 5264 SystemInfo:
11:36:34.0474 5264
11:36:34.0474 5264 OS Version: 6.1.7601 ServicePack: 1.0
11:36:34.0474 5264 Product type: Workstation
11:36:34.0474 5264 ComputerName: LOCKHART
11:36:34.0474 5264 UserName: sdryan
11:36:34.0474 5264 Windows directory: C:\Windows
11:36:34.0474 5264 System windows directory: C:\Windows
11:36:34.0474 5264 Running under WOW64
11:36:34.0474 5264 Processor architecture: Intel x64
11:36:34.0474 5264 Number of processors: 4
11:36:34.0474 5264 Page size: 0x1000
11:36:34.0474 5264 Boot type: Normal boot
11:36:34.0474 5264 ============================================================
11:36:35.0223 5264 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:36:35.0233 5264 ============================================================
11:36:35.0233 5264 \Device\Harddisk0\DR0:
11:36:35.0253 5264 MBR partitions:
11:36:35.0253 5264 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
11:36:35.0253 5264 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
11:36:35.0253 5264 ============================================================
11:36:35.0323 5264 C: <-> \Device\Harddisk0\DR0\Partition2
11:36:35.0323 5264 ============================================================
11:36:35.0333 5264 Initialize success
11:36:35.0333 5264 ============================================================
11:37:40.0740 4072 ============================================================
11:37:40.0740 4072 Scan started
11:37:40.0740 4072 Mode: Manual;
11:37:40.0740 4072 ============================================================
11:37:40.0990 4072 ================ Scan system memory ========================
11:37:40.0990 4072 System memory - ok
11:37:40.0990 4072 ================ Scan services =============================
11:37:41.0146 4072 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:37:41.0224 4072 1394ohci - ok
11:37:41.0286 4072 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:37:41.0286 4072 ACPI - ok
11:37:41.0348 4072 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:37:41.0411 4072 AcpiPmi - ok
11:37:41.0582 4072 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:37:41.0582 4072 AdobeFlashPlayerUpdateSvc - ok
11:37:41.0660 4072 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:37:41.0692 4072 adp94xx - ok
11:37:41.0723 4072 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:37:41.0738 4072 adpahci - ok
11:37:41.0770 4072 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:37:41.0785 4072 adpu320 - ok
11:37:41.0816 4072 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:37:41.0816 4072 AeLookupSvc - ok
11:37:41.0879 4072 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:37:41.0879 4072 AESTFilters - ok
11:37:41.0941 4072 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:37:42.0019 4072 AFD - ok
11:37:42.0066 4072 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:37:42.0066 4072 agp440 - ok
11:37:42.0097 4072 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:37:42.0097 4072 ALG - ok
11:37:42.0128 4072 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:37:42.0144 4072 aliide - ok
11:37:42.0144 4072 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:37:42.0144 4072 amdide - ok
11:37:42.0206 4072 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:37:42.0222 4072 AmdK8 - ok
11:37:42.0238 4072 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:37:42.0253 4072 AmdPPM - ok
11:37:42.0316 4072 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:37:42.0378 4072 amdsata - ok
11:37:42.0409 4072 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:37:42.0409 4072 amdsbs - ok
11:37:42.0440 4072 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:37:42.0487 4072 amdxata - ok
11:37:42.0534 4072 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:37:42.0596 4072 AppID - ok
11:37:42.0628 4072 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:37:42.0628 4072 AppIDSvc - ok
11:37:42.0674 4072 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:37:42.0674 4072 Appinfo - ok
11:37:42.0799 4072 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:37:42.0799 4072 Apple Mobile Device - ok
11:37:42.0862 4072 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:37:42.0877 4072 arc - ok
11:37:42.0893 4072 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:37:42.0893 4072 arcsas - ok
11:37:42.0924 4072 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:37:42.0924 4072 AsyncMac - ok
11:37:42.0971 4072 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:37:42.0971 4072 atapi - ok
11:37:43.0033 4072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:37:43.0049 4072 AudioEndpointBuilder - ok
11:37:43.0064 4072 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:37:43.0064 4072 AudioSrv - ok
11:37:43.0111 4072 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:37:43.0111 4072 AxInstSV - ok
11:37:43.0158 4072 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:37:43.0174 4072 b06bdrv - ok
11:37:43.0220 4072 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:37:43.0220 4072 b57nd60a - ok
11:37:43.0267 4072 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
11:37:43.0345 4072 BCM42RLY - ok
11:37:43.0454 4072 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
11:37:43.0470 4072 BCM43XX - ok
11:37:43.0532 4072 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
11:37:43.0595 4072 BcmVWL - ok
11:37:43.0642 4072 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:37:43.0642 4072 BDESVC - ok
11:37:43.0673 4072 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:37:43.0673 4072 Beep - ok
11:37:43.0751 4072 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:37:43.0766 4072 BFE - ok
11:37:43.0798 4072 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:37:43.0798 4072 BITS - ok
11:37:43.0829 4072 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:37:43.0844 4072 blbdrive - ok
11:37:43.0922 4072 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:37:43.0922 4072 Bonjour Service - ok
11:37:43.0969 4072 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:37:44.0032 4072 bowser - ok
11:37:44.0047 4072 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:37:44.0063 4072 BrFiltLo - ok
11:37:44.0078 4072 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:37:44.0078 4072 BrFiltUp - ok
11:37:44.0110 4072 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:37:44.0110 4072 BridgeMP - ok
11:37:44.0172 4072 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:37:44.0172 4072 Browser - ok
11:37:44.0213 4072 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:37:44.0223 4072 Brserid - ok
11:37:44.0233 4072 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:37:44.0243 4072 BrSerWdm - ok
11:37:44.0263 4072 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:37:44.0263 4072 BrUsbMdm - ok
11:37:44.0293 4072 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:37:44.0293 4072 BrUsbSer - ok
11:37:44.0353 4072 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:37:44.0353 4072 BthEnum - ok
11:37:44.0373 4072 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:37:44.0383 4072 BTHMODEM - ok
11:37:44.0413 4072 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:37:44.0413 4072 BthPan - ok
11:37:44.0453 4072 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:37:44.0513 4072 BTHPORT - ok
11:37:44.0543 4072 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:37:44.0553 4072 bthserv - ok
11:37:44.0563 4072 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:37:44.0623 4072 BTHUSB - ok
11:37:44.0653 4072 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
11:37:44.0713 4072 btusbflt - ok
11:37:44.0733 4072 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:37:44.0783 4072 btwaudio - ok
11:37:44.0813 4072 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
11:37:44.0863 4072 btwavdt - ok
11:37:44.0923 4072 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:37:44.0933 4072 btwdins - ok
11:37:44.0943 4072 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:37:44.0993 4072 btwl2cap - ok
11:37:45.0003 4072 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:37:45.0053 4072 btwrchid - ok
11:37:45.0093 4072 catchme - ok
11:37:45.0123 4072 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:37:45.0133 4072 cdfs - ok
11:37:45.0183 4072 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:37:45.0253 4072 cdrom - ok
11:37:45.0283 4072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:37:45.0293 4072 CertPropSvc - ok
11:37:45.0313 4072 [ DF8D07059E7237E0BE9C1421EF5F9482 ] cfwids C:\Windows\system32\drivers\cfwids.sys
11:37:45.0373 4072 cfwids - ok
11:37:45.0393 4072 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:37:45.0393 4072 circlass - ok
11:37:45.0433 4072 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:37:45.0453 4072 CLFS - ok
11:37:45.0533 4072 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:37:45.0533 4072 clr_optimization_v2.0.50727_32 - ok
11:37:45.0573 4072 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:37:45.0573 4072 clr_optimization_v2.0.50727_64 - ok
11:37:45.0663 4072 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:37:45.0683 4072 clr_optimization_v4.0.30319_32 - ok
11:37:45.0713 4072 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:37:45.0723 4072 clr_optimization_v4.0.30319_64 - ok
11:37:45.0753 4072 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:37:45.0753 4072 CmBatt - ok
11:37:45.0793 4072 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:37:45.0803 4072 cmdide - ok
11:37:45.0853 4072 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:37:45.0853 4072 CNG - ok
11:37:45.0903 4072 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:37:45.0903 4072 Compbatt - ok
11:37:45.0933 4072 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:37:45.0983 4072 CompositeBus - ok
11:37:46.0003 4072 COMSysApp - ok
11:37:46.0033 4072 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:37:46.0043 4072 crcdisk - ok
11:37:46.0083 4072 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:37:46.0133 4072 CryptSvc - ok
11:37:46.0173 4072 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
11:37:46.0243 4072 CtClsFlt - ok
11:37:46.0284 4072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:37:46.0300 4072 DcomLaunch - ok
11:37:46.0331 4072 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:37:46.0347 4072 defragsvc - ok
11:37:46.0394 4072 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:37:46.0456 4072 DfsC - ok
11:37:46.0503 4072 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:37:46.0534 4072 Dhcp - ok
11:37:46.0550 4072 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:37:46.0565 4072 discache - ok
11:37:46.0596 4072 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:37:46.0596 4072 Disk - ok
11:37:46.0628 4072 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:37:46.0643 4072 Dnscache - ok
11:37:46.0706 4072 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
11:37:46.0706 4072 DockLoginService - ok
11:37:46.0752 4072 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:37:46.0752 4072 dot3svc - ok
11:37:46.0784 4072 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:37:46.0784 4072 DPS - ok
11:37:46.0830 4072 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:37:46.0830 4072 drmkaud - ok
11:37:46.0893 4072 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:37:46.0971 4072 DXGKrnl - ok
11:37:47.0002 4072 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:37:47.0002 4072 EapHost - ok
11:37:47.0096 4072 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:37:47.0142 4072 ebdrv - ok
11:37:47.0174 4072 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:37:47.0174 4072 EFS - ok
11:37:47.0236 4072 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:37:47.0252 4072 ehRecvr - ok
11:37:47.0283 4072 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:37:47.0283 4072 ehSched - ok
11:37:47.0330 4072 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:37:47.0345 4072 elxstor - ok
11:37:47.0376 4072 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:37:47.0392 4072 ErrDev - ok
11:37:47.0439 4072 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:37:47.0454 4072 EventSystem - ok
11:37:47.0486 4072 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:37:47.0496 4072 exfat - ok
11:37:47.0526 4072 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:37:47.0526 4072 fastfat - ok
11:37:47.0586 4072 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:37:47.0596 4072 Fax - ok
11:37:47.0626 4072 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:37:47.0626 4072 fdc - ok
11:37:47.0656 4072 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:37:47.0656 4072 fdPHost - ok
11:37:47.0666 4072 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:37:47.0666 4072 FDResPub - ok
11:37:47.0696 4072 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:37:47.0696 4072 FileInfo - ok
11:37:47.0716 4072 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:37:47.0726 4072 Filetrace - ok
11:37:47.0736 4072 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:37:47.0746 4072 flpydisk - ok
11:37:47.0776 4072 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:37:47.0836 4072 FltMgr - ok
11:37:47.0896 4072 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:37:47.0906 4072 FontCache - ok
11:37:47.0966 4072 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:37:47.0966 4072 FontCache3.0.0.0 - ok
11:37:47.0996 4072 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:37:48.0006 4072 FsDepends - ok
11:37:48.0046 4072 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:37:48.0116 4072 Fs_Rec - ok
11:37:48.0166 4072 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:37:48.0236 4072 fvevol - ok
11:37:48.0266 4072 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:37:48.0266 4072 gagp30kx - ok
11:37:48.0316 4072 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:37:48.0406 4072 GEARAspiWDM - ok
11:37:48.0476 4072 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
11:37:48.0476 4072 GoToAssist - ok
11:37:48.0526 4072 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:37:48.0536 4072 gpsvc - ok
11:37:48.0636 4072 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:37:48.0636 4072 gupdate - ok
11:37:48.0666 4072 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:37:48.0676 4072 gupdatem - ok
11:37:48.0736 4072 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:37:48.0736 4072 gusvc - ok
11:37:48.0776 4072 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:37:48.0786 4072 hcw85cir - ok
11:37:48.0816 4072 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:37:48.0876 4072 HdAudAddService - ok
11:37:48.0926 4072 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:37:48.0926 4072 HDAudBus - ok
11:37:48.0976 4072 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:37:49.0046 4072 HECIx64 - ok
11:37:49.0056 4072 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:37:49.0056 4072 HidBatt - ok
11:37:49.0076 4072 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:37:49.0086 4072 HidBth - ok
11:37:49.0116 4072 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:37:49.0116 4072 HidIr - ok
11:37:49.0136 4072 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:37:49.0146 4072 hidserv - ok
11:37:49.0196 4072 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:37:49.0256 4072 HidUsb - ok
11:37:49.0336 4072 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
11:37:49.0406 4072 HipShieldK - ok
11:37:49.0446 4072 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:37:49.0456 4072 hkmsvc - ok
11:37:49.0506 4072 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:37:49.0506 4072 HomeGroupListener - ok
11:37:49.0567 4072 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:37:49.0614 4072 HomeGroupProvider - ok
11:37:49.0660 4072 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:37:49.0723 4072 HpSAMD - ok
11:37:49.0785 4072 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:37:49.0848 4072 HTTP - ok
11:37:49.0879 4072 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:37:49.0941 4072 hwpolicy - ok
11:37:49.0972 4072 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:37:49.0988 4072 i8042prt - ok
11:37:50.0035 4072 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:37:50.0035 4072 iaStor - ok
11:37:50.0097 4072 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:37:50.0097 4072 IAStorDataMgrSvc - ok
11:37:50.0144 4072 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:37:50.0206 4072 iaStorV - ok
11:37:50.0269 4072 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:37:50.0284 4072 idsvc - ok
11:37:50.0550 4072 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:37:50.0815 4072 igfx - ok
11:37:50.0846 4072 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:37:50.0846 4072 iirsp - ok
11:37:50.0893 4072 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:37:50.0908 4072 IKEEXT - ok
11:37:50.0955 4072 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
11:37:51.0018 4072 Impcd - ok
11:37:51.0049 4072 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:37:51.0096 4072 IntcDAud - ok
11:37:51.0111 4072 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:37:51.0111 4072 intelide - ok
11:37:51.0142 4072 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:37:51.0142 4072 intelppm - ok
11:37:51.0174 4072 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:37:51.0174 4072 IPBusEnum - ok
11:37:51.0205 4072 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:37:51.0267 4072 IpFilterDriver - ok
11:37:51.0345 4072 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:37:51.0345 4072 iphlpsvc - ok
11:37:51.0392 4072 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:37:51.0439 4072 IPMIDRV - ok
11:37:51.0454 4072 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:37:51.0454 4072 IPNAT - ok
11:37:51.0517 4072 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:37:51.0532 4072 iPod Service - ok
11:37:51.0548 4072 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:37:51.0548 4072 IRENUM - ok
11:37:51.0595 4072 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:37:51.0595 4072 isapnp - ok
11:37:51.0642 4072 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:37:51.0704 4072 iScsiPrt - ok
11:37:51.0720 4072 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:37:51.0735 4072 kbdclass - ok
11:37:51.0766 4072 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:37:51.0844 4072 kbdhid - ok
11:37:51.0860 4072 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:37:51.0860 4072 KeyIso - ok
11:37:51.0891 4072 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:37:51.0954 4072 KSecDD - ok
11:37:51.0985 4072 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:37:52.0078 4072 KSecPkg - ok
11:37:52.0094 4072 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:37:52.0110 4072 ksthunk - ok
11:37:52.0141 4072 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:37:52.0156 4072 KtmRm - ok
11:37:52.0219 4072 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:37:52.0234 4072 LanmanServer - ok
11:37:52.0266 4072 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:37:52.0266 4072 LanmanWorkstation - ok
11:37:52.0312 4072 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:37:52.0312 4072 lltdio - ok
11:37:52.0344 4072 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:37:52.0359 4072 lltdsvc - ok
11:37:52.0390 4072 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:37:52.0390 4072 lmhosts - ok
11:37:52.0468 4072 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:37:52.0468 4072 LMS - ok
11:37:52.0515 4072 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:37:52.0531 4072 LSI_FC - ok
11:37:52.0546 4072 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:37:52.0546 4072 LSI_SAS - ok
11:37:52.0562 4072 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:37:52.0562 4072 LSI_SAS2 - ok
11:37:52.0578 4072 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:37:52.0593 4072 LSI_SCSI - ok
11:37:52.0609 4072 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:37:52.0609 4072 luafv - ok
11:37:52.0671 4072 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:37:52.0734 4072 MBAMProtector - ok
11:37:52.0812 4072 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:37:52.0812 4072 MBAMScheduler - ok
11:37:52.0843 4072 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:37:52.0858 4072 MBAMService - ok
11:37:52.0952 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:37:52.0952 4072 McMPFSvc - ok
11:37:52.0968 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:37:52.0968 4072 mcmscsvc - ok
11:37:52.0983 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:37:52.0999 4072 McNaiAnn - ok
11:37:53.0014 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:37:53.0014 4072 McNASvc - ok
11:37:53.0139 4072 [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
11:37:53.0155 4072 McODS - ok
11:37:53.0155 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:37:53.0170 4072 McOobeSv - ok
11:37:53.0186 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
11:37:53.0186 4072 McProxy - ok
11:37:53.0264 4072 [ 9BBCECBE3FE5AF5958A770DC512D0473 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:37:53.0264 4072 McShield - ok
11:37:53.0311 4072 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:37:53.0373 4072 Mcx2Svc - ok
11:37:53.0389 4072 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:37:53.0389 4072 megasas - ok
11:37:53.0420 4072 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:37:53.0436 4072 MegaSR - ok
11:37:53.0467 4072 [ 2D53234C24B0103FDE0BE06782AA6F80 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
11:37:53.0560 4072 mfeapfk - ok
11:37:53.0607 4072 [ C0EAF4F2367C44157E1DE4817238FEC2 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
11:37:53.0670 4072 mfeavfk - ok
11:37:53.0716 4072 mfeavfk01 - ok
11:37:53.0779 4072 [ 05248F2E6E1AFA6972D058C36199DEB7 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:37:53.0779 4072 mfefire - ok
11:37:53.0810 4072 [ 6856931F9F5B757E9D09369CC35096B9 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
11:37:53.0888 4072 mfefirek - ok
11:37:53.0935 4072 [ 62E4C929A4DB48616B1B90143B48C948 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
11:37:54.0013 4072 mfehidk - ok
11:37:54.0075 4072 [ B5B96149BE124092F577DE54EC7D4D65 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
11:37:54.0075 4072 mferkdet - ok
11:37:54.0122 4072 [ DC5483CAD90D95D65B618E35C66E28DF ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
11:37:54.0122 4072 mfevtp - ok
11:37:54.0169 4072 [ E18162EA85F1531964F8222CC9E25E26 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
11:37:54.0231 4072 mfewfpk - ok
11:37:54.0294 4072 Microsoft SharePoint Workspace Audit Service - ok
11:37:54.0340 4072 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:37:54.0340 4072 MMCSS - ok
11:37:54.0356 4072 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:37:54.0356 4072 Modem - ok
11:37:54.0403 4072 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:37:54.0403 4072 monitor - ok
11:37:54.0418 4072 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:37:54.0434 4072 mouclass - ok
11:37:54.0465 4072 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:37:54.0481 4072 mouhid - ok
11:37:54.0512 4072 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:37:54.0574 4072 mountmgr - ok
11:37:54.0590 4072 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:37:54.0637 4072 mpio - ok
11:37:54.0652 4072 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:37:54.0652 4072 mpsdrv - ok
11:37:54.0715 4072 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:37:54.0715 4072 MpsSvc - ok
11:37:54.0762 4072 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:37:54.0824 4072 MRxDAV - ok
11:37:54.0871 4072 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:37:54.0918 4072 mrxsmb - ok
11:37:54.0949 4072 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:37:54.0996 4072 mrxsmb10 - ok
11:37:55.0011 4072 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:37:55.0058 4072 mrxsmb20 - ok
11:37:55.0089 4072 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:37:55.0136 4072 msahci - ok
11:37:55.0183 4072 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:37:55.0245 4072 msdsm - ok
11:37:55.0276 4072 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:37:55.0292 4072 MSDTC - ok
11:37:55.0323 4072 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:37:55.0339 4072 Msfs - ok
11:37:55.0370 4072 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:37:55.0370 4072 mshidkmdf - ok
11:37:55.0417 4072 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:37:55.0432 4072 msisadrv - ok
11:37:55.0464 4072 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:37:55.0479 4072 MSiSCSI - ok
11:37:55.0479 4072 msiserver - ok
11:37:55.0542 4072 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:37:55.0557 4072 MSK80Service - ok
11:37:55.0588 4072 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:37:55.0588 4072 MSKSSRV - ok
11:37:55.0620 4072 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:37:55.0620 4072 MSPCLOCK - ok
11:37:55.0635 4072 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:37:55.0635 4072 MSPQM - ok
11:37:55.0682 4072 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:37:55.0729 4072 MsRPC - ok
11:37:55.0776 4072 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:37:55.0776 4072 mssmbios - ok
11:37:55.0807 4072 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:37:55.0807 4072 MSTEE - ok
11:37:55.0822 4072 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:37:55.0838 4072 MTConfig - ok
11:37:55.0854 4072 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:37:55.0869 4072 Mup - ok
11:37:55.0916 4072 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:37:55.0916 4072 napagent - ok
11:37:55.0947 4072 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:37:55.0978 4072 NativeWifiP - ok
11:37:56.0010 4072 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:37:56.0025 4072 NDIS - ok
11:37:56.0041 4072 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:37:56.0041 4072 NdisCap - ok
11:37:56.0088 4072 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:37:56.0088 4072 NdisTapi - ok
11:37:56.0134 4072 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:37:56.0197 4072 Ndisuio - ok
11:37:56.0228 4072 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:37:56.0290 4072 NdisWan - ok
11:37:56.0322 4072 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:37:56.0384 4072 NDProxy - ok
11:37:56.0400 4072 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:37:56.0400 4072 NetBIOS - ok
11:37:56.0446 4072 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:37:56.0509 4072 NetBT - ok
11:37:56.0509 4072 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:37:56.0509 4072 Netlogon - ok
11:37:56.0556 4072 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:37:56.0571 4072 Netman - ok
11:37:56.0587 4072 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:37:56.0587 4072 netprofm - ok
11:37:56.0618 4072 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:37:56.0618 4072 NetTcpPortSharing - ok
11:37:56.0649 4072 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:37:56.0649 4072 nfrd960 - ok
11:37:56.0665 4072 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:37:56.0680 4072 NlaSvc - ok
11:37:56.0680 4072 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:37:56.0696 4072 Npfs - ok
11:37:56.0712 4072 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:37:56.0712 4072 nsi - ok
11:37:56.0727 4072 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:37:56.0727 4072 nsiproxy - ok
11:37:56.0805 4072 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:37:56.0836 4072 Ntfs - ok
11:37:56.0852 4072 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:37:56.0868 4072 Null - ok
11:37:56.0900 4072 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:37:56.0978 4072 nvraid - ok
11:37:57.0009 4072 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:37:57.0087 4072 nvstor - ok
11:37:57.0134 4072 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:37:57.0149 4072 nv_agp - ok
11:37:57.0165 4072 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:37:57.0165 4072 ohci1394 - ok
11:37:57.0227 4072 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:37:57.0243 4072 ose - ok
11:37:57.0415 4072 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:37:57.0446 4072 osppsvc - ok
11:37:57.0477 4072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:37:57.0493 4072 p2pimsvc - ok
11:37:57.0524 4072 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:37:57.0539 4072 p2psvc - ok
11:37:57.0586 4072 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:37:57.0633 4072 Parport - ok
11:37:57.0680 4072 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:37:57.0742 4072 partmgr - ok
11:37:57.0758 4072 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:37:57.0773 4072 PcaSvc - ok
11:37:57.0805 4072 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:37:57.0883 4072 pci - ok
11:37:57.0898 4072 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:37:57.0898 4072 pciide - ok
11:37:57.0929 4072 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:37:57.0929 4072 pcmcia - ok
11:37:57.0961 4072 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:37:57.0961 4072 pcw - ok
11:37:57.0992 4072 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:37:57.0992 4072 PEAUTH - ok
11:37:58.0070 4072 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:37:58.0070 4072 PerfHost - ok
11:37:58.0132 4072 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:37:58.0195 4072 pla - ok
11:37:58.0241 4072 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:37:58.0257 4072 PlugPlay - ok
11:37:58.0273 4072 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:37:58.0288 4072 PNRPAutoReg - ok
11:37:58.0319 4072 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:37:58.0319 4072 PNRPsvc - ok
11:37:58.0366 4072 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:37:58.0366 4072 PolicyAgent - ok
11:37:58.0413 4072 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:37:58.0413 4072 Power - ok
11:37:58.0460 4072 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:37:58.0522 4072 PptpMiniport - ok
11:37:58.0553 4072 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:37:58.0553 4072 Processor - ok
11:37:58.0600 4072 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:37:58.0616 4072 ProfSvc - ok
11:37:58.0631 4072 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:37:58.0631 4072 ProtectedStorage - ok
11:37:58.0678 4072 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:37:58.0741 4072 Psched - ok
11:37:58.0772 4072 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:37:58.0850 4072 PxHlpa64 - ok
11:37:58.0912 4072 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:37:58.0943 4072 ql2300 - ok
11:37:58.0990 4072 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:37:58.0990 4072 ql40xx - ok
11:37:59.0021 4072 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:37:59.0037 4072 QWAVE - ok
11:37:59.0053 4072 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:37:59.0053 4072 QWAVEdrv - ok
11:37:59.0068 4072 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:37:59.0068 4072 RasAcd - ok
11:37:59.0115 4072 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:37:59.0115 4072 RasAgileVpn - ok
11:37:59.0131 4072 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:37:59.0146 4072 RasAuto - ok
11:37:59.0177 4072 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:37:59.0240 4072 Rasl2tp - ok
11:37:59.0302 4072 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:37:59.0365 4072 RasMan - ok
11:37:59.0396 4072 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:37:59.0411 4072 RasPppoe - ok
11:37:59.0443 4072 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:37:59.0443 4072 RasSstp - ok
11:37:59.0489 4072 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:37:59.0567 4072 rdbss - ok
11:37:59.0599 4072 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:37:59.0599 4072 rdpbus - ok
11:37:59.0630 4072 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:37:59.0645 4072 RDPCDD - ok
11:37:59.0645 4072 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:37:59.0661 4072 RDPENCDD - ok
11:37:59.0677 4072 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:37:59.0677 4072 RDPREFMP - ok
11:37:59.0708 4072 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:37:59.0770 4072 RDPWD - ok
11:37:59.0833 4072 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:37:59.0895 4072 rdyboost - ok
11:37:59.0911 4072 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:37:59.0926 4072 RemoteAccess - ok
11:37:59.0957 4072 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:37:59.0957 4072 RemoteRegistry - ok
11:38:00.0020 4072 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:38:00.0020 4072 RFCOMM - ok
11:38:00.0051 4072 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:38:00.0051 4072 RpcEptMapper - ok
11:38:00.0067 4072 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:38:00.0067 4072 RpcLocator - ok
11:38:00.0113 4072 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
11:38:00.0113 4072 RpcSs - ok
11:38:00.0160 4072 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:38:00.0160 4072 rspndr - ok
11:38:00.0223 4072 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
11:38:00.0285 4072 RSUSBSTOR - ok
11:38:00.0316 4072 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:38:00.0394 4072 RTL8167 - ok
11:38:00.0410 4072 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:38:00.0410 4072 SamSs - ok
11:38:00.0441 4072 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:38:00.0503 4072 sbp2port - ok
11:38:00.0535 4072 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:38:00.0550 4072 SCardSvr - ok
11:38:00.0597 4072 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:38:00.0659 4072 scfilter - ok
11:38:00.0737 4072 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:38:00.0753 4072 Schedule - ok
11:38:00.0784 4072 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:38:00.0784 4072 SCPolicySvc - ok
11:38:00.0831 4072 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:38:00.0878 4072 SDRSVC - ok
11:38:00.0925 4072 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:38:00.0925 4072 secdrv - ok
11:38:00.0956 4072 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:38:01.0034 4072 seclogon - ok
11:38:01.0081 4072 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:38:01.0096 4072 SENS - ok
11:38:01.0112 4072 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:38:01.0112 4072 SensrSvc - ok
11:38:01.0127 4072 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:38:01.0143 4072 Serenum - ok
11:38:01.0174 4072 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:38:01.0190 4072 Serial - ok
11:38:01.0221 4072 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:38:01.0221 4072 sermouse - ok
11:38:01.0268 4072 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:38:01.0299 4072 SessionEnv - ok
11:38:01.0346 4072 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:38:01.0346 4072 sffdisk - ok
11:38:01.0361 4072 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:38:01.0377 4072 sffp_mmc - ok
11:38:01.0408 4072 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:38:01.0471 4072 sffp_sd - ok
11:38:01.0471 4072 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:38:01.0471 4072 sfloppy - ok
11:38:01.0533 4072 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:38:01.0549 4072 SharedAccess - ok
11:38:01.0595 4072 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:38:01.0642 4072 ShellHWDetection - ok
11:38:01.0673 4072 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:38:01.0673 4072 SiSRaid2 - ok
11:38:01.0673 4072 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:38:01.0689 4072 SiSRaid4 - ok
11:38:01.0736 4072 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:38:01.0736 4072 SkypeUpdate - ok
11:38:01.0767 4072 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:38:01.0767 4072 Smb - ok
11:38:01.0814 4072 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:38:01.0814 4072 SNMPTRAP - ok
11:38:01.0829 4072 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:38:01.0845 4072 spldr - ok
11:38:01.0876 4072 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:38:01.0892 4072 Spooler - ok
11:38:02.0001 4072 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:38:02.0032 4072 sppsvc - ok
11:38:02.0048 4072 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:38:02.0048 4072 sppuinotify - ok
11:38:02.0095 4072 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
11:38:02.0110 4072 sprtsvc_DellSupportCenter - ok
11:38:02.0141 4072 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:38:02.0204 4072 srv - ok
11:38:02.0219 4072 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:38:02.0266 4072 srv2 - ok
11:38:02.0282 4072 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:38:02.0329 4072 srvnet - ok
11:38:02.0360 4072 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:38:02.0360 4072 SSDPSRV - ok
11:38:02.0375 4072 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:38:02.0375 4072 SstpSvc - ok
11:38:02.0422 4072 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:38:02.0422 4072 STacSV - ok
11:38:02.0438 4072 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:38:02.0438 4072 stexstor - ok
11:38:02.0485 4072 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:38:02.0547 4072 STHDA - ok
11:38:02.0609 4072 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:38:02.0672 4072 stisvc - ok
11:38:02.0703 4072 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:38:02.0703 4072 swenum - ok
11:38:02.0750 4072 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:38:02.0750 4072 swprv - ok
11:38:02.0797 4072 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:38:02.0875 4072 SynTP - ok
11:38:02.0937 4072 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:38:02.0953 4072 SysMain - ok
11:38:02.0999 4072 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:38:03.0031 4072 TabletInputService - ok
11:38:03.0062 4072 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:38:03.0093 4072 TapiSrv - ok
11:38:03.0124 4072 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:38:03.0140 4072 TBS - ok
11:38:03.0233 4072 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:38:03.0249 4072 Tcpip - ok
11:38:03.0296 4072 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:38:03.0296 4072 TCPIP6 - ok
11:38:03.0311 4072 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:38:03.0358 4072 tcpipreg - ok
11:38:03.0405 4072 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:38:03.0421 4072 TDPIPE - ok
11:38:03.0452 4072 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:38:03.0530 4072 TDTCP - ok
11:38:03.0561 4072 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:38:03.0639 4072 tdx - ok
11:38:03.0655 4072 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:38:03.0686 4072 TermDD - ok
11:38:03.0748 4072 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:38:03.0748 4072 TermService - ok
11:38:03.0779 4072 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:38:03.0779 4072 Themes - ok
11:38:03.0795 4072 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:38:03.0795 4072 THREADORDER - ok
11:38:03.0811 4072 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:38:03.0811 4072 TrkWks - ok
11:38:03.0873 4072 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:38:03.0873 4072 TrustedInstaller - ok
11:38:03.0920 4072 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:38:03.0982 4072 tssecsrv - ok
11:38:04.0060 4072 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:38:04.0060 4072 TsUsbFlt - ok
11:38:04.0107 4072 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:38:04.0185 4072 tunnel - ok
11:38:04.0216 4072 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:38:04.0216 4072 uagp35 - ok
11:38:04.0263 4072 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:38:04.0325 4072 udfs - ok
11:38:04.0357 4072 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:38:04.0372 4072 UI0Detect - ok
11:38:04.0403 4072 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:38:04.0403 4072 uliagpkx - ok
11:38:04.0450 4072 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:38:04.0544 4072 umbus - ok
11:38:04.0559 4072 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:38:04.0559 4072 UmPass - ok
11:38:04.0715 4072 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:38:04.0715 4072 UNS - ok
11:38:04.0747 4072 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:38:04.0762 4072 upnphost - ok
11:38:04.0793 4072 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:38:04.0871 4072 USBAAPL64 - ok
11:38:04.0934 4072 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:38:05.0012 4072 usbccgp - ok
11:38:05.0059 4072 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:38:05.0059 4072 usbcir - ok
11:38:05.0090 4072 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:38:05.0137 4072 usbehci - ok
11:38:05.0168 4072 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:38:05.0246 4072 usbhub - ok
11:38:05.0261 4072 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:38:05.0308 4072 usbohci - ok
11:38:05.0324 4072 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:38:05.0339 4072 usbprint - ok
11:38:05.0386 4072 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:38:05.0386 4072 usbscan - ok
11:38:05.0417 4072 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:38:05.0480 4072 USBSTOR - ok
11:38:05.0511 4072 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:38:05.0558 4072 usbuhci - ok
11:38:05.0589 4072 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:38:05.0667 4072 usbvideo - ok
11:38:05.0683 4072 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:38:05.0683 4072 UxSms - ok
11:38:05.0698 4072 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:38:05.0698 4072 VaultSvc - ok
11:38:05.0761 4072 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:38:05.0761 4072 vdrvroot - ok
11:38:05.0807 4072 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:38:05.0870 4072 vds - ok
11:38:05.0901 4072 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:38:05.0917 4072 vga - ok
11:38:05.0932 4072 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:38:05.0948 4072 VgaSave - ok
11:38:05.0979 4072 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:38:05.0979 4072 vhdmp - ok
11:38:06.0010 4072 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:38:06.0026 4072 viaide - ok
11:38:06.0057 4072 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:38:06.0135 4072 volmgr - ok
11:38:06.0182 4072 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:38:06.0260 4072 volmgrx - ok
11:38:06.0260 4072 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:38:06.0275 4072 volsnap - ok
11:38:06.0291 4072 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:38:06.0307 4072 vsmraid - ok
11:38:06.0369 4072 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:38:06.0447 4072 VSS - ok
11:38:06.0463 4072 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:38:06.0463 4072 vwifibus - ok
11:38:06.0478 4072 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:38:06.0494 4072 vwififlt - ok
11:38:06.0525 4072 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:38:06.0541 4072 W32Time - ok
11:38:06.0556 4072 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:38:06.0572 4072 WacomPen - ok
11:38:06.0619 4072 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:38:06.0681 4072 WANARP - ok
11:38:06.0681 4072 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:38:06.0681 4072 Wanarpv6 - ok
11:38:06.0759 4072 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:38:06.0837 4072 WatAdminSvc - ok
11:38:06.0899 4072 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:38:06.0962 4072 wbengine - ok
11:38:06.0993 4072 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:38:06.0993 4072 WbioSrvc - ok
11:38:07.0040 4072 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:38:07.0102 4072 wcncsvc - ok
11:38:07.0118 4072 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:38:07.0118 4072 WcsPlugInService - ok
11:38:07.0149 4072 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:38:07.0165 4072 Wd - ok
11:38:07.0211 4072 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:38:07.0289 4072 Wdf01000 - ok
11:38:07.0305 4072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:38:07.0321 4072 WdiServiceHost - ok
11:38:07.0321 4072 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:38:07.0331 4072 WdiSystemHost - ok
11:38:07.0371 4072 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:38:07.0431 4072 WebClient - ok
11:38:07.0461 4072 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:38:07.0461 4072 Wecsvc - ok
11:38:07.0491 4072 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:38:07.0501 4072 wercplsupport - ok
11:38:07.0561 4072 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:38:07.0561 4072 WerSvc - ok
11:38:07.0601 4072 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:38:07.0601 4072 WfpLwf - ok
11:38:07.0671 4072 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
11:38:07.0741 4072 WimFltr - ok
11:38:07.0761 4072 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:38:07.0761 4072 WIMMount - ok
11:38:07.0781 4072 WinDefend - ok
11:38:07.0791 4072 WinHttpAutoProxySvc - ok
11:38:07.0841 4072 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:38:07.0841 4072 Winmgmt - ok
11:38:07.0921 4072 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:38:07.0981 4072 WinRM - ok
11:38:08.0051 4072 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:38:08.0111 4072 WinUsb - ok
11:38:08.0141 4072 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:38:08.0161 4072 Wlansvc - ok
11:38:08.0271 4072 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:38:08.0291 4072 wlidsvc - ok
11:38:08.0331 4072 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
11:38:08.0331 4072 wltrysvc - ok
11:38:08.0381 4072 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:38:08.0381 4072 WmiAcpi - ok
11:38:08.0421 4072 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:38:08.0431 4072 wmiApSrv - ok
11:38:08.0461 4072 WMPNetworkSvc - ok
11:38:08.0511 4072 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:38:08.0521 4072 WPCSvc - ok
11:38:08.0561 4072 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:38:08.0621 4072 WPDBusEnum - ok
11:38:08.0651 4072 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:38:08.0661 4072 ws2ifsl - ok
11:38:08.0671 4072 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:38:08.0681 4072 wscsvc - ok
11:38:08.0691 4072 WSearch - ok
11:38:08.0781 4072 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:38:08.0801 4072 wuauserv - ok
11:38:08.0841 4072 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:38:08.0891 4072 WudfPf - ok
11:38:08.0931 4072 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:38:09.0001 4072 WUDFRd - ok
11:38:09.0031 4072 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:38:09.0031 4072 wudfsvc - ok
11:38:09.0081 4072 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:38:09.0081 4072 WwanSvc - ok
11:38:09.0111 4072 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:38:09.0121 4072 yukonw7 - ok
11:38:09.0141 4072 ================ Scan global ===============================
11:38:09.0151 4072 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:38:09.0191 4072 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:38:09.0201 4072 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
11:38:09.0231 4072 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:38:09.0261 4072 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:38:09.0261 4072 [Global] - ok
11:38:09.0261 4072 ================ Scan MBR ==================================
11:38:09.0281 4072 [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
11:38:09.0464 4072 \Device\Harddisk0\DR0 - ok
11:38:09.0464 4072 ================ Scan VBR ==================================
11:38:09.0464 4072 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
11:38:09.0480 4072 \Device\Harddisk0\DR0\Partition1 - ok
11:38:09.0495 4072 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
11:38:09.0495 4072 \Device\Harddisk0\DR0\Partition2 - ok
11:38:09.0495 4072 ============================================================
11:38:09.0495 4072 Scan finished
11:38:09.0495 4072 ============================================================
11:38:09.0511 3344 Detected object count: 0
11:38:09.0511 3344 Actual detected object count: 0
  • 0

#9
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/12/2012 12:17:58 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/12/2012 6:08:10 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 16/12/2012 6:04:21 PM
Type: Warning Category: 0
Event: 1073 Source: USER32
The attempt by user lockhart\sdryan to restart/shutdown computer LOCKHART failed
  • 0

#10
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 16/12/2012 12:20:06 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 16/12/2012 6:04:51 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 15 user registry handles leaked from \Registry\User\S-1-5-21-4211979507-3276510843-2869536036-1001:
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\Disallowed
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\Root
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\My
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\CA
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\TrustedPeople
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Microsoft\SystemCertificates\trust
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Policies\Microsoft\SystemCertificates
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Policies\Microsoft\SystemCertificates
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Policies\Microsoft\SystemCertificates
Process 2356 (\Device\HarddiskVolume3\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE) has opened key \REGISTRY\USER\S-1-5-21-4211979507-3276510843-2869536036-1001\Software\Policies\Microsoft\SystemCertificates
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
No sign of malware but aswMBR did not complete. Can you run it again? Then I have some more scans for you.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a View Report option at the bottom. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#12
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 95.48 0 K 24 K
procexp64.exe 1680 2.42 32,960 K 52,732 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
dwm.exe 600 0.55 68,208 K 23,900 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a 0.38 0 K 0 K Hardware Interrupts and DPCs
SynTPEnh.exe 3188 0.20 9,232 K 3,540 K Synaptics TouchPad Enhancements Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
explorer.exe 2064 0.19 42,620 K 28,316 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
System 4 0.18 140 K 992 K
csrss.exe 612 0.18 4,060 K 8,892 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
iexplore.exe 5432 0.07 180,376 K 68,864 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
BCMWLTRY.EXE 1404 0.05 43,396 K 10,764 K DW WLAN Card Wireless Network Controller Dell Inc. (Unable to verify) Dell Inc.
McSvHost.exe 2768 0.05 43,132 K 20,944 K McAfee Service Host McAfee, Inc. (Verified) McAfee
RoxioBurnLauncher.exe 4212 0.04 3,328 K 1,828 K Roxio Burn Launcher (Verified) Sonic Solutions
svchost.exe 364 0.04 245,512 K 224,368 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
WLTRAY.EXE 2720 0.03 41,108 K 10,428 K DW WLAN Card Wireless Network Tray Applet Dell Inc. (Unable to verify) Dell Inc.
svchost.exe 828 0.03 5,028 K 3,876 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
LMS.exe 1808 0.02 2,748 K 1,736 K Local Manageability Service Intel Corporation (Verified) Intel Corporation
IAStorDataMgrSvc.exe 1100 0.02 19,612 K 3,600 K IAStorDataSvc Intel Corporation (Verified) Intel Corporation
DellDock.exe 3380 0.01 51,052 K 21,728 K Dell Dock Stardock Corporation (Verified) Stardock Corporation
services.exe 656 0.01 10,356 K 5,988 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
BTTray.exe 3764 0.01 6,792 K 1,468 K Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
GROOVE.EXE 2636 0.01 18,404 K 13,272 K Microsoft SharePoint Workspace Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 492 < 0.01 33,608 K 23,964 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 5048 < 0.01 3,280 K 1,664 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
AppleMobileDeviceService.exe 1608 < 0.01 3,380 K 1,196 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
svchost.exe 4744 < 0.01 2,236 K 1,368 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1212 < 0.01 18,168 K 10,044 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
mbamgui.exe 2224 < 0.01 3,268 K 1,276 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
MSOSYNC.EXE 3972 < 0.01 5,352 K 3,096 K Microsoft Office Document Cache Microsoft Corporation (Verified) Microsoft Corporation
iexplore.exe 5840 < 0.01 23,056 K 18,292 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 3088 < 0.01 41,112 K 12,188 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 536 < 0.01 2,624 K 2,140 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
UNS.exe 776 < 0.01 4,760 K 2,388 K User Notification Service Intel Corporation (Verified) Intel Corporation
wmpnetwk.exe 3152 < 0.01 13,084 K 6,280 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1080 < 0.01 9,208 K 6,348 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1332 < 0.01 1,944 K 1,364 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
BTStackServer.exe 4880 < 0.01 30,948 K 2,724 K Bluetooth Stack COM Server Broadcom Corporation. (Verified) Broadcom Corporation
svchost.exe 1764 < 0.01 9,308 K 13,480 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
MpCmdRun.exe 5772 < 0.01 4,996 K 9,304 K Microsoft Malware Protection Command Line Utility Microsoft Corporation (Verified) Microsoft Windows
IAStorIcon.exe 2964 < 0.01 25,936 K 4,272 K IAStorIcon Intel Corporation (Verified) Intel Corporation
GoogleToolbarNotifier.exe 2816 < 0.01 2,756 K 1,404 K GoogleToolbarNotifier Google Inc. (Verified) Google Inc
iTunesHelper.exe 4316 < 0.01 4,152 K 812 K iTunesHelper Apple Inc. (Verified) Apple Inc.
stacsv64.exe 560 < 0.01 7,264 K 3,016 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
WmiPrvSE.exe 7748 2,924 K 6,312 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLTRYSVC.EXE 1324 1,480 K 428 K DW WLAN Card Wireless Network Service Dell Inc. (Unable to verify) Dell Inc.
WLIDSVCM.EXE 2640 1,504 K 424 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WLIDSVC.EXE 2300 5,672 K 2,220 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 764 3,396 K 1,556 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 592 1,676 K 252 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
WebcamDell2.exe 2744 31,084 K 736 K WebcamDell2.exe Creative Technology Ltd (Unable to verify) Creative Technology Ltd
taskhost.exe 1564 8,484 K 3,520 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 3976 1,564 K 580 K Synaptics Pointing Device Helper Synaptics Incorporated (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 1500 32,264 K 16,264 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2128 42,772 K 31,384 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 128 24,008 K 8,512 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 904 7,364 K 5,148 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3108 2,740 K 640 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2096 2,292 K 704 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 3748 7,584 K 828 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
sprtsvc.exe 5092 4,364 K 560 K SupportSoft Agent Service SupportSoft, Inc. (Verified) Dell Inc.
sprtcmd.exe 4636 15,168 K 1,240 K Dell Support Center Updates SupportSoft, Inc. (Verified) Dell Inc.
spoolsv.exe 1460 7,644 K 2,872 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 328 524 K 368 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sidebar.exe 2992 18,416 K 19,016 K Windows Desktop Gadgets Microsoft Corporation (Verified) Microsoft Windows
realsched.exe 4968 3,284 K 884 K RealNetworks Scheduler RealNetworks, Inc. (Verified) RealNetworks
procexp.exe 5488 2,584 K 6,816 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OSPPSVC.EXE 4888 4,224 K 652 K Microsoft Office Software Protection Platform Service Microsoft Corporation (Verified) Microsoft Corporation
ONENOTEM.EXE 4788 1,328 K 336 K Microsoft OneNote Quick Launcher Microsoft Corporation (Verified) Microsoft Corporation
mfevtps.exe 1888 3,560 K 3,640 K McAfee Process Validation Service McAfee, Inc. (Verified) McAfee
mfefire.exe 2664 3,744 K 2,728 K McAfee Core Firewall Service McAfee, Inc. (Verified) McAfee
mDNSResponder.exe 1708 2,876 K 2,344 K Bonjour Service Apple Inc. (Verified) Apple Inc.
mcshield.exe 2328 224,200 K 82,544 K McAfee On-Access Scanner service McAfee, Inc. (Verified) McAfee
mcagent.exe 4360 25,232 K 2,520 K McAfee Security Center McAfee, Inc. (Verified) McAfee
mbamservice.exe 1868 113,272 K 37,772 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamscheduler.exe 1848 2,292 K 436 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lsm.exe 684 2,980 K 1,800 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 676 6,184 K 6,272 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
jusched.exe 4568 1,208 K 332 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America
igfxtray.exe 3200 3,032 K 952 K igfxTray Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3404 3,320 K 1,200 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
hkcmd.exe 3004 3,624 K 676 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
GoogleToolbarUser_32.exe 5332 6,688 K 2,972 K Google Toolbar Broker Google Inc. (Verified) Google Inc
FlashUtil32_11_5_502_135_ActiveX.exe 7140 3,224 K 2,984 K Adobe® Flash® Player Installer/Uninstaller 11.5 r502 Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
DockLogin.exe 1136 1,172 K 380 K Dock Login Service Stardock Corporation (Unable to verify) Stardock Corporation
conhost.exe 1340 1,064 K 420 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
btwdins.exe 1732 2,460 K 664 K Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
BluetoothHeadsetProxy.exe 5524 1,340 K 308 K Bluetooth Headset Skype Proxy Broadcom Corporation. (Verified) Broadcom Corporation
audiodg.exe 5596 18,152 K 17,624 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
AESTSr64.exe 1580 1,288 K 400 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
  • 0

#13
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Sun Dec 16 15:05:13 2012
Machine ID: 7C4E86D4



No infection found.
-------------------



Processes
---------
Process Explorer 5488 C:\Users\sdryan\Desktop\procexp.exe
(verified) Adobe® Flash® Player Installer/Uninstal 7140 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
(verified) Bluetooth Software 5524 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(verified) Dell Support Center Updates 4636 C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(verified) Dell Webcam Central 2744 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(verified) Dock Login Service 1136 C:\Program Files\Dell\DellDock\DockLogin.exe
(verified) Google Toolbar for Internet Explorer 5332 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(verified) GoogleToolbarNotifier 2816 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) IAStorDataSvc 1100 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(verified) IAStorIcon 2964 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) Intel® Active Management Technology L 1808 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified) Intel® Management & Security Applicat 776 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(verified) iTunes 4316 C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java™ Platform SE Auto Updater 2 0 4568 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes Anti-Malware 2224 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) Malwarebytes Anti-Malware 1848 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(verified) Malwarebytes Anti-Malware 1868 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Microsoft Office 2010 2636 C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(verified) Microsoft Office 2010 3972 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(verified) Microsoft OneNote 4788 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(verified) MobileDeviceService 1608 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(verified) RealPlayer (32-bit) 4968 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(verified) Roxio Burn 4212 C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(verified) SupportSoft sprtsvc 5092 C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(verified) Windows® Internet Explorer 4284 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 5432 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 5840 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 6572 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 7896 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process GROOVE.EXE (2636) connected on port 443 (HTTP over SSL) --> 65.55.122.231
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 131.253.13.140
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 131.253.13.140
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.42.11
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.42.11
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.54.161.24
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.54.161.24
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.42.59
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.42.59
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.123
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.123
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.36.162
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.36.162
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 54.243.110.66
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.139
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.139
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 443 (HTTP over SSL) --> 31.13.65.23
Process iexplore.exe (4284) connected on port 443 (HTTP over SSL) --> 23.64.146.110
Process iexplore.exe (4284) connected on port 443 (HTTP over SSL) --> 23.64.146.110
Process iexplore.exe (4284) connected on port 443 (HTTP over SSL) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 23.64.159.144
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.36.57
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 107.14.36.57
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 31.13.65.23
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 12.129.210.71
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 66.235.155.28
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 66.235.155.28
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 173.194.77.138
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 173.194.77.138
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 64.94.107.48
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.121
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.121
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 173.194.77.138
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.57
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.57
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.84
Process iexplore.exe (4284) connected on port 80 (HTTP) --> 74.125.227.84
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 131.253.14.179
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 131.253.14.179
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.232
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 107.14.42.11
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.54.161.24
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.54.161.24
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.239.146
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.123
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.123
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 107.14.36.40
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.233
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.55.5.231
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 54.243.110.66
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 54.243.110.66
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 107.14.36.41
Process iexplore.exe (7896) connected on port 443 (HTTP over SSL) --> 31.13.65.23
Process iexplore.exe (7896) connected on port 443 (HTTP over SSL) --> 23.64.146.110
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.54.165.64
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 65.54.165.64
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 107.14.36.57
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 31.13.65.23
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 173.194.77.138
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 173.194.77.138
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.121
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.121
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.57
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.57
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.84
Process iexplore.exe (7896) connected on port 80 (HTTP) --> 74.125.227.84

Process GROOVE.EXE (2636) listens on ports: 2492


Autoruns and critical files
---------------------------
(unsigned) DW WLAN Card Wireless Network Tray Appl C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(verified) Dell Dock C:\Program Files\Dell\DellDock\DellDock.exe
(verified) Dell Support Center Updates C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(verified) Dell Webcam Central C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) IDT PC Audio C:\Program Files\IDT\WDM\sttray64.exe
(verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(verified) Microsoft OneNote C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) RealNetworks Installer (32-bit) C:\Users\sdryan\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe
(verified) RealPlayer (32-bit) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(verified) Roxio Burn C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Browser plugins
---------------
(unsigned) 3DVIA player C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
(unsigned) QuickTime Plug-in 7.7.2 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
(unsigned) RealJukebox NS Plugin c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
(unsigned) RealNetworks™ Chrome Background Exte C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
(unsigned) RealPlayer Version Plugin c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
(unsigned) RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
(unsigned) Shockwave for Director C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Google Toolbar for Internet Explorer C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verified) Java Deployment Toolkit 7.0.90.5 C:\Windows\SysWOW64\npDeployJava1.dll
(verified) Java™ Platform SE 7 U9 C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
(verified) Java™ Platform SE 7 U9 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
(verified) Java™ Platform SE 7 U9 C:\Program Files (x86)\Java\jre7\bin\ssv.dll
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
(verified) Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
(verified) npMcSnFFPl.dll c:\Program Files (x86)\McAfee\msc\npMcSnFFPl.dll
(verified) NPSWF32_11_5_502_135.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
(verified) PhotoCenter Active X control C:\Windows\Downloaded Program Files\Photochannel.dll
(verified) RealPlayer Download and Record Plugin c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
(verified) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
(verified) Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
(verified) Unity Player C:\Users\sdryan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
(verified) VSCORE C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120712163457.dll
(verified) Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll


Missing files
-------------
File not found: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
--> HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\""C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe""


Scan
----
MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files (x86)\Dell Support Center\bin\LIBEAY32.dll
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 2f7480a40151eb2e483cf6524edba3f7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 916a2c4eb028604783fd5ea169236c1d C:\Program Files (x86)\QuickTime\QTTask.exe
MD5: 52adf2256e4df1f2837270617ba27b3c c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
MD5: 03b65f4a482da5bcb6f43d12cc51475a c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
MD5: a1f65c68412d0ea9e224c4d5d271ab0e C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
MD5: d98ef2e62b94f243e1baf4350bf48c61 C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
MD5: dfabb5c6a9e7c54dd92b71ba6c0f6ecd C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome14browserrecordhelper.dll
MD5: ffbc753853d0dc6fae5494864553c833 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
MD5: 405c0112d5a83d06d1278df1a76488b3 C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 7958203ef26fdfea02f3b7f9af6f12f1 C:\Users\sdryan\Desktop\procexp.exe
MD5: 818a6e89af813786c5c95eaf2fd9a691 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\1f7306c8340fbdd95d01221eb1b15cd4\IAStorDataMgr.ni.dll
MD5: e284d8a7cd99c11ce01a244724896b9f C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\9a6a85e6e2213b92321e2762a27dff8a\IAStorDataMgrSvc.ni.exe
MD5: 7d3b035f87f4317aa62940690c0129c1 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f8a5720490e4b18a525e77a06117b045\IAStorUtil.ni.dll
MD5: 0ee4989a1c35f3798c41eb04a6b899ce C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4da7ef2c9e141fcea4078034db8b17bf\IsdiInterop.ni.dll
MD5: 31d59387099070963ead4ce14c5b5f04 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MD5: 7221e380fb8bfcf0160b9d4e704e7e77 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MD5: 2a72853494912bb034af7ac1c86ec04e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MD5: 78b476db024d3245e1e159e50dbb305f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MD5: 30b94a855f4c86212f98bb184a30ca96 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\17796f2951c17ebf92dd4b7c9b3ce556\System.ServiceProcess.ni.dll
MD5: 79e90a8067069f9323ba8fa4cae56c65 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MD5: ac6a3801f3cde7eb41b3f52e9b0a1c2b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MD5: 43104328e99680fcf282e71cc45cb5d2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MD5: 6d6596e046ca6a61de250ad3a281a1af C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MD5: 858716ced10dbbf0bc5748f71ed2f59d C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MD5: 108c2cfa5527458c096a699929ecbd80 C:\Windows\system32\credui.dll
MD5: 3d3caf586124c4e8102764c8b3063bb6 C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.11 KB recvd
Scanned 479 files and modules - 7 seconds

==============================================================================
  • 0

#14
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
C:\Users\sdryan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6bbd7c08-6a7f8e8a a variant of Java/Exploit.CVE-2012-1723.CT trojan deleted - quarantined
  • 0

#15
Hangdown99

Hangdown99

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-16 17:12:06
-----------------------------
17:12:06.937 OS Version: Windows x64 6.1.7601 Service Pack 1
17:12:06.937 Number of processors: 4 586 0x2505
17:12:06.952 ComputerName: LOCKHART UserName: sdryan
17:12:08.933 Initialize success
17:37:13.862 AVAST engine defs: 12121601
17:39:01.731 The log file has been saved successfully to "C:\Users\sdryan\Desktop\aswMBR.txt"
17:39:15.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:39:15.851 Disk 0 Vendor: SAMSUNG_ 2AJ1 Size: 476940MB BusType: 3
17:39:15.866 Disk 0 MBR read successfully
17:39:15.866 Disk 0 MBR scan
17:39:15.882 Disk 0 Windows 7 default MBR code
17:39:15.882 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
17:39:15.913 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
17:39:15.944 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
17:39:15.960 Disk 0 scanning C:\Windows\system32\drivers
17:39:32.979 Service scanning
17:40:02.528 Modules scanning
17:40:04.306 AVAST engine scan C:\Windows
17:40:11.451 AVAST engine scan C:\Windows\system32
17:45:14.536 AVAST engine scan C:\Windows\system32\drivers
17:45:40.760 AVAST engine scan C:\Users\sdryan
17:47:09.820 Disk 0 MBR has been saved successfully to "C:\Users\sdryan\Desktop\MBR.dat"
17:47:09.820 The log file has been saved successfully to "C:\Users\sdryan\Desktop\1aswMBR.txt"
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP