Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Redirect ....HELP!


  • This topic is locked This topic is locked
17 replies to this topic

#1 jet222

jet222

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 08 May 2012 - 08:37 AM

i have recently purchased a new computer, it is only about 1 month old. it is running windows 7 64-bit. i began installing all my programs, and when i was bascially complete, i had gotten a blue screen, and was now unable to start my computer at all (this was only after 2 days). since it was so new, and i really hadn't put any information on it yet, i used the dell recovery discs i had created when i first turned my computer on to bring it back to "out of the box" condition, and it seemed to be working fine.

i started using my computer last wednesday, and i went to do a google search and i was redirected to "happili" on any link i clicked on. so i am guessing i have some sort of malware on my computer. i left my computer running all night and when i sat in front of it on thursday, it was not happening anymore, and i did not attempt anything to correct the problem

i am running trend micro maximum security 2012 on this computer and it has failed to stop the original problem and this one

since i am running 64-bit, i did not make a GMER log

thanks

------------------------------------------------------------------------------------------

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Xps8300 at 9:30:38 on 2012-05-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5750 [GMT -4:00]
.
AV: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Enabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\WUDFHost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yankees.com/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Adobe] rundll32.exe "C:\Users\Xps8300\AppData\Local\ATI\Adobe\qrnoxrx.dll",DllRegisterServer
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\Xps8300\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe
StartupFolder: C:\Users\Xps8300\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: windowsymbols.com\www
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 167.206.254.2 167.206.254.1
TCP: Interfaces\{A0220A9F-E4B0-42DF-96A8-00E52753CC6F} : DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 167.206.254.2 167.206.254.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
BHO-X64: Trend Micro Toolbar BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 Sahdad64;HDD Filter Driver;C:\Windows\system32\Drivers\Sahdad64.sys --> C:\Windows\system32\Drivers\Sahdad64.sys [?]
R0 Saibad64;Volume Filter Driver;C:\Windows\system32\Drivers\Saibad64.sys --> C:\Windows\system32\Drivers\Saibad64.sys [?]
R1 SaibVdAd64;Virtual Disk Driver;C:\Windows\system32\Drivers\SaibVdAd64.sys --> C:\Windows\system32\Drivers\SaibVdAd64.sys [?]
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-6-2 457200]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-10 275912]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-2-2 18656]
R2 BOT4Service;BOT4Service;C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-8-30 39408]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-28 13592]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 116648]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-7-16 354288]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-28 1691848]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 257696]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-4-10 1431888]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-10 116648]
S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?]
S3 RoxMediaDB13;RoxMediaDB13;C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-7-16 1099248]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-08 11:58:10 -------- d-----w- C:\Users\Xps8300\AppData\Local\{FD6D6CEF-260D-421A-981C-90C696CB26AF}
2012-05-08 11:57:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{52435A1F-41DD-4AD9-B634-EA5458100982}
2012-05-04 19:06:14 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-05-04 19:04:20 -------- d-----w- C:\Users\Xps8300\AppData\Local\{592C3E84-A167-4BEC-BE14-49D183A70A8E}
2012-05-04 19:04:08 -------- d-----w- C:\Users\Xps8300\AppData\Local\{82415842-D6AF-4EC1-A258-A7127F19288E}
2012-05-03 12:12:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{60943718-5628-4C05-9E6A-E15F0733BE55}
2012-05-03 12:12:48 -------- d-----w- C:\Users\Xps8300\AppData\Local\{02189E6A-F08E-4D1B-935C-C8155E425CC8}
2012-05-02 12:02:50 -------- d-----w- C:\Users\Xps8300\AppData\Local\{E698BBB0-499C-4535-B509-2B0743E65774}
2012-05-02 12:02:39 -------- d-----w- C:\Users\Xps8300\AppData\Local\{709DBE29-F5AA-4546-88D0-33F5E0596563}
2012-04-26 12:13:45 -------- d-----w- C:\Users\Xps8300\AppData\Local\{7EF5222D-6F24-444F-B7F9-FDAAB0821C9E}
2012-04-26 12:13:34 -------- d-----w- C:\Users\Xps8300\AppData\Local\{6056499F-D681-4B3E-8ED1-5BEC0B82BC50}
2012-04-25 12:15:16 -------- d-----w- C:\Users\Xps8300\AppData\Local\{B460BA99-8736-441E-AACB-4BE1E7967A3E}
2012-04-25 12:15:05 -------- d-----w- C:\Users\Xps8300\AppData\Local\{19A7B6A0-6CA9-45E3-A026-54661BB88201}
2012-04-24 15:16:57 -------- d-----w- C:\Users\Xps8300\AppData\Local\{73D962DE-FC0F-4D84-B3F5-3462E061DE53}
2012-04-24 15:16:47 -------- d-----w- C:\Users\Xps8300\AppData\Local\{26305F6D-9529-427B-AF1A-AE2896480ED6}
2012-04-24 14:08:10 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll
2012-04-24 13:49:53 52568 ----a-w- C:\Windows\System32\AdobePDF.dll
2012-04-24 03:16:21 -------- d-----w- C:\Users\Xps8300\AppData\Local\{D6E6C24D-7AE1-4BC2-B473-4ED3A6110D81}
2012-04-23 15:15:58 -------- d-----w- C:\Users\Xps8300\AppData\Local\{312904A9-1729-46E7-8C72-A237671565B4}
2012-04-23 03:15:33 -------- d-----w- C:\Users\Xps8300\AppData\Local\{F2DAF23A-2FAA-48ED-90F5-C57938791A9F}
2012-04-23 03:13:05 -------- d-----w- C:\Users\Xps8300\AppData\Local\{134DA933-5E9F-43EF-9D12-6EB4D4AB4CED}
2012-04-22 15:15:09 -------- d-----w- C:\Users\Xps8300\AppData\Local\{831C2649-87E7-4107-8187-368A0AD497AC}
2012-04-22 03:14:45 -------- d-----w- C:\Users\Xps8300\AppData\Local\{5D9B96DF-315B-4216-A09F-A503617D6951}
2012-04-21 15:14:23 -------- d-----w- C:\Users\Xps8300\AppData\Local\{D9C16B68-598F-4F87-9424-F7E2CF20C277}
2012-04-21 03:13:56 -------- d-----w- C:\Users\Xps8300\AppData\Local\{BA3E84E2-073F-452C-942A-A90562EFFE11}
2012-04-20 15:13:29 -------- d-----w- C:\Users\Xps8300\AppData\Local\{89191FA2-B99D-4D57-BDBC-D22BD114077F}
2012-04-20 15:13:18 -------- d-----w- C:\Users\Xps8300\AppData\Local\{3464DA97-0223-401D-B9BB-CC733CD870D0}
2012-04-19 12:00:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{DF192ABF-2BBB-493B-9565-88710CFADB3D}
2012-04-19 12:00:48 -------- d-----w- C:\Users\Xps8300\AppData\Local\{4F0380C4-FDFB-4FCE-ACD1-E6DBC142B6ED}
2012-04-18 12:10:07 -------- d-----w- C:\Users\Xps8300\AppData\Local\{A0C8A40D-A9DB-4936-8416-7F9183C86471}
2012-04-18 12:09:56 -------- d-----w- C:\Users\Xps8300\AppData\Local\{E3D9B7EE-F641-4A56-BE6D-15435F42E37A}
2012-04-17 15:06:24 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\REScheck
2012-04-17 12:08:36 -------- d-----w- C:\Users\Xps8300\AppData\Local\{66411AC6-4BF8-4BA4-8A18-70FC4B88E670}
2012-04-17 12:08:25 -------- d-----w- C:\Users\Xps8300\AppData\Local\{A7D0BBBB-C31D-4E48-95C2-AF69E3138A12}
2012-04-16 12:36:04 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:23:02 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-04-16 12:20:54 -------- d-----w- C:\Users\Xps8300\AppData\Local\{CA80D0CC-1AFF-4B3F-92DE-6EB421E3A2EE}
2012-04-16 12:20:36 -------- d-----w- C:\Users\Xps8300\AppData\Local\{13432EF8-E5E2-4B9B-9C6F-F6B0A063D897}
2012-04-16 12:18:08 -------- d-----w- C:\Windows\en
2012-04-16 12:17:08 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DSETUP.dll
2012-04-16 12:17:08 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DXSETUP.exe
2012-04-16 12:17:08 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\dsetup32.dll
2012-04-16 12:17:08 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\d7da2d971cd1bca06\MeshBetaRemover.exe
2012-04-16 12:09:30 -------- d-----w- C:\Users\Xps8300\AppData\Local\Windows Live
2012-04-16 12:09:13 -------- d-----w- C:\Users\Xps8300\AppData\Local\{8ED755A1-FEA0-4EBE-B92D-A2ED6889D9B2}
2012-04-12 19:43:58 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Roxio Burn
2012-04-12 16:30:12 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Macrovision
2012-04-12 16:29:46 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Sonic Solutions
2012-04-12 16:29:41 -------- d-----w- C:\Users\Xps8300\AppData\Local\Sonic_Solutions
2012-04-12 16:28:39 -------- d-----w- C:\ProgramData\Uninstall
2012-04-12 16:28:32 -------- d-----w- C:\ProgramData\eSellerate
2012-04-12 16:28:21 27632 ------w- C:\Windows\System32\drivers\SaibVdAd64.sys
2012-04-12 16:28:21 27120 ------w- C:\Windows\System32\drivers\Sahdad64.sys
2012-04-12 16:28:21 19952 ------w- C:\Windows\System32\drivers\Saibad64.sys
2012-04-12 16:26:57 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys
2012-04-12 16:26:57 10224 ------w- C:\Windows\System32\drivers\cdralw2k.sys
2012-04-12 16:26:57 10224 ------w- C:\Windows\System32\drivers\cdr4_xp.sys
2012-04-12 16:26:14 -------- d-----w- C:\Program Files (x86)\Common Files\Sonic Shared
2012-04-12 16:24:38 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Roxio Log Files
2012-04-12 11:58:07 -------- d-----w- C:\Users\Xps8300\AppData\Local\{6063ED2B-26FE-4D62-BDDB-F37BC723B74E}
2012-04-11 12:07:59 -------- d-----w- C:\Users\Xps8300\AppData\Local\{12287284-431B-47C6-A06C-DF62E7B6B6D9}
2012-04-10 20:14:53 -------- d-----r- C:\Users\Xps8300\Dropbox
2012-04-10 20:14:03 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Dropbox
2012-04-10 20:03:55 -------- d-----w- C:\Users\Xps8300\AppData\Local\Google
2012-04-10 19:58:52 -------- d-----w- C:\Windows\System32\appmgmt
2012-04-10 19:53:51 -------- d-----w- C:\Users\Xps8300\AppData\Local\Trend Micro
2012-04-10 19:53:03 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-10 19:53:03 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-10 19:53:03 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-10 19:53:01 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-10 19:53:00 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-10 19:52:59 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-10 19:52:32 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-10 19:52:17 -------- d-----w- C:\Program Files\Trend Micro
2012-04-10 19:51:57 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-10 19:47:57 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-10 19:03:00 -------- d-----w- C:\Program Files\Dell Support Center
2012-04-10 19:00:27 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\PCDr
2012-04-10 19:00:03 -------- d-----w- C:\ProgramData\PCDr
2012-04-10 18:53:46 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-04-10 18:53:24 -------- d-----w- C:\Users\Xps8300\AppData\Local\Microsoft Help
2012-04-10 18:48:00 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Southwest Airlines
2012-04-10 18:47:42 8192 ----a-r- C:\Users\Xps8300\AppData\Roaming\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe
2012-04-10 18:47:42 -------- d-----w- C:\Program Files (x86)\Southwest Airlines
2012-04-10 18:47:34 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-04-10 18:46:19 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-10 18:27:34 -------- d-----w- C:\Users\Xps8300\AppData\Local\cache
2012-04-10 18:24:10 -------- d-----w- C:\Users\Xps8300\My Backup Files
2012-04-10 18:20:43 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2012-04-10 18:13:04 -------- d-----w- C:\Users\Xps8300\AppData\Local\Autodesk
2012-04-10 18:13:04 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2012-04-10 18:13:04 -------- d-----w- C:\Program Files\Autodesk
2012-04-10 18:12:49 -------- d-----w- C:\Program Files (x86)\Autodesk
2012-04-10 18:12:19 -------- d-----w- C:\LIBRARY
2012-04-10 18:12:02 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2012-04-10 18:11:53 285024 ----a-w- C:\Windows\System32\d3dx11_42.dll
2012-04-10 18:11:53 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
2012-04-10 18:11:53 2475352 ----a-w- C:\Windows\System32\D3DX9_42.dll
2012-04-10 18:11:53 235344 ----a-w- C:\Windows\SysWow64\d3dx11_42.dll
2012-04-10 18:10:39 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Autodesk
2012-04-10 18:06:15 -------- d-----w- C:\ProgramData\AMD
2012-04-10 18:06:14 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-04-10 18:06:13 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-04-10 18:06:09 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-04-10 18:04:21 -------- d-----w- C:\Program Files\ATI Technologies
2012-04-10 18:03:47 -------- d-----w- C:\AMD
2012-04-10 18:00:30 -------- d-----w- C:\Windows\SysWow64\Wat
2012-04-10 18:00:30 -------- d-----w- C:\Windows\System32\Wat
2012-04-10 17:59:00 -------- d-----w- C:\Users\Xps8300\AppData\Local\Check
2012-04-10 17:56:31 -------- d-----w- C:\Users\Xps8300\AppData\Local\{424BDF73-66FD-4397-A283-AFD25C0657BA}
2012-04-10 17:51:11 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-10 17:51:11 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-10 17:51:11 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-10 17:51:11 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-10 17:51:11 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-10 17:51:11 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-10 17:51:11 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-10 17:46:17 -------- d-----w- C:\Users\Xps8300\AppData\Local\Nero_AG
2012-04-10 17:46:06 -------- d-----w- C:\Users\Xps8300\AppData\Local\Nero
2012-04-10 17:42:33 -------- d-----w- C:\Users\Xps8300\Tracing
2012-04-10 17:36:17 244416 ----a-w- C:\Windows\SysWow64\MSFLXGRD.OCX
2012-04-10 17:36:17 -------- d-----w- C:\Program Files (x86)\Xerox Corporation
2012-04-10 17:36:11 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-04-10 17:36:11 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-04-10 17:36:11 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-04-10 17:36:11 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-04-10 17:36:11 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-04-10 17:36:10 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-04-10 17:36:10 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-04-10 17:34:09 -------- d-----w- C:\Users\Xps8300\AppData\Local\Adobe
2012-04-10 17:33:16 -------- d-----w- C:\Windows\SMINST
2012-04-10 17:04:27 89088 ----a-w- C:\Windows\System32\CNARLMNT.DLL
2012-04-10 17:01:07 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-10 16:55:41 -------- d-----w- C:\JET-ARCH
2012-04-10 16:52:02 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Dell
2012-04-10 16:51:56 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Fingertapps
2012-04-10 16:51:53 -------- d-----w- C:\Users\Xps8300\AppData\Roaming\Intel Corporation
2012-04-10 16:51:52 -------- d-----w- C:\Users\Xps8300\AppData\Local\ATI
2012-04-10 16:51:41 -------- d-----r- C:\Users\Xps8300\Virtual Machines
2012-04-10 16:51:33 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-10 16:51:32 -------- d-----w- C:\Users\Xps8300\AppData\Local\VirtualStore
2012-04-10 16:50:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-10 16:50:32 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-04-10 16:50:32 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-10 16:50:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-04-10 16:50:32 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-10 16:50:32 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-10 16:50:32 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-05-08 12:36:12 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-28 09:38:37 0 ----a-w- C:\Windows\ativpsrm.bin
2012-03-28 09:32:58 163840 ----a-w- C:\Windows\System32\umpo.dll
2012-03-28 07:55:15 627600 ----a-w- C:\Windows\System32\deployJava1.dll
2012-03-09 06:28:08 10857984 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-03-09 05:26:42 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-03-09 05:26:32 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-03-09 05:26:24 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-03-09 05:26:20 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-03-09 05:26:10 16507392 ----a-w- C:\Windows\System32\amdocl64.dll
2012-03-09 05:25:16 13238272 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-03-09 05:24:22 54272 ----a-w- C:\Windows\System32\OpenCL.dll
2012-03-09 05:24:14 48128 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-03-09 05:16:44 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-03-09 05:16:28 791552 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-03-09 05:14:42 958464 ----a-w- C:\Windows\System32\aticfx64.dll
2012-03-09 05:11:24 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-03-09 05:11:16 496128 ----a-w- C:\Windows\System32\atieclxx.exe
2012-03-09 05:10:20 235520 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-03-09 05:08:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-03-09 05:08:02 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-03-09 05:07:56 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-03-09 05:07:50 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-03-09 05:04:18 6200320 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-03-09 05:03:40 26166784 ----a-w- C:\Windows\System32\atio6axx.dll
2012-03-09 04:45:00 7646208 ----a-w- C:\Windows\System32\atidxx64.dll
2012-03-09 04:39:20 19739136 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-03-09 04:36:40 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-03-09 04:36:10 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-03-09 04:35:54 4958208 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-03-09 04:23:44 5062656 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-03-09 04:23:16 5954048 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-03-09 04:18:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-03-09 04:18:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-03-09 04:18:14 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-03-09 04:18:12 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-03-09 04:17:54 16069632 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-03-09 04:12:38 13715968 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-03-09 04:11:52 7552000 ----a-w- C:\Windows\System32\atiumd64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-03-09 04:05:20 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-03-09 04:05:12 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-09 03:58:54 512000 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-03-09 03:58:44 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-03-09 03:58:30 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-03-09 03:58:26 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-03-09 03:58:20 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2012-03-09 03:58:10 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-03-09 03:58:02 328704 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-03-09 03:57:04 43008 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-03-09 03:56:56 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-03-09 03:56:48 39936 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-03-09 03:56:38 30208 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-03-09 03:55:58 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-03-09 03:47:22 58880 ----a-w- C:\Windows\System32\coinst.dll
2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 9:31:07.23 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 08 May 2012 - 11:12 AM

Hello jet222 ! Welcome to BleepingComputer Forums! :welcome:

My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.





Please download ComboFix from the link below:

Combofix

Save it to your Desktop <-- Important!!!

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.
  • Double click it & follow the prompts.
  • If you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, it will produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.
  • If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier.



-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.




Regards,
Georgi

cXfZ4wS.png


#3 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 08 May 2012 - 11:46 AM

ComboFix 12-05-08.02 - Xps8300 05/08/2012 12:31:32.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8174.5157 [GMT -4:00]
Running from: c:\users\Xps8300\Desktop\ComboFix.exe
AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Xps8300\AppData\Local\ATI\Adobe\qrnoxrx.dll
c:\users\Xps8300\AppData\Local\Temp\{503A0854-3F52-49D7-AEE2-2F2419EC6B2F}\fpb.tmp
c:\windows\RPSETUP.EXE.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 16:33 . 2012-05-08 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 19:06 . 2012-05-04 19:06 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-04-24 14:08 . 2009-08-20 03:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-04-24 13:49 . 2009-08-20 03:50 52568 ----a-w- c:\windows\system32\AdobePDF.dll
2012-04-16 12:36 . 2012-05-08 12:36 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-16 12:23 . 2012-04-16 12:23 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-16 12:18 . 2012-04-16 12:18 -------- d-----w- c:\windows\en
2012-04-16 12:17 . 2012-04-16 12:17 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DSETUP.dll
2012-04-16 12:17 . 2012-04-16 12:17 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\DXSETUP.exe
2012-04-16 12:17 . 2012-04-16 12:17 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7bd9d141cd1bca05\dsetup32.dll
2012-04-16 12:17 . 2012-04-16 12:17 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d7da2d971cd1bca06\MeshBetaRemover.exe
2012-04-12 16:28 . 2012-04-12 16:31 -------- d-----w- c:\programdata\Uninstall
2012-04-12 16:28 . 2012-04-12 16:28 -------- d-----w- c:\programdata\eSellerate
2012-04-12 16:28 . 2009-06-02 05:00 27632 ------w- c:\windows\system32\drivers\SaibVdAd64.sys
2012-04-12 16:28 . 2009-06-02 05:00 27120 ------w- c:\windows\system32\drivers\Sahdad64.sys
2012-04-12 16:28 . 2009-06-02 05:00 19952 ------w- c:\windows\system32\drivers\Saibad64.sys
2012-04-12 16:25 . 2012-04-12 16:31 -------- d-----w- c:\program files (x86)\Roxio 2011
2012-04-10 20:04 . 2012-04-21 02:10 -------- d-----w- c:\program files (x86)\Google
2012-04-10 19:58 . 2012-04-10 19:58 -------- d-----w- c:\windows\system32\appmgmt
2012-04-10 19:53 . 2012-04-10 19:48 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-04-10 19:53 . 2012-04-10 19:48 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-04-10 19:53 . 2012-04-10 19:48 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-10 19:53 . 2012-04-10 19:48 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-10 19:53 . 2012-04-10 19:48 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-10 19:52 . 2012-04-10 19:48 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-10 19:52 . 2012-04-10 19:52 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-10 19:52 . 2012-04-10 19:52 -------- d-----w- c:\program files\Trend Micro
2012-04-10 19:51 . 2012-05-08 12:08 -------- d-----w- c:\programdata\Trend Micro
2012-04-10 19:47 . 2012-04-10 19:53 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-10 19:03 . 2012-04-10 19:03 -------- d-----w- c:\program files\Dell Support Center
2012-04-10 19:01 . 2012-04-10 19:01 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-10 19:00 . 2012-04-10 19:00 -------- d-----w- c:\programdata\PCDr
2012-04-10 18:55 . 2012-04-10 19:01 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-04-10 18:53 . 2012-04-10 18:53 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-04-10 18:53 . 2012-04-10 19:14 -------- d-----w- c:\programdata\Microsoft Help
2012-04-10 18:53 . 2012-04-10 18:53 -------- d-----r- C:\MSOCache
2012-04-10 18:47 . 2012-04-10 18:47 -------- d-----w- c:\program files (x86)\Southwest Airlines
2012-04-10 18:47 . 2012-04-10 18:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-10 18:46 . 2012-03-28 07:54 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-10 18:20 . 2012-04-10 18:20 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2012-04-10 18:13 . 2012-04-10 18:43 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2012-04-10 18:13 . 2012-04-10 18:13 -------- d-----w- c:\program files\Autodesk
2012-04-10 18:12 . 2012-04-10 18:12 -------- d-----w- c:\program files (x86)\Autodesk
2012-04-10 18:12 . 2012-04-10 18:12 -------- d-----w- C:\LIBRARY
2012-04-10 18:12 . 2012-04-10 18:43 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2012-04-10 18:11 . 2009-09-04 21:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-04-10 18:11 . 2009-09-04 21:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-04-10 18:11 . 2009-09-04 21:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-04-10 18:11 . 2009-09-04 21:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-04-10 18:10 . 2012-04-10 18:33 -------- d-----w- c:\programdata\Autodesk
2012-04-10 18:06 . 2012-04-10 18:06 -------- d-----w- c:\programdata\ATI
2012-04-10 18:06 . 2012-04-10 18:06 -------- d-----w- c:\programdata\AMD
2012-04-10 18:06 . 2012-04-10 18:06 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-10 18:06 . 2012-04-10 18:06 -------- d-----w- c:\program files (x86)\AMD APP
2012-04-10 18:06 . 2012-04-10 18:06 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-04-10 18:04 . 2012-04-10 18:05 -------- d-----w- c:\program files\ATI Technologies
2012-04-10 18:03 . 2012-04-10 18:03 -------- d-----w- C:\AMD
2012-04-10 18:00 . 2012-04-10 18:00 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-10 18:00 . 2012-04-10 18:00 -------- d-----w- c:\windows\system32\Wat
2012-04-10 17:51 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-10 17:51 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-10 17:51 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-10 17:51 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-10 17:51 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-10 17:51 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-10 17:51 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-10 17:36 . 2012-04-24 14:03 -------- d-----w- c:\program files (x86)\Xerox Corporation
2012-04-10 17:36 . 2000-05-22 04:00 244416 ----a-w- c:\windows\SysWow64\MSFLXGRD.OCX
2012-04-10 17:36 . 2003-02-27 20:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-04-10 17:36 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-04-10 17:36 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-04-10 17:36 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-04-10 17:36 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-04-10 17:36 . 2012-04-10 17:36 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-04-10 17:36 . 2012-04-10 17:36 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-04-10 17:33 . 2012-04-10 17:46 -------- d-----w- c:\windows\SMINST
2012-04-10 17:04 . 2007-02-27 06:05 89088 ----a-w- c:\windows\system32\CNARLMNT.DLL
2012-04-10 17:01 . 2012-05-08 12:36 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-10 16:55 . 2012-05-08 12:30 -------- d-----w- C:\JET-ARCH
2012-04-10 16:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-10 16:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-10 16:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-10 16:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-10 16:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-10 16:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-10 16:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-10 16:48 . 2012-05-08 13:27 -------- d-----w- c:\users\Xps8300
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 12:36 . 2012-03-28 07:43 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-16 12:17 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-28 09:33 . 2012-03-28 09:33 360832 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2012-03-28 09:33 . 2012-03-28 09:33 936448 ----a-w- c:\windows\system32\vmsal.exe
2012-03-28 09:33 . 2012-03-28 09:33 793600 ----a-w- c:\windows\SysWow64\vmsal.exe
2012-03-28 09:33 . 2012-03-28 09:33 59392 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2012-03-28 09:33 . 2012-03-28 09:33 562176 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2012-03-28 09:33 . 2012-03-28 09:33 4514816 ----a-w- c:\windows\system32\vpc.exe
2012-03-28 09:33 . 2012-03-28 09:33 2264064 ----a-w- c:\windows\system32\VPCWizard.exe
2012-03-28 09:33 . 2012-03-28 09:33 1369600 ----a-w- c:\windows\system32\VPCSettings.exe
2012-03-28 09:33 . 2012-03-28 09:33 1210368 ----a-w- c:\windows\system32\VMWindow.exe
2012-03-28 09:33 . 2012-03-28 09:33 95232 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2012-03-28 09:33 . 2012-03-28 09:33 194944 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2012-03-28 09:33 . 2012-03-28 09:33 15872 ----a-w- c:\windows\system32\vpchbuspipe.dll
2012-03-28 09:33 . 2012-03-28 09:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-03-28 09:33 . 2012-03-28 09:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-03-28 09:33 . 2012-03-28 09:33 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-03-28 09:33 . 2012-03-28 09:33 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-03-28 09:33 . 2012-03-28 09:33 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-03-28 09:33 . 2012-03-28 09:33 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-03-28 09:33 . 2012-03-28 09:33 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-03-28 09:33 . 2012-03-28 09:33 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-03-28 09:33 . 2012-03-28 09:33 491520 ----a-w- c:\windows\system32\mssph.dll
2012-03-28 09:33 . 2012-03-28 09:33 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-03-28 09:33 . 2012-03-28 09:33 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-03-28 09:33 . 2012-03-28 09:33 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-03-28 09:33 . 2012-03-28 09:33 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-03-28 09:33 . 2012-03-28 09:33 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-03-28 09:33 . 2012-03-28 09:33 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-03-28 09:33 . 2012-03-28 09:33 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-03-28 09:33 . 2012-03-28 09:33 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-03-28 09:33 . 2012-03-28 09:33 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-03-28 09:33 . 2012-03-28 09:33 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-03-28 09:33 . 2012-03-28 09:33 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-03-28 09:33 . 2012-03-28 09:33 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-03-28 09:33 . 2012-03-28 09:33 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-03-28 09:33 . 2012-03-28 09:33 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-03-28 09:33 . 2012-03-28 09:33 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-03-28 09:33 . 2012-03-28 09:33 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-03-28 09:33 . 2012-03-28 09:33 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-03-28 09:33 . 2012-03-28 09:33 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-03-28 09:33 . 2012-03-28 09:33 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-03-28 09:33 . 2012-03-28 09:33 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-03-28 09:33 . 2012-03-28 09:33 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-03-28 09:33 . 2012-03-28 09:33 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-03-28 09:33 . 2012-03-28 09:33 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-28 09:33 . 2012-03-28 09:33 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-03-28 09:33 . 2012-03-28 09:33 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-03-28 09:33 . 2012-03-28 09:33 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-03-28 09:33 . 2012-03-28 09:33 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-28 09:33 . 2012-03-28 09:33 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-03-28 09:33 . 2012-03-28 09:33 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-28 09:33 . 2012-03-28 09:33 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-28 09:33 . 2012-03-28 09:33 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-03-28 09:33 . 2012-03-28 09:33 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-03-28 09:33 . 2012-03-28 09:33 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-03-28 09:33 . 2012-03-28 09:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-03-28 09:33 . 2012-03-28 09:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-03-28 09:33 . 2012-03-28 09:33 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-03-28 09:33 . 2012-03-28 09:33 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-03-28 09:33 . 2012-03-28 09:33 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-28 09:33 . 2012-03-28 09:33 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-28 09:33 . 2012-03-28 09:33 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-28 09:33 . 2012-03-28 09:33 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-28 09:33 . 2012-03-28 09:33 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-03-28 09:33 . 2012-03-28 09:33 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-28 09:33 . 2012-03-28 09:33 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-03-28 09:33 . 2012-03-28 09:33 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-28 09:33 . 2012-03-28 09:33 2871808 ----a-w- c:\windows\explorer.exe
2012-03-28 09:33 . 2012-03-28 09:33 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-03-28 09:33 . 2012-03-28 09:33 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-28 09:33 . 2012-03-28 09:33 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-28 09:33 . 2012-03-28 09:33 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-28 09:33 . 2012-03-28 09:33 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-28 09:33 . 2012-03-28 09:33 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-03-28 09:33 . 2012-03-28 09:33 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-03-28 09:33 . 2012-03-28 09:33 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2012-03-28 09:33 . 2012-03-28 09:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-28 09:33 . 2012-03-28 09:33 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-03-28 09:33 . 2012-03-28 09:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-03-28 09:33 . 2012-03-28 09:33 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-03-28 09:33 . 2012-03-28 09:33 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-03-28 09:33 . 2012-03-28 09:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatchTray13.exe" [2010-07-16 307184]
"Desktop Disc Tool"="c:\program files (x86)\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
.
c:\users\Xps8300\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
Dropbox.lnk - c:\users\Xps8300\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-12-20 1691848]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 257696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-04-10 1431888]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 116648]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys [x]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Sahdad64;HDD Filter Driver;c:\windows\System32\Drivers\Sahdad64.sys [x]
S0 Saibad64;Volume Filter Driver;c:\windows\System32\Drivers\Saibad64.sys [x]
S1 SaibVdAd64;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVdAd64.sys [x]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-02 457200]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2011-02-02 18656]
S2 BOT4Service;BOT4Service;c:\program files (x86)\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:36]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 20:04]
.
2012-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 20:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Xps8300\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-23 10920552]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yankees.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: windowsymbols.com\www
TCP: DhcpNameServer = 167.206.254.2 167.206.254.1 192.168.1.1 167.206.254.2 167.206.254.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Adobe - c:\users\Xps8300\AppData\Local\ATI\Adobe\qrnoxrx.dll
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
.
**************************************************************************
.
Completion time: 2012-05-08 12:38:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-08 16:38
.
Pre-Run: 919,585,439,744 bytes free
Post-Run: 920,199,905,280 bytes free
.
- - End Of File - - 19A71CD0A5916B099A8B9C58314886A4

#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 08 May 2012 - 12:30 PM

Hi,


Can you please go to C:\qoobox and right click the quarantine folder, select send to compressed(zip) folders that will make a zipped copy of the quarantine folder.
Then please upload that to http://www.bleepingcomputer.com/submit-malware.php?channel=122 so we can examine the files and submit to antivirus companies if needed.



Now Let's do a few more checks just to make sure:



STEP 1


  • Please download OTL from the link below:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.Posted Image
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the Posted Image textbox.
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %SYSTEMDRIVE%\*.*
    %USERPROFILE%\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Roaming\*.*
    %ProgramData%\*.*
    %CommonProgramFiles%\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %windir%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
    %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
    %windir%\temp\*.*
    %windir%\system32\*. 
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\DBBK\*.* /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC_32\*.* /S /MD5
    %systemroot%\assembly\GAC_64\*.* /S /MD5
    %SystemRoot%\assembly\GAC_MSIL\*.* /S /MD5
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DataBasePath /s
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    atapi.sys
    iaStor.sys
    serial.sys
    volsnap.sys
    disk.sys
    redbook.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    dfsc.sys
    hlp.dat
    /md5stop
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



STEP 2



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Posted Image

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.



STEP 3



Please download aswMBR.exe to your desktop.



  • Double click the aswMBR.exe icon to run it.
  • The program will offers to download the latest antivirus definitions from Avast servers. Click YES to agree.
  • When it's done in the AV Scan drop down options choose C:\
    Posted Image
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note - do NOT attempt any Fix or FixMBR yet.



Regards,
Georgi

cXfZ4wS.png


#5 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 08 May 2012 - 02:31 PM

i have uploaded the zip file as you have asked

i am having trouble with the OTL.txt file, it is too long for my message and too large to attach. how can i get it to you?

here are the other logs

as the aswMBR was running, my anti-virus found 2 things, i attached a screen shot of its findings
----------------------------------------------------------------------------------------

extras.txt


OTL Extras logfile created on: 5/8/2012 1:45:24 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Xps8300\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.71 Gb Available Physical Memory | 71.54% Memory free
15.96 Gb Paging File | 13.22 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.76 Gb Total Space | 857.14 Gb Free Space | 93.70% Space Free | Partition Type: NTFS

Computer Name: ROB | User Name: Xps8300 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{021A72A9-9918-49DF-A5F8-9DF017386BE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{091FBE2C-14F5-4089-A7FD-D37A473BE98F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0E8F1BBB-AB0D-4B87-9AA7-92E1BDB651AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0FE9EB26-D51A-4E28-8CB0-9DDC7A1FCD27}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
"{131E46FB-1229-46C7-B8B0-2E666AA70D85}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{1AA42F7D-F672-404B-A1E6-5E8CCE24982B}" = lport=139 | protocol=6 | dir=in | app=system |
"{22E7B210-DBA5-4161-9483-12124094CBD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{355F5547-BD3C-439C-A9A8-9599664CC36C}" = rport=138 | protocol=17 | dir=out | app=system |
"{38AC1759-AB61-4CFD-A3B7-134334CADCC7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{406B23C6-A799-4274-8344-8C39CD804953}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{574A682D-C1E5-4CBF-B03D-2EC7BBA87D29}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B574004-D0E5-42F8-93B0-2B851287D478}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60400AFC-E26D-4EB5-BBEA-C9E5F7F84F1E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6A237B08-EF12-4BA1-B8CB-ECA6A603A333}" = rport=10243 | protocol=6 | dir=out | app=system |
"{73D6224A-5CE8-452A-934A-2F36346320B6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{95DDF450-1DA1-4F5D-87B7-C5D627A7CF1D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{963F0CE7-B546-4794-91E3-89AD0685619E}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{9C2F0DCB-220A-4B6C-84C8-A67BE6EEF496}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A6F11D8C-C346-4196-9B04-0A5CC75224B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AA63A676-E7EE-4C11-9BB7-A4243D068813}" = rport=139 | protocol=6 | dir=out | app=system |
"{ABBD397F-4F48-4DE2-A798-C8148DCF5171}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{AE98E6A0-5E0D-491F-9033-7C9A68C8BE23}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B2984397-E4C9-4F80-8194-08BD5BF8D705}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{C3507E82-2AE3-440F-BA39-42F036BCCDBC}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8D32297-F4B2-4373-BBD5-014D620EAB57}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D2804608-54CD-4636-A91E-E1A284207A51}" = rport=445 | protocol=6 | dir=out | app=system |
"{F0C5F07D-E872-4920-A1A0-210F9F764B83}" = rport=137 | protocol=17 | dir=out | app=system |
"{F3FBE462-2919-4EC3-B91D-11D932BDAF8C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24875BE1-D832-4C89-95CE-A2B5EA2EF95E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{26855CA7-1ACE-473F-BAF1-0E5DA01DFC35}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2800EF00-ACD6-4E21-8193-05139B0623DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2934F2A8-650B-4927-B11B-BE73C5C8ABA2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{29EA2912-133E-4707-9B8A-D0776B0B8B39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E5AB817-7FDD-4426-BB78-B7BDF4DCC059}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{34664F99-3F05-4AAF-B0D3-F2B584207EF4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{358F7AD3-BCB2-4198-B6C6-B1E6A22049BB}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{3D1527E2-434B-4DE1-AB05-F0F57892DA9E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3D326907-35DA-48DB-81FD-F79C09ACE22D}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{3DBD3F62-E88E-4362-8F85-AC2C1D5E589A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{47955A43-8FED-409A-ABA7-92FF711428FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{507F806F-3F9D-4104-889D-96933AE57782}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{59E51322-35B9-4A34-AE27-34BC8574BFA4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68C07C27-8E95-478C-BF8C-D81357705C38}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6B051EBA-24D2-4BC9-8364-1C4622076017}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D2AFB71-27B9-48D9-A47B-DFD578873B9A}" = protocol=6 | dir=out | app=system |
"{739E48AF-454A-49BD-9531-7BFE40D5432E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{745A8BB2-CFF9-4F17-A921-FEBCFE954A28}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8270A27B-A699-4CE7-840E-5E51B3FE4B5A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90FBA292-5B20-4CAE-AD7A-1C64627712E1}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{963AFE39-37D3-4A78-9537-B0CBC43D2D87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9F67ED16-EA44-4DD0-80EE-E78F99526AC2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A2E960E0-79CB-45F0-8144-85E5F6465971}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{AC586426-153F-4F4D-98E0-B776A89C6A1E}" = protocol=17 | dir=in | app=c:\users\xps8300\appdata\roaming\dropbox\bin\dropbox.exe |
"{B0857FEC-25D2-4261-85D1-A1B3EE3E1F95}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B2308748-8D0F-4D32-AFD8-EBEDEF2856F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C03899D6-E6AE-42B1-8E59-483C88760EB6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{CBF8F076-AEF8-440C-8324-910CB230E9A7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3C0B889-E180-4112-A793-0BA3E489D3B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EAB17580-0538-459D-A041-0BB62D6FAE3E}" = protocol=6 | dir=in | app=c:\users\xps8300\appdata\roaming\dropbox\bin\dropbox.exe |
"{EB608EDA-FB2C-4B80-A3FC-581AF7120D60}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FB87F4A9-950C-433E-8DA8-1D7005C7F431}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{82079E23-9415-46D6-893D-50F94E2C4C22}C:\program files (x86)\xerox corporation\bt-plotassistant 3.5\btplotassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xerox corporation\bt-plotassistant 3.5\btplotassistant.exe |
"UDP Query User{D9BB8367-8AAC-4498-9257-D75D9E5C4E77}C:\program files (x86)\xerox corporation\bt-plotassistant 3.5\btplotassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xerox corporation\bt-plotassistant 3.5\btplotassistant.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{262325FE-E6AA-7D56-9071-453A374086C9}" = ATI AVIVO64 Codecs
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Maximum Security 2012
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"AutoCAD 2012 - English SP1" = AutoCAD 2012 - English SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F99CA59-7CB4-4167-A43A-4B1D5E584281}" = Dell Stage
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A89C9A6-578D-4501-95D4-A5C282917BC6}" = BT-PlotAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3612B0B9-F731-4B94-9356-E224AC552801}" = Dell Digital Delivery
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{72C4226B-BDDE-428C-B7E5-41D6FFAD885B}" = Roxio Creator 2011
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{867DA348-D324-4764-AA7B-FF491E83DD1F}" = Xerox Corporation Wide Format Scan Service
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{937C423A-27B0-408C-878B-2A2677AFEEA4}" = Roxio Dell install Util
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2011
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Roxio PhotoShow" = Roxio PhotoShow
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3979652188-3032045532-1386171953-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"COMcheck 3.9.0.4 " = COMcheck 3.9.0.4 (Current User)
"Dropbox" = Dropbox
"REScheck 4.4.3.0" = REScheck 4.4.3.0 (Current User)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2012 3:59:46 PM | Computer Name = Rob | Source = System Restore | ID = 8193
Description =

Error - 4/10/2012 3:59:48 PM | Computer Name = Rob | Source = System Restore | ID = 8193
Description =

Error - 4/10/2012 4:01:19 PM | Computer Name = Rob | Source = System Restore | ID = 8193
Description =

Error - 4/10/2012 4:01:21 PM | Computer Name = Rob | Source = System Restore | ID = 8193
Description =

Error - 4/11/2012 8:07:51 AM | Computer Name = Rob | Source = Application Error | ID = 1000
Description = Faulting application name: sftservice.EXE, version: 1.0.82.75, time
stamp: 0x4ee0870c Faulting module name: sftservice.EXE, version: 1.0.82.75, time
stamp: 0x4ee0870c Exception code: 0xc0000005 Fault offset: 0x000a8606 Faulting process
id: 0xa3c Faulting application start time: 0x01cd17dbabc37d49 Faulting application
path: C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE Faulting
module path: C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE Report
Id: f57a9e2c-83ce-11e1-817c-d4bed99d21a7

Error - 4/11/2012 8:08:54 AM | Computer Name = Rob | Source = WinMgmt | ID = 10
Description =

Error - 4/11/2012 8:56:09 AM | Computer Name = Rob | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x0019ac0a Faulting
process id: 0x1070 Faulting application start time: 0x01cd17e1c9bf0fc5 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: b4c98676-83d5-11e1-817c-d4bed99d21a7

Error - 4/11/2012 12:03:57 PM | Computer Name = Rob | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x0019ac0a Faulting
process id: 0x21d8 Faulting application start time: 0x01cd17fc3b1f266e Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: f10636f0-83ef-11e1-817c-d4bed99d21a7

Error - 4/11/2012 1:16:45 PM | Computer Name = Rob | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 9.0.8112.16421,
time stamp: 0x4d76255d Faulting module name: IEFRAME.dll, version: 9.0.8112.16443,
time stamp: 0x4f4c2cfa Exception code: 0xc0000005 Fault offset: 0x0019ac0a Faulting
process id: 0x213c Faulting application start time: 0x01cd1802f175c13d Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\system32\IEFRAME.dll Report Id: 1c8b4869-83fa-11e1-817c-d4bed99d21a7

Error - 4/11/2012 5:08:46 PM | Computer Name = Rob | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Dell Events ]
Error - 4/24/2012 8:11:05 AM | Computer Name = Rob | Source = DataSafe | ID = 1
Description = The process was interrupted before completion.

[ System Events ]
Error - 4/16/2012 8:09:07 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/16/2012 8:20:11 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 4/16/2012 8:20:30 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/20/2012 11:13:01 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 4/20/2012 11:13:18 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/24/2012 8:11:05 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 4/24/2012 9:39:58 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 4/24/2012 9:40:11 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 4/24/2012 9:52:08 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Hard Drive Watcher 12 service to connect.

Error - 4/24/2012 9:52:29 AM | Computer Name = Rob | Source = Service Control Manager | ID = 7034
Description = The SoftThinks Agent Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >


------------------------------------------------------------------------------------------

TDSSKiller log

13:55:43.0469 7632 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:55:43.0672 7632 ============================================================
13:55:43.0672 7632 Current date / time: 2012/05/08 13:55:43.0672
13:55:43.0672 7632 SystemInfo:
13:55:43.0672 7632
13:55:43.0672 7632 OS Version: 6.1.7601 ServicePack: 1.0
13:55:43.0672 7632 Product type: Workstation
13:55:43.0672 7632 ComputerName: ROB
13:55:43.0672 7632 UserName: Xps8300
13:55:43.0672 7632 Windows directory: C:\Windows
13:55:43.0672 7632 System windows directory: C:\Windows
13:55:43.0672 7632 Running under WOW64
13:55:43.0672 7632 Processor architecture: Intel x64
13:55:43.0672 7632 Number of processors: 8
13:55:43.0672 7632 Page size: 0x1000
13:55:43.0672 7632 Boot type: Normal boot
13:55:43.0672 7632 ============================================================
13:55:44.0000 7632 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:55:44.0031 7632 ============================================================
13:55:44.0031 7632 \Device\Harddisk0\DR0:
13:55:44.0031 7632 MBR partitions:
13:55:44.0031 7632 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x216E000
13:55:44.0031 7632 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2182000, BlocksNum 0x72584000
13:55:44.0031 7632 ============================================================
13:55:44.0046 7632 C: <-> \Device\Harddisk0\DR0\Partition1
13:55:44.0046 7632 ============================================================
13:55:44.0046 7632 Initialize success
13:55:44.0046 7632 ============================================================
13:56:39.0255 2444 ============================================================
13:56:39.0255 2444 Scan started
13:56:39.0255 2444 Mode: Manual; SigCheck; TDLFS;
13:56:39.0255 2444 ============================================================
13:56:39.0505 2444 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:56:39.0567 2444 1394ohci - ok
13:56:39.0629 2444 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
13:56:39.0692 2444 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
13:56:39.0739 2444 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:56:39.0770 2444 ACPI - ok
13:56:39.0770 2444 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:56:39.0785 2444 AcpiPmi - ok
13:56:39.0848 2444 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:56:39.0863 2444 AdobeARMservice - ok
13:56:39.0926 2444 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:56:39.0941 2444 AdobeFlashPlayerUpdateSvc - ok
13:56:39.0988 2444 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:56:40.0004 2444 adp94xx - ok
13:56:40.0035 2444 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:56:40.0051 2444 adpahci - ok
13:56:40.0066 2444 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:56:40.0082 2444 adpu320 - ok
13:56:40.0113 2444 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:56:40.0144 2444 AeLookupSvc - ok
13:56:40.0191 2444 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:56:40.0222 2444 AFD - ok
13:56:40.0238 2444 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:56:40.0253 2444 agp440 - ok
13:56:40.0269 2444 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:56:40.0285 2444 ALG - ok
13:56:40.0300 2444 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:56:40.0316 2444 aliide - ok
13:56:40.0347 2444 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
13:56:40.0378 2444 AMD External Events Utility - ok
13:56:40.0394 2444 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:56:40.0409 2444 amdide - ok
13:56:40.0425 2444 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:56:40.0441 2444 AmdK8 - ok
13:56:40.0690 2444 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
13:56:40.0877 2444 amdkmdag - ok
13:56:40.0987 2444 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
13:56:41.0002 2444 amdkmdap - ok
13:56:41.0033 2444 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:56:41.0049 2444 AmdPPM - ok
13:56:41.0065 2444 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:56:41.0080 2444 amdsata - ok
13:56:41.0096 2444 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:56:41.0111 2444 amdsbs - ok
13:56:41.0127 2444 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:56:41.0143 2444 amdxata - ok
13:56:41.0189 2444 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
13:56:41.0205 2444 Amsp - ok
13:56:41.0236 2444 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:56:41.0299 2444 AppID - ok
13:56:41.0314 2444 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:56:41.0345 2444 AppIDSvc - ok
13:56:41.0345 2444 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:56:41.0392 2444 Appinfo - ok
13:56:41.0408 2444 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:56:41.0439 2444 AppMgmt - ok
13:56:41.0455 2444 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:56:41.0470 2444 arc - ok
13:56:41.0486 2444 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:56:41.0486 2444 arcsas - ok
13:56:41.0564 2444 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:56:41.0579 2444 aspnet_state - ok
13:56:41.0595 2444 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:56:41.0642 2444 AsyncMac - ok
13:56:41.0657 2444 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:56:41.0657 2444 atapi - ok
13:56:41.0689 2444 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
13:56:41.0704 2444 AtiHDAudioService - ok
13:56:41.0751 2444 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:56:41.0767 2444 AudioEndpointBuilder - ok
13:56:41.0782 2444 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:56:41.0798 2444 AudioSrv - ok
13:56:41.0860 2444 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
13:56:41.0876 2444 Autodesk Content Service - ok
13:56:41.0876 2444 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:56:41.0907 2444 AxInstSV - ok
13:56:41.0923 2444 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:56:41.0938 2444 b06bdrv - ok
13:56:41.0954 2444 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:56:41.0969 2444 b57nd60a - ok
13:56:41.0985 2444 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:56:42.0001 2444 BDESVC - ok
13:56:42.0016 2444 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:56:42.0063 2444 Beep - ok
13:56:42.0094 2444 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:56:42.0125 2444 BFE - ok
13:56:42.0172 2444 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
13:56:42.0250 2444 BITS - ok
13:56:42.0266 2444 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:56:42.0281 2444 blbdrive - ok
13:56:42.0328 2444 BOT4Service (2309601e5d37e0304f8bcfb57190756e) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
13:56:42.0344 2444 BOT4Service - ok
13:56:42.0359 2444 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:56:42.0391 2444 bowser - ok
13:56:42.0422 2444 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:56:42.0437 2444 BrFiltLo - ok
13:56:42.0453 2444 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:56:42.0484 2444 BrFiltUp - ok
13:56:42.0515 2444 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:56:42.0562 2444 BridgeMP - ok
13:56:42.0593 2444 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:56:42.0656 2444 Browser - ok
13:56:42.0671 2444 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:56:42.0687 2444 Brserid - ok
13:56:42.0718 2444 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:56:42.0734 2444 BrSerWdm - ok
13:56:42.0734 2444 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:56:42.0749 2444 BrUsbMdm - ok
13:56:42.0765 2444 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:56:42.0781 2444 BrUsbSer - ok
13:56:42.0796 2444 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:56:42.0796 2444 BTHMODEM - ok
13:56:42.0827 2444 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:56:42.0874 2444 bthserv - ok
13:56:42.0874 2444 catchme - ok
13:56:42.0890 2444 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:56:42.0921 2444 cdfs - ok
13:56:42.0952 2444 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:56:42.0983 2444 cdrom - ok
13:56:42.0999 2444 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:56:43.0046 2444 CertPropSvc - ok
13:56:43.0061 2444 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:56:43.0093 2444 circlass - ok
13:56:43.0124 2444 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:56:43.0139 2444 CLFS - ok
13:56:43.0202 2444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:56:43.0217 2444 clr_optimization_v2.0.50727_32 - ok
13:56:43.0264 2444 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:56:43.0280 2444 clr_optimization_v2.0.50727_64 - ok
13:56:43.0342 2444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:56:43.0358 2444 clr_optimization_v4.0.30319_32 - ok
13:56:43.0373 2444 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:56:43.0389 2444 clr_optimization_v4.0.30319_64 - ok
13:56:43.0405 2444 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:56:43.0405 2444 CmBatt - ok
13:56:43.0451 2444 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:56:43.0467 2444 cmdide - ok
13:56:43.0483 2444 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:56:43.0514 2444 CNG - ok
13:56:43.0529 2444 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:56:43.0545 2444 Compbatt - ok
13:56:43.0576 2444 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:56:43.0592 2444 CompositeBus - ok
13:56:43.0607 2444 COMSysApp - ok
13:56:43.0623 2444 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:56:43.0639 2444 crcdisk - ok
13:56:43.0654 2444 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:56:43.0701 2444 CryptSvc - ok
13:56:43.0732 2444 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:56:43.0748 2444 CSC - ok
13:56:43.0779 2444 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:56:43.0810 2444 CscService - ok
13:56:43.0857 2444 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:56:43.0904 2444 DcomLaunch - ok
13:56:43.0919 2444 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:56:43.0951 2444 defragsvc - ok
13:56:43.0997 2444 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
13:56:43.0997 2444 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
13:56:43.0997 2444 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
13:56:44.0029 2444 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:56:44.0091 2444 DfsC - ok
13:56:44.0122 2444 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:56:44.0185 2444 Dhcp - ok
13:56:44.0185 2444 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:56:44.0200 2444 discache - ok
13:56:44.0231 2444 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:56:44.0231 2444 Disk - ok
13:56:44.0247 2444 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:56:44.0278 2444 dmvsc - ok
13:56:44.0294 2444 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:56:44.0309 2444 Dnscache - ok
13:56:44.0325 2444 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:56:44.0356 2444 dot3svc - ok
13:56:44.0372 2444 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:56:44.0387 2444 DPS - ok
13:56:44.0419 2444 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:56:44.0434 2444 drmkaud - ok
13:56:44.0481 2444 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:56:44.0512 2444 DXGKrnl - ok
13:56:44.0528 2444 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:56:44.0543 2444 EapHost - ok
13:56:44.0637 2444 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:56:44.0731 2444 ebdrv - ok
13:56:44.0793 2444 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:56:44.0809 2444 EFS - ok
13:56:44.0871 2444 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:56:44.0887 2444 ehRecvr - ok
13:56:44.0887 2444 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:56:44.0902 2444 ehSched - ok
13:56:44.0933 2444 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:56:44.0965 2444 elxstor - ok
13:56:44.0965 2444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:56:44.0980 2444 ErrDev - ok
13:56:45.0011 2444 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:56:45.0089 2444 EventSystem - ok
13:56:45.0105 2444 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:56:45.0136 2444 exfat - ok
13:56:45.0152 2444 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:56:45.0167 2444 fastfat - ok
13:56:45.0199 2444 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:56:45.0230 2444 Fax - ok
13:56:45.0245 2444 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:56:45.0261 2444 fdc - ok
13:56:45.0277 2444 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:56:45.0308 2444 fdPHost - ok
13:56:45.0308 2444 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:56:45.0355 2444 FDResPub - ok
13:56:45.0355 2444 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:56:45.0370 2444 FileInfo - ok
13:56:45.0386 2444 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:56:45.0401 2444 Filetrace - ok
13:56:45.0495 2444 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:56:45.0511 2444 FLEXnet Licensing Service - ok
13:56:45.0604 2444 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:56:45.0635 2444 FLEXnet Licensing Service 64 - ok
13:56:45.0698 2444 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:56:45.0713 2444 flpydisk - ok
13:56:45.0745 2444 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:56:45.0760 2444 FltMgr - ok
13:56:45.0791 2444 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:56:45.0823 2444 FontCache - ok
13:56:45.0885 2444 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:56:45.0901 2444 FontCache3.0.0.0 - ok
13:56:45.0916 2444 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:56:45.0932 2444 FsDepends - ok
13:56:45.0947 2444 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:56:45.0963 2444 Fs_Rec - ok
13:56:45.0994 2444 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:56:46.0010 2444 fvevol - ok
13:56:46.0025 2444 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:56:46.0025 2444 gagp30kx - ok
13:56:46.0057 2444 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:56:46.0119 2444 gpsvc - ok
13:56:46.0181 2444 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:56:46.0197 2444 gupdate - ok
13:56:46.0197 2444 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:56:46.0213 2444 gupdatem - ok
13:56:46.0228 2444 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:56:46.0244 2444 hcw85cir - ok
13:56:46.0275 2444 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:56:46.0291 2444 HDAudBus - ok
13:56:46.0306 2444 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:56:46.0322 2444 HidBatt - ok
13:56:46.0337 2444 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:56:46.0353 2444 HidBth - ok
13:56:46.0369 2444 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:56:46.0400 2444 HidIr - ok
13:56:46.0415 2444 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:56:46.0447 2444 hidserv - ok
13:56:46.0462 2444 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:56:46.0462 2444 HidUsb - ok
13:56:46.0478 2444 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:56:46.0493 2444 hkmsvc - ok
13:56:46.0509 2444 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:56:46.0540 2444 HomeGroupListener - ok
13:56:46.0571 2444 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:56:46.0587 2444 HomeGroupProvider - ok
13:56:46.0603 2444 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:56:46.0618 2444 HpSAMD - ok
13:56:46.0665 2444 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:56:46.0712 2444 HTTP - ok
13:56:46.0727 2444 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:56:46.0727 2444 hwpolicy - ok
13:56:46.0743 2444 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:56:46.0759 2444 i8042prt - ok
13:56:46.0790 2444 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
13:56:46.0821 2444 iaStor - ok
13:56:46.0883 2444 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:56:46.0899 2444 IAStorDataMgrSvc - ok
13:56:46.0915 2444 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:56:46.0946 2444 iaStorV - ok
13:56:47.0024 2444 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:56:47.0055 2444 idsvc - ok
13:56:47.0071 2444 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:56:47.0071 2444 iirsp - ok
13:56:47.0117 2444 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:56:47.0164 2444 IKEEXT - ok
13:56:47.0227 2444 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
13:56:47.0258 2444 IntcAzAudAddService - ok
13:56:47.0336 2444 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:56:47.0367 2444 IntcDAud - ok
13:56:47.0383 2444 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:56:47.0398 2444 intelide - ok
13:56:47.0429 2444 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:56:47.0445 2444 intelppm - ok
13:56:47.0445 2444 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:56:47.0476 2444 IPBusEnum - ok
13:56:47.0507 2444 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:56:47.0554 2444 IpFilterDriver - ok
13:56:47.0585 2444 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:56:47.0617 2444 iphlpsvc - ok
13:56:47.0617 2444 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:56:47.0632 2444 IPMIDRV - ok
13:56:47.0663 2444 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:56:47.0695 2444 IPNAT - ok
13:56:47.0710 2444 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:56:47.0726 2444 IRENUM - ok
13:56:47.0726 2444 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:56:47.0726 2444 isapnp - ok
13:56:47.0741 2444 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:56:47.0773 2444 iScsiPrt - ok
13:56:47.0804 2444 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:56:47.0819 2444 k57nd60a - ok
13:56:47.0835 2444 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:56:47.0851 2444 kbdclass - ok
13:56:47.0866 2444 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:56:47.0882 2444 kbdhid - ok
13:56:47.0897 2444 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:47.0913 2444 KeyIso - ok
13:56:47.0913 2444 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:56:47.0929 2444 KSecDD - ok
13:56:47.0944 2444 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:56:47.0944 2444 KSecPkg - ok
13:56:47.0960 2444 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:56:47.0991 2444 ksthunk - ok
13:56:48.0022 2444 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:56:48.0053 2444 KtmRm - ok
13:56:48.0100 2444 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:56:48.0147 2444 LanmanServer - ok
13:56:48.0178 2444 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:56:48.0209 2444 LanmanWorkstation - ok
13:56:48.0241 2444 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:56:48.0272 2444 lltdio - ok
13:56:48.0287 2444 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:56:48.0319 2444 lltdsvc - ok
13:56:48.0334 2444 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:56:48.0365 2444 lmhosts - ok
13:56:48.0381 2444 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:56:48.0397 2444 LSI_FC - ok
13:56:48.0428 2444 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:56:48.0443 2444 LSI_SAS - ok
13:56:48.0459 2444 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:56:48.0475 2444 LSI_SAS2 - ok
13:56:48.0475 2444 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:56:48.0490 2444 LSI_SCSI - ok
13:56:48.0521 2444 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:56:48.0568 2444 luafv - ok
13:56:48.0584 2444 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:56:48.0599 2444 Mcx2Svc - ok
13:56:48.0599 2444 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:56:48.0615 2444 megasas - ok
13:56:48.0631 2444 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:56:48.0646 2444 MegaSR - ok
13:56:48.0662 2444 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
13:56:48.0677 2444 MEIx64 - ok
13:56:48.0755 2444 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:56:48.0771 2444 Microsoft Office Groove Audit Service - ok
13:56:48.0787 2444 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:56:48.0802 2444 MMCSS - ok
13:56:48.0818 2444 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:56:48.0849 2444 Modem - ok
13:56:48.0865 2444 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:56:48.0880 2444 monitor - ok
13:56:48.0896 2444 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:56:48.0911 2444 mouclass - ok
13:56:48.0927 2444 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:56:48.0943 2444 mouhid - ok
13:56:48.0974 2444 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:56:48.0989 2444 mountmgr - ok
13:56:49.0021 2444 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:56:49.0021 2444 mpio - ok
13:56:49.0036 2444 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:56:49.0067 2444 mpsdrv - ok
13:56:49.0099 2444 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:56:49.0145 2444 MpsSvc - ok
13:56:49.0161 2444 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:56:49.0177 2444 MRxDAV - ok
13:56:49.0192 2444 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:56:49.0208 2444 mrxsmb - ok
13:56:49.0239 2444 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:56:49.0255 2444 mrxsmb10 - ok
13:56:49.0270 2444 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:56:49.0270 2444 mrxsmb20 - ok
13:56:49.0286 2444 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:56:49.0301 2444 msahci - ok
13:56:49.0317 2444 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:56:49.0333 2444 msdsm - ok
13:56:49.0348 2444 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:56:49.0364 2444 MSDTC - ok
13:56:49.0395 2444 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:56:49.0426 2444 Msfs - ok
13:56:49.0442 2444 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:56:49.0457 2444 mshidkmdf - ok
13:56:49.0457 2444 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:56:49.0473 2444 msisadrv - ok
13:56:49.0489 2444 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:56:49.0535 2444 MSiSCSI - ok
13:56:49.0535 2444 msiserver - ok
13:56:49.0551 2444 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:56:49.0598 2444 MSKSSRV - ok
13:56:49.0613 2444 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:56:49.0629 2444 MSPCLOCK - ok
13:56:49.0645 2444 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:56:49.0676 2444 MSPQM - ok
13:56:49.0691 2444 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:56:49.0707 2444 MsRPC - ok
13:56:49.0723 2444 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:56:49.0723 2444 mssmbios - ok
13:56:49.0738 2444 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:56:49.0754 2444 MSTEE - ok
13:56:49.0769 2444 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:56:49.0785 2444 MTConfig - ok
13:56:49.0785 2444 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:56:49.0801 2444 Mup - ok
13:56:49.0832 2444 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:56:49.0894 2444 napagent - ok
13:56:49.0925 2444 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:56:49.0941 2444 NativeWifiP - ok
13:56:50.0019 2444 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
13:56:50.0035 2444 NAUpdate - ok
13:56:50.0081 2444 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:56:50.0113 2444 NDIS - ok
13:56:50.0113 2444 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:56:50.0144 2444 NdisCap - ok
13:56:50.0175 2444 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:56:50.0222 2444 NdisTapi - ok
13:56:50.0237 2444 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:56:50.0284 2444 Ndisuio - ok
13:56:50.0300 2444 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:56:50.0331 2444 NdisWan - ok
13:56:50.0347 2444 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:56:50.0378 2444 NDProxy - ok
13:56:50.0378 2444 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:56:50.0409 2444 NetBIOS - ok
13:56:50.0425 2444 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:56:50.0456 2444 NetBT - ok
13:56:50.0471 2444 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:50.0487 2444 Netlogon - ok
13:56:50.0518 2444 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:56:50.0581 2444 Netman - ok
13:56:50.0643 2444 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:50.0659 2444 NetMsmqActivator - ok
13:56:50.0674 2444 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:50.0674 2444 NetPipeActivator - ok
13:56:50.0705 2444 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:56:50.0783 2444 netprofm - ok
13:56:50.0783 2444 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:50.0799 2444 NetTcpActivator - ok
13:56:50.0799 2444 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:56:50.0799 2444 NetTcpPortSharing - ok
13:56:50.0830 2444 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
13:56:50.0846 2444 netvsc - ok
13:56:50.0877 2444 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:56:50.0893 2444 nfrd960 - ok
13:56:50.0908 2444 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:56:50.0955 2444 NlaSvc - ok
13:56:51.0080 2444 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
13:56:51.0111 2444 NOBU - ok
13:56:51.0173 2444 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:56:51.0220 2444 Npfs - ok
13:56:51.0220 2444 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:56:51.0251 2444 nsi - ok
13:56:51.0267 2444 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:56:51.0283 2444 nsiproxy - ok
13:56:51.0329 2444 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:56:51.0407 2444 Ntfs - ok
13:56:51.0439 2444 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:56:51.0485 2444 Null - ok
13:56:51.0501 2444 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:56:51.0532 2444 nusb3hub - ok
13:56:51.0548 2444 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:56:51.0563 2444 nusb3xhc - ok
13:56:51.0595 2444 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:56:51.0610 2444 nvraid - ok
13:56:51.0626 2444 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:56:51.0641 2444 nvstor - ok
13:56:51.0657 2444 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:56:51.0673 2444 nv_agp - ok
13:56:51.0766 2444 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:56:51.0782 2444 odserv - ok
13:56:51.0797 2444 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:56:51.0829 2444 ohci1394 - ok
13:56:51.0860 2444 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:56:51.0875 2444 ose - ok
13:56:51.0907 2444 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:56:51.0938 2444 p2pimsvc - ok
13:56:51.0953 2444 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:56:51.0985 2444 p2psvc - ok
13:56:52.0000 2444 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:56:52.0016 2444 Parport - ok
13:56:52.0031 2444 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:56:52.0047 2444 partmgr - ok
13:56:52.0063 2444 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:56:52.0125 2444 PcaSvc - ok
13:56:52.0141 2444 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:56:52.0141 2444 pci - ok
13:56:52.0156 2444 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:56:52.0156 2444 pciide - ok
13:56:52.0187 2444 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:56:52.0187 2444 pcmcia - ok
13:56:52.0203 2444 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:56:52.0203 2444 pcw - ok
13:56:52.0234 2444 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:56:52.0297 2444 PEAUTH - ok
13:56:52.0359 2444 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:56:52.0406 2444 PeerDistSvc - ok
13:56:52.0453 2444 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:56:52.0484 2444 PerfHost - ok
13:56:52.0577 2444 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:56:52.0640 2444 pla - ok
13:56:52.0655 2444 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:56:52.0671 2444 PlugPlay - ok
13:56:52.0671 2444 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:56:52.0702 2444 PNRPAutoReg - ok
13:56:52.0733 2444 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:56:52.0749 2444 PNRPsvc - ok
13:56:52.0843 2444 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:56:52.0921 2444 PolicyAgent - ok
13:56:52.0921 2444 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
13:56:52.0952 2444 Power - ok
13:56:52.0983 2444 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:56:53.0045 2444 PptpMiniport - ok
13:56:53.0061 2444 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:56:53.0092 2444 Processor - ok
13:56:53.0123 2444 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:56:53.0155 2444 ProfSvc - ok
13:56:53.0186 2444 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:53.0201 2444 ProtectedStorage - ok
13:56:53.0217 2444 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:56:53.0264 2444 Psched - ok
13:56:53.0295 2444 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:56:53.0311 2444 PxHlpa64 - ok
13:56:53.0357 2444 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:56:53.0404 2444 ql2300 - ok
13:56:53.0482 2444 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:56:53.0498 2444 ql40xx - ok
13:56:53.0513 2444 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:56:53.0545 2444 QWAVE - ok
13:56:53.0545 2444 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:56:53.0560 2444 QWAVEdrv - ok
13:56:53.0576 2444 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:56:53.0591 2444 RasAcd - ok
13:56:53.0623 2444 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:56:53.0638 2444 RasAgileVpn - ok
13:56:53.0654 2444 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:56:53.0685 2444 RasAuto - ok
13:56:53.0716 2444 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:56:53.0732 2444 Rasl2tp - ok
13:56:53.0747 2444 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:56:53.0779 2444 RasMan - ok
13:56:53.0794 2444 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:56:53.0825 2444 RasPppoe - ok
13:56:53.0825 2444 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:56:53.0872 2444 RasSstp - ok
13:56:53.0888 2444 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:56:53.0935 2444 rdbss - ok
13:56:53.0935 2444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:56:53.0966 2444 rdpbus - ok
13:56:53.0981 2444 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:56:54.0013 2444 RDPCDD - ok
13:56:54.0028 2444 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:56:54.0044 2444 RDPDR - ok
13:56:54.0059 2444 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:56:54.0091 2444 RDPENCDD - ok
13:56:54.0106 2444 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:56:54.0137 2444 RDPREFMP - ok
13:56:54.0169 2444 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:56:54.0184 2444 RDPWD - ok
13:56:54.0200 2444 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:56:54.0215 2444 rdyboost - ok
13:56:54.0231 2444 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:56:54.0278 2444 RemoteAccess - ok
13:56:54.0309 2444 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:56:54.0356 2444 RemoteRegistry - ok
13:56:54.0449 2444 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
13:56:54.0496 2444 RoxMediaDB13 - ok
13:56:54.0527 2444 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
13:56:54.0543 2444 RoxWatch12 - ok
13:56:54.0621 2444 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:56:54.0668 2444 RpcEptMapper - ok
13:56:54.0683 2444 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:56:54.0699 2444 RpcLocator - ok
13:56:54.0715 2444 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:56:54.0746 2444 RpcSs - ok
13:56:54.0777 2444 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:56:54.0824 2444 rspndr - ok
13:56:54.0824 2444 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:56:54.0839 2444 s3cap - ok
13:56:54.0855 2444 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
13:56:54.0855 2444 Sahdad64 - ok
13:56:54.0871 2444 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
13:56:54.0871 2444 Saibad64 - ok
13:56:54.0902 2444 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
13:56:54.0917 2444 SaibVdAd64 - ok
13:56:54.0933 2444 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:54.0933 2444 SamSs - ok
13:56:54.0949 2444 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:56:54.0964 2444 sbp2port - ok
13:56:54.0980 2444 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:56:55.0011 2444 SCardSvr - ok
13:56:55.0042 2444 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:56:55.0073 2444 scfilter - ok
13:56:55.0136 2444 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:56:55.0214 2444 Schedule - ok
13:56:55.0245 2444 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:56:55.0261 2444 SCPolicySvc - ok
13:56:55.0292 2444 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:56:55.0307 2444 SDRSVC - ok
13:56:55.0323 2444 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:56:55.0385 2444 secdrv - ok
13:56:55.0401 2444 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:56:55.0432 2444 seclogon - ok
13:56:55.0448 2444 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
13:56:55.0479 2444 SENS - ok
13:56:55.0510 2444 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:56:55.0510 2444 SensrSvc - ok
13:56:55.0541 2444 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:56:55.0557 2444 Serenum - ok
13:56:55.0573 2444 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:56:55.0604 2444 Serial - ok
13:56:55.0635 2444 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:56:55.0666 2444 sermouse - ok
13:56:55.0682 2444 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:56:55.0729 2444 SessionEnv - ok
13:56:55.0744 2444 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:56:55.0760 2444 sffdisk - ok
13:56:55.0760 2444 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:56:55.0791 2444 sffp_mmc - ok
13:56:55.0807 2444 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:56:55.0838 2444 sffp_sd - ok
13:56:55.0853 2444 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:56:55.0869 2444 sfloppy - ok
13:56:55.0978 2444 SftService (421c30c8e686dc41e64881269982b382) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:56:56.0009 2444 SftService - ok
13:56:56.0150 2444 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:56:56.0181 2444 SharedAccess - ok
13:56:56.0197 2444 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:56:56.0243 2444 ShellHWDetection - ok
13:56:56.0259 2444 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:56:56.0259 2444 SiSRaid2 - ok
13:56:56.0275 2444 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:56:56.0290 2444 SiSRaid4 - ok
13:56:56.0306 2444 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:56:56.0337 2444 Smb - ok
13:56:56.0384 2444 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:56:56.0415 2444 SNMPTRAP - ok
13:56:56.0431 2444 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:56:56.0446 2444 spldr - ok
13:56:56.0477 2444 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:56:56.0524 2444 Spooler - ok
13:56:56.0618 2444 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:56:56.0665 2444 sppsvc - ok
13:56:56.0696 2444 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:56:56.0727 2444 sppuinotify - ok
13:56:56.0758 2444 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:56:56.0774 2444 srv - ok
13:56:56.0805 2444 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:56:56.0836 2444 srv2 - ok
13:56:56.0852 2444 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:56:56.0867 2444 srvnet - ok
13:56:56.0899 2444 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:56:56.0945 2444 SSDPSRV - ok
13:56:56.0945 2444 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:56:56.0977 2444 SstpSvc - ok
13:56:56.0992 2444 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:56:56.0992 2444 stexstor - ok
13:56:57.0023 2444 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:56:57.0055 2444 stisvc - ok
13:56:57.0070 2444 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:56:57.0086 2444 StorSvc - ok
13:56:57.0101 2444 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:56:57.0117 2444 storvsc - ok
13:56:57.0133 2444 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:56:57.0148 2444 swenum - ok
13:56:57.0179 2444 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:56:57.0242 2444 swprv - ok
13:56:57.0257 2444 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
13:56:57.0273 2444 SynthVid - ok
13:56:57.0335 2444 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:56:57.0382 2444 SysMain - ok
13:56:57.0538 2444 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:56:57.0569 2444 TabletInputService - ok
13:56:57.0616 2444 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:56:57.0663 2444 TapiSrv - ok
13:56:57.0679 2444 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:56:57.0694 2444 TBS - ok
13:56:57.0757 2444 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:56:57.0803 2444 Tcpip - ok
13:56:57.0866 2444 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:56:57.0913 2444 TCPIP6 - ok
13:56:57.0944 2444 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:56:57.0991 2444 tcpipreg - ok
13:56:58.0006 2444 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:56:58.0006 2444 TDPIPE - ok
13:56:58.0022 2444 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:56:58.0037 2444 TDTCP - ok
13:56:58.0053 2444 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:56:58.0100 2444 tdx - ok
13:56:58.0115 2444 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:56:58.0115 2444 TermDD - ok
13:56:58.0147 2444 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:56:58.0178 2444 TermService - ok
13:56:58.0178 2444 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:56:58.0193 2444 Themes - ok
13:56:58.0225 2444 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:56:58.0271 2444 THREADORDER - ok
13:56:58.0303 2444 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
13:56:58.0318 2444 tmactmon - ok
13:56:58.0349 2444 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
13:56:58.0365 2444 tmcomm - ok
13:56:58.0365 2444 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
13:56:58.0381 2444 tmeevw - ok
13:56:58.0396 2444 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
13:56:58.0396 2444 tmevtmgr - ok
13:56:58.0412 2444 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
13:56:58.0427 2444 tmnciesc - ok
13:56:58.0443 2444 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
13:56:58.0459 2444 tmtdi - ok
13:56:58.0474 2444 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:56:58.0505 2444 TrkWks - ok
13:56:58.0615 2444 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:56:58.0661 2444 TrustedInstaller - ok
13:56:58.0693 2444 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:56:58.0739 2444 tssecsrv - ok
13:56:58.0755 2444 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:56:58.0771 2444 TsUsbFlt - ok
13:56:58.0771 2444 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:56:58.0786 2444 TsUsbGD - ok
13:56:58.0817 2444 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:56:58.0864 2444 tunnel - ok
13:56:58.0864 2444 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:56:58.0880 2444 uagp35 - ok
13:56:58.0895 2444 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:56:58.0942 2444 udfs - ok
13:56:58.0958 2444 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:56:58.0958 2444 UI0Detect - ok
13:56:58.0989 2444 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:56:58.0989 2444 uliagpkx - ok
13:56:59.0020 2444 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:56:59.0036 2444 umbus - ok
13:56:59.0067 2444 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:56:59.0098 2444 UmPass - ok
13:56:59.0114 2444 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:56:59.0145 2444 UmRdpService - ok
13:56:59.0161 2444 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:56:59.0192 2444 upnphost - ok
13:56:59.0223 2444 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
13:56:59.0239 2444 usbccgp - ok
13:56:59.0239 2444 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:56:59.0270 2444 usbcir - ok
13:56:59.0270 2444 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:56:59.0285 2444 usbehci - ok
13:56:59.0317 2444 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:56:59.0332 2444 usbhub - ok
13:56:59.0348 2444 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:56:59.0363 2444 usbohci - ok
13:56:59.0379 2444 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:56:59.0410 2444 usbprint - ok
13:56:59.0426 2444 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:56:59.0441 2444 USBSTOR - ok
13:56:59.0457 2444 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:56:59.0473 2444 usbuhci - ok
13:56:59.0488 2444 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:56:59.0519 2444 UxSms - ok
13:56:59.0535 2444 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:56:59.0551 2444 VaultSvc - ok
13:56:59.0551 2444 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:56:59.0566 2444 vdrvroot - ok
13:56:59.0597 2444 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:56:59.0644 2444 vds - ok
13:56:59.0644 2444 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:56:59.0660 2444 vga - ok
13:56:59.0675 2444 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:56:59.0691 2444 VgaSave - ok
13:56:59.0722 2444 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:56:59.0722 2444 vhdmp - ok
13:56:59.0738 2444 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:56:59.0738 2444 viaide - ok
13:56:59.0738 2444 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:56:59.0753 2444 VMBusHID - ok
13:56:59.0800 2444 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:56:59.0816 2444 volmgr - ok
13:56:59.0831 2444 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:56:59.0847 2444 volmgrx - ok
13:56:59.0863 2444 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:56:59.0878 2444 volsnap - ok
13:56:59.0894 2444 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
13:56:59.0909 2444 vpcbus - ok
13:56:59.0925 2444 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:56:59.0941 2444 vpcnfltr - ok
13:56:59.0956 2444 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
13:56:59.0987 2444 vpcusb - ok
13:57:00.0003 2444 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
13:57:00.0034 2444 vpcvmm - ok
13:57:00.0050 2444 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:57:00.0081 2444 vsmraid - ok
13:57:00.0128 2444 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:57:00.0206 2444 VSS - ok
13:57:00.0268 2444 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
13:57:00.0315 2444 vwifibus - ok
13:57:00.0331 2444 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:57:00.0362 2444 W32Time - ok
13:57:00.0377 2444 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:57:00.0393 2444 WacomPen - ok
13:57:00.0409 2444 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:00.0440 2444 WANARP - ok
13:57:00.0440 2444 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:57:00.0471 2444 Wanarpv6 - ok
13:57:00.0518 2444 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:57:00.0580 2444 WatAdminSvc - ok
13:57:00.0627 2444 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:57:00.0689 2444 wbengine - ok
13:57:00.0721 2444 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:57:00.0736 2444 WbioSrvc - ok
13:57:00.0752 2444 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:57:00.0799 2444 wcncsvc - ok
13:57:00.0814 2444 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:57:00.0814 2444 WcsPlugInService - ok
13:57:00.0845 2444 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:57:00.0861 2444 Wd - ok
13:57:00.0877 2444 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:57:00.0908 2444 Wdf01000 - ok
13:57:00.0923 2444 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:00.0939 2444 WdiServiceHost - ok
13:57:00.0939 2444 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:57:00.0955 2444 WdiSystemHost - ok
13:57:00.0970 2444 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:57:00.0986 2444 WebClient - ok
13:57:01.0001 2444 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:57:01.0033 2444 Wecsvc - ok
13:57:01.0048 2444 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:57:01.0064 2444 wercplsupport - ok
13:57:01.0079 2444 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:57:01.0111 2444 WerSvc - ok
13:57:01.0142 2444 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:57:01.0173 2444 WfpLwf - ok
13:57:01.0204 2444 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:57:01.0220 2444 WimFltr - ok
13:57:01.0235 2444 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:57:01.0251 2444 WIMMount - ok
13:57:01.0282 2444 WinDefend - ok
13:57:01.0282 2444 WinHttpAutoProxySvc - ok
13:57:01.0313 2444 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:57:01.0360 2444 Winmgmt - ok
13:57:01.0423 2444 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:57:01.0485 2444 WinRM - ok
13:57:01.0563 2444 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:57:01.0594 2444 Wlansvc - ok
13:57:01.0610 2444 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:57:01.0625 2444 wlcrasvc - ok
13:57:01.0735 2444 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:57:01.0766 2444 wlidsvc - ok
13:57:01.0844 2444 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:57:01.0859 2444 WmiAcpi - ok
13:57:01.0891 2444 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:57:01.0906 2444 wmiApSrv - ok
13:57:01.0937 2444 WMPNetworkSvc - ok
13:57:01.0953 2444 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:57:01.0969 2444 WPCSvc - ok
13:57:01.0984 2444 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:57:01.0984 2444 WPDBusEnum - ok
13:57:02.0000 2444 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:57:02.0015 2444 ws2ifsl - ok
13:57:02.0031 2444 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:57:02.0062 2444 wscsvc - ok
13:57:02.0062 2444 WSearch - ok
13:57:02.0140 2444 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:57:02.0203 2444 wuauserv - ok
13:57:02.0265 2444 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:57:02.0327 2444 WudfPf - ok
13:57:02.0327 2444 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:57:02.0359 2444 WUDFRd - ok
13:57:02.0390 2444 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:57:02.0421 2444 wudfsvc - ok
13:57:02.0437 2444 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:57:02.0452 2444 WwanSvc - ok
13:57:02.0468 2444 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:57:02.0593 2444 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:57:02.0593 2444 \Device\Harddisk0\DR0 - detected TDSS File System (1)
13:57:02.0593 2444 Boot (0x1200) (07f0ea99f308de005323e00516ac7499) \Device\Harddisk0\DR0\Partition0
13:57:02.0593 2444 \Device\Harddisk0\DR0\Partition0 - ok
13:57:02.0624 2444 Boot (0x1200) (c18cdcf24848af75d8ec601f10d3843c) \Device\Harddisk0\DR0\Partition1
13:57:02.0624 2444 \Device\Harddisk0\DR0\Partition1 - ok
13:57:02.0624 2444 ============================================================
13:57:02.0624 2444 Scan finished
13:57:02.0624 2444 ============================================================
13:57:02.0639 7836 Detected object count: 2
13:57:02.0639 7836 Actual detected object count: 2
13:57:19.0191 7836 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
13:57:19.0191 7836 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:57:19.0191 7836 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:57:19.0191 7836 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

--------------------------------------------------------------------------------------------

aswMBR.txt

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-08 13:59:47
-----------------------------
13:59:47.766 OS Version: Windows x64 6.1.7601 Service Pack 1
13:59:47.766 Number of processors: 8 586 0x2A07
13:59:47.766 ComputerName: ROB UserName:
13:59:52.446 Initialize success
14:00:35.283 AVAST engine defs: 12050800
14:00:57.654 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:00:57.654 Disk 0 Vendor: ST310005 JC4A Size: 953869MB BusType: 3
14:00:57.669 Disk 0 MBR read successfully
14:00:57.685 Disk 0 MBR scan
14:00:57.685 Disk 0 Windows 7 default MBR code
14:00:57.701 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 39 MB offset 63
14:00:57.716 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 17116 MB offset 81920
14:00:57.732 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936712 MB offset 35135488
14:00:57.779 Disk 0 scanning C:\Windows\system32\drivers
14:01:08.106 Service scanning
14:01:25.718 Modules scanning
14:01:25.718 Disk 0 trace - called modules:
14:01:25.734 ntoskrnl.exe CLASSPNP.SYS disk.sys Sahdad64.sys iaStor.sys hal.dll
14:01:26.249 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009c99790]
14:01:26.249 3 CLASSPNP.SYS[fffff88001db443f] -> nt!IofCallDriver -> [0xfffffa8009b99a20]
14:01:26.249 5 Sahdad64.sys[fffff88001d3fe25] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800747e050]
14:01:32.255 AVAST engine scan C:\
14:36:50.848 File: C:\Qoobox\Quarantine\C\Users\Xps8300\AppData\Local\ATI\Adobe\qrnoxrx.dll.vir **INFECTED** Win32:Malware-gen
15:19:03.266 Scan finished successfully
15:20:34.913 Disk 0 MBR has been saved successfully to "C:\Users\Xps8300\Desktop\MBR.dat"
15:20:34.945 The log file has been saved successfully to "C:\Users\Xps8300\Desktop\aswMBR.txt"

Attached Files



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 08 May 2012 - 02:45 PM

i am having trouble with the OTL.txt file, it is too long for my message and too large to attach. how can i get it to you?




Hi,


Right click OTL.txt and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
Could you please zip and upload the following files (if they are still there):

C:\Users\Xps8300\Appdata\Local\Temp\av425CC.tmp
C:\Users\Xps8300\Appdata\Local\ATI\Adobe\szwtdkl.dll


Here => http://www.bleepingcomputer.com/submit-malware.php?channel=122 too?



Thank you !



Regards,
Georgi

cXfZ4wS.png


#7 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 08 May 2012 - 02:49 PM

otl.txt file attached

the 2 other files you asked for are no longer there, is that ok?

Attached Files

  • Attached File  OTL.zip   67.55KB   5 downloads


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 08 May 2012 - 03:31 PM

Hi,



Not a problem
Give me a few minutes to analyze the logs and I will get back to you.



Regards,
Georgi

cXfZ4wS.png


#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 08 May 2012 - 05:42 PM

Hello,



STEP 1



Re-run TDSSKiller and if this item appears select delete

11:30:25.0339 6020 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:30:25.0339 6020 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip






STEP 2



Run Scan with Malwarebytes



Please download Malwarebytes Anti-Malware 1.61.0.1400 Final and save it to your desktop.
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you.
Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





STEP 3



I'd like us to scan your machine with ESET OnlineScan


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Run ESET Online Scanner button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


Regards,
Georgi

cXfZ4wS.png


#10 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 09 May 2012 - 08:43 AM

ok

i ran TDSSkiller again as requested and deleted the files you asked for, when that happened my AV found some infected files, i am assuming it is all related, i am attaching a screen shot of what my AV found, as well as the new TDSSkiller log

-----------------------------------------------------------------------------

TDSSkiller log

08:42:55.0512 4192 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
08:42:55.0886 4192 ============================================================
08:42:55.0886 4192 Current date / time: 2012/05/09 08:42:55.0886
08:42:55.0886 4192 SystemInfo:
08:42:55.0886 4192
08:42:55.0886 4192 OS Version: 6.1.7601 ServicePack: 1.0
08:42:55.0886 4192 Product type: Workstation
08:42:55.0886 4192 ComputerName: ROB
08:42:55.0886 4192 UserName: Xps8300
08:42:55.0886 4192 Windows directory: C:\Windows
08:42:55.0886 4192 System windows directory: C:\Windows
08:42:55.0886 4192 Running under WOW64
08:42:55.0886 4192 Processor architecture: Intel x64
08:42:55.0886 4192 Number of processors: 8
08:42:55.0886 4192 Page size: 0x1000
08:42:55.0886 4192 Boot type: Normal boot
08:42:55.0886 4192 ============================================================
08:42:56.0229 4192 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:42:56.0260 4192 ============================================================
08:42:56.0260 4192 \Device\Harddisk0\DR0:
08:42:56.0260 4192 MBR partitions:
08:42:56.0260 4192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x216E000
08:42:56.0260 4192 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2182000, BlocksNum 0x72584000
08:42:56.0260 4192 ============================================================
08:42:56.0276 4192 C: <-> \Device\Harddisk0\DR0\Partition1
08:42:56.0276 4192 ============================================================
08:42:56.0276 4192 Initialize success
08:42:56.0276 4192 ============================================================
08:43:10.0207 3316 ============================================================
08:43:10.0207 3316 Scan started
08:43:10.0207 3316 Mode: Manual; SigCheck; TDLFS;
08:43:10.0207 3316 ============================================================
08:43:10.0987 3316 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:43:11.0065 3316 1394ohci - ok
08:43:11.0127 3316 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files (x86)\Roxio\BackOnTrack\App\SaibSVC.exe
08:43:11.0158 3316 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
08:43:11.0190 3316 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:43:11.0205 3316 ACPI - ok
08:43:11.0221 3316 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:43:11.0236 3316 AcpiPmi - ok
08:43:11.0314 3316 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:43:11.0330 3316 AdobeARMservice - ok
08:43:11.0392 3316 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:43:11.0408 3316 AdobeFlashPlayerUpdateSvc - ok
08:43:11.0517 3316 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:43:11.0548 3316 adp94xx - ok
08:43:11.0564 3316 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:43:11.0580 3316 adpahci - ok
08:43:11.0595 3316 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:43:11.0595 3316 adpu320 - ok
08:43:11.0626 3316 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:43:11.0658 3316 AeLookupSvc - ok
08:43:11.0689 3316 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:43:11.0720 3316 AFD - ok
08:43:11.0736 3316 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:43:11.0736 3316 agp440 - ok
08:43:11.0751 3316 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:43:11.0767 3316 ALG - ok
08:43:11.0767 3316 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:43:11.0782 3316 aliide - ok
08:43:11.0814 3316 AMD External Events Utility (2aed9a422ea1574c7d7ef9359a417718) C:\Windows\system32\atiesrxx.exe
08:43:11.0845 3316 AMD External Events Utility - ok
08:43:11.0876 3316 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:43:11.0892 3316 amdide - ok
08:43:11.0892 3316 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:43:11.0923 3316 AmdK8 - ok
08:43:12.0157 3316 amdkmdag (bfa5e854959d5546d8834ca61f4ad075) C:\Windows\system32\DRIVERS\atikmdag.sys
08:43:12.0360 3316 amdkmdag - ok
08:43:12.0438 3316 amdkmdap (92d664fffcd9e742fb25254f7f458d88) C:\Windows\system32\DRIVERS\atikmpag.sys
08:43:12.0469 3316 amdkmdap - ok
08:43:12.0500 3316 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:43:12.0516 3316 AmdPPM - ok
08:43:12.0531 3316 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:43:12.0547 3316 amdsata - ok
08:43:12.0562 3316 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:43:12.0578 3316 amdsbs - ok
08:43:12.0609 3316 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:43:12.0609 3316 amdxata - ok
08:43:12.0672 3316 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
08:43:12.0687 3316 Amsp - ok
08:43:12.0734 3316 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:43:12.0781 3316 AppID - ok
08:43:12.0796 3316 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:43:12.0843 3316 AppIDSvc - ok
08:43:12.0874 3316 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:43:12.0906 3316 Appinfo - ok
08:43:12.0937 3316 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
08:43:12.0968 3316 AppMgmt - ok
08:43:12.0999 3316 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:43:13.0015 3316 arc - ok
08:43:13.0030 3316 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:43:13.0046 3316 arcsas - ok
08:43:13.0122 3316 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:43:13.0132 3316 aspnet_state - ok
08:43:13.0152 3316 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:43:13.0192 3316 AsyncMac - ok
08:43:13.0232 3316 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:43:13.0252 3316 atapi - ok
08:43:13.0302 3316 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
08:43:13.0312 3316 AtiHDAudioService - ok
08:43:13.0422 3316 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:13.0472 3316 AudioEndpointBuilder - ok
08:43:13.0472 3316 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:43:13.0502 3316 AudioSrv - ok
08:43:13.0582 3316 Autodesk Content Service (1992c2a1867d95aa3a0802539358d162) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
08:43:13.0602 3316 Autodesk Content Service - ok
08:43:13.0632 3316 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:43:13.0652 3316 AxInstSV - ok
08:43:13.0692 3316 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:43:13.0732 3316 b06bdrv - ok
08:43:13.0752 3316 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:43:13.0772 3316 b57nd60a - ok
08:43:13.0792 3316 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:43:13.0802 3316 BDESVC - ok
08:43:13.0832 3316 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:43:13.0882 3316 Beep - ok
08:43:13.0932 3316 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:43:13.0982 3316 BFE - ok
08:43:14.0012 3316 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
08:43:14.0042 3316 BITS - ok
08:43:14.0082 3316 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
08:43:14.0112 3316 blbdrive - ok
08:43:14.0162 3316 BOT4Service (2309601e5d37e0304f8bcfb57190756e) C:\Program Files (x86)\Roxio\BackOnTrack\App\BService.exe
08:43:14.0182 3316 BOT4Service - ok
08:43:14.0202 3316 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:43:14.0232 3316 bowser - ok
08:43:14.0242 3316 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:43:14.0262 3316 BrFiltLo - ok
08:43:14.0292 3316 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:43:14.0312 3316 BrFiltUp - ok
08:43:14.0342 3316 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
08:43:14.0372 3316 BridgeMP - ok
08:43:14.0402 3316 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:43:14.0422 3316 Browser - ok
08:43:14.0452 3316 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:43:14.0492 3316 Brserid - ok
08:43:14.0502 3316 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:43:14.0522 3316 BrSerWdm - ok
08:43:14.0532 3316 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:43:14.0552 3316 BrUsbMdm - ok
08:43:14.0562 3316 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:43:14.0582 3316 BrUsbSer - ok
08:43:14.0592 3316 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:43:14.0602 3316 BTHMODEM - ok
08:43:14.0622 3316 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:43:14.0662 3316 bthserv - ok
08:43:14.0662 3316 catchme - ok
08:43:14.0672 3316 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:43:14.0692 3316 cdfs - ok
08:43:14.0712 3316 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
08:43:14.0722 3316 cdrom - ok
08:43:14.0732 3316 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:14.0762 3316 CertPropSvc - ok
08:43:14.0772 3316 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:43:14.0792 3316 circlass - ok
08:43:14.0802 3316 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:43:14.0822 3316 CLFS - ok
08:43:14.0892 3316 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:43:14.0902 3316 clr_optimization_v2.0.50727_32 - ok
08:43:14.0942 3316 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:43:14.0952 3316 clr_optimization_v2.0.50727_64 - ok
08:43:14.0982 3316 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:43:15.0002 3316 clr_optimization_v4.0.30319_32 - ok
08:43:15.0032 3316 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:43:15.0052 3316 clr_optimization_v4.0.30319_64 - ok
08:43:15.0052 3316 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:43:15.0082 3316 CmBatt - ok
08:43:15.0092 3316 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:43:15.0102 3316 cmdide - ok
08:43:15.0122 3316 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:43:15.0192 3316 CNG - ok
08:43:15.0202 3316 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:43:15.0212 3316 Compbatt - ok
08:43:15.0232 3316 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
08:43:15.0252 3316 CompositeBus - ok
08:43:15.0262 3316 COMSysApp - ok
08:43:15.0297 3316 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:43:15.0313 3316 crcdisk - ok
08:43:15.0328 3316 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
08:43:15.0375 3316 CryptSvc - ok
08:43:15.0422 3316 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
08:43:15.0484 3316 CSC - ok
08:43:15.0516 3316 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
08:43:15.0531 3316 CscService - ok
08:43:15.0562 3316 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:15.0625 3316 DcomLaunch - ok
08:43:15.0640 3316 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:43:15.0687 3316 defragsvc - ok
08:43:15.0734 3316 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
08:43:15.0765 3316 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
08:43:15.0765 3316 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
08:43:15.0781 3316 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:43:15.0812 3316 DfsC - ok
08:43:15.0843 3316 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:43:15.0859 3316 Dhcp - ok
08:43:15.0874 3316 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:43:15.0890 3316 discache - ok
08:43:15.0890 3316 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:43:15.0906 3316 Disk - ok
08:43:15.0921 3316 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
08:43:15.0937 3316 dmvsc - ok
08:43:15.0952 3316 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:43:15.0968 3316 Dnscache - ok
08:43:15.0984 3316 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:43:16.0015 3316 dot3svc - ok
08:43:16.0015 3316 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:43:16.0077 3316 DPS - ok
08:43:16.0077 3316 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:43:16.0108 3316 drmkaud - ok
08:43:16.0140 3316 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:43:16.0171 3316 DXGKrnl - ok
08:43:16.0186 3316 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:43:16.0218 3316 EapHost - ok
08:43:16.0327 3316 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:43:16.0405 3316 ebdrv - ok
08:43:16.0483 3316 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:43:16.0498 3316 EFS - ok
08:43:16.0545 3316 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:43:16.0592 3316 ehRecvr - ok
08:43:16.0592 3316 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:43:16.0623 3316 ehSched - ok
08:43:16.0670 3316 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:43:16.0686 3316 elxstor - ok
08:43:16.0701 3316 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:43:16.0717 3316 ErrDev - ok
08:43:16.0748 3316 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:43:16.0795 3316 EventSystem - ok
08:43:16.0826 3316 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:43:16.0857 3316 exfat - ok
08:43:16.0873 3316 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:43:16.0904 3316 fastfat - ok
08:43:16.0920 3316 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:43:16.0935 3316 Fax - ok
08:43:16.0951 3316 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:43:16.0966 3316 fdc - ok
08:43:16.0982 3316 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:43:17.0013 3316 fdPHost - ok
08:43:17.0029 3316 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:43:17.0060 3316 FDResPub - ok
08:43:17.0076 3316 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:43:17.0091 3316 FileInfo - ok
08:43:17.0107 3316 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:43:17.0154 3316 Filetrace - ok
08:43:17.0247 3316 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:43:17.0294 3316 FLEXnet Licensing Service - ok
08:43:17.0388 3316 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
08:43:17.0419 3316 FLEXnet Licensing Service 64 - ok
08:43:17.0481 3316 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:43:17.0497 3316 flpydisk - ok
08:43:17.0512 3316 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:43:17.0544 3316 FltMgr - ok
08:43:17.0575 3316 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:43:17.0622 3316 FontCache - ok
08:43:17.0684 3316 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:43:17.0684 3316 FontCache3.0.0.0 - ok
08:43:17.0700 3316 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:43:17.0715 3316 FsDepends - ok
08:43:17.0746 3316 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:43:17.0762 3316 Fs_Rec - ok
08:43:17.0809 3316 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:43:17.0824 3316 fvevol - ok
08:43:17.0856 3316 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:43:17.0871 3316 gagp30kx - ok
08:43:17.0887 3316 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:43:17.0934 3316 gpsvc - ok
08:43:17.0980 3316 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:43:17.0996 3316 gupdate - ok
08:43:17.0996 3316 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:43:18.0012 3316 gupdatem - ok
08:43:18.0027 3316 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:43:18.0043 3316 hcw85cir - ok
08:43:18.0090 3316 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
08:43:18.0105 3316 HDAudBus - ok
08:43:18.0121 3316 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:43:18.0121 3316 HidBatt - ok
08:43:18.0136 3316 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:43:18.0152 3316 HidBth - ok
08:43:18.0168 3316 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:43:18.0183 3316 HidIr - ok
08:43:18.0199 3316 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
08:43:18.0230 3316 hidserv - ok
08:43:18.0246 3316 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:43:18.0277 3316 HidUsb - ok
08:43:18.0292 3316 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:43:18.0339 3316 hkmsvc - ok
08:43:18.0355 3316 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:43:18.0386 3316 HomeGroupListener - ok
08:43:18.0433 3316 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:43:18.0464 3316 HomeGroupProvider - ok
08:43:18.0480 3316 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:43:18.0480 3316 HpSAMD - ok
08:43:18.0511 3316 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:43:18.0558 3316 HTTP - ok
08:43:18.0558 3316 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:43:18.0573 3316 hwpolicy - ok
08:43:18.0589 3316 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:43:18.0589 3316 i8042prt - ok
08:43:18.0620 3316 iaStor (2fdaec4b02729c48c0fd1b0b4695995b) C:\Windows\system32\drivers\iaStor.sys
08:43:18.0636 3316 iaStor - ok
08:43:18.0698 3316 IAStorDataMgrSvc (d41861e56e7552c13674d7f147a02464) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
08:43:18.0698 3316 IAStorDataMgrSvc - ok
08:43:18.0745 3316 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:43:18.0760 3316 iaStorV - ok
08:43:18.0838 3316 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:43:18.0870 3316 idsvc - ok
08:43:18.0885 3316 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:43:18.0885 3316 iirsp - ok
08:43:18.0916 3316 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:43:18.0994 3316 IKEEXT - ok
08:43:19.0072 3316 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
08:43:19.0150 3316 IntcAzAudAddService - ok
08:43:19.0228 3316 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
08:43:19.0244 3316 IntcDAud - ok
08:43:19.0260 3316 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:43:19.0275 3316 intelide - ok
08:43:19.0306 3316 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
08:43:19.0322 3316 intelppm - ok
08:43:19.0353 3316 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:43:19.0384 3316 IPBusEnum - ok
08:43:19.0400 3316 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:43:19.0431 3316 IpFilterDriver - ok
08:43:19.0447 3316 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:43:19.0509 3316 iphlpsvc - ok
08:43:19.0525 3316 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:43:19.0525 3316 IPMIDRV - ok
08:43:19.0556 3316 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:43:19.0587 3316 IPNAT - ok
08:43:19.0603 3316 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:43:19.0618 3316 IRENUM - ok
08:43:19.0634 3316 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:43:19.0634 3316 isapnp - ok
08:43:19.0665 3316 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:43:19.0665 3316 iScsiPrt - ok
08:43:19.0696 3316 k57nd60a (12e27942dbb7c91880163634b0d8a776) C:\Windows\system32\DRIVERS\k57nd60a.sys
08:43:19.0728 3316 k57nd60a - ok
08:43:19.0728 3316 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
08:43:19.0743 3316 kbdclass - ok
08:43:19.0759 3316 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
08:43:19.0774 3316 kbdhid - ok
08:43:19.0806 3316 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:19.0821 3316 KeyIso - ok
08:43:19.0837 3316 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:43:19.0837 3316 KSecDD - ok
08:43:19.0852 3316 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:43:19.0868 3316 KSecPkg - ok
08:43:19.0884 3316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:43:19.0915 3316 ksthunk - ok
08:43:19.0930 3316 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:43:19.0977 3316 KtmRm - ok
08:43:20.0008 3316 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
08:43:20.0040 3316 LanmanServer - ok
08:43:20.0055 3316 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:43:20.0118 3316 LanmanWorkstation - ok
08:43:20.0133 3316 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:43:20.0164 3316 lltdio - ok
08:43:20.0180 3316 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:43:20.0211 3316 lltdsvc - ok
08:43:20.0227 3316 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:43:20.0242 3316 lmhosts - ok
08:43:20.0274 3316 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:43:20.0289 3316 LSI_FC - ok
08:43:20.0305 3316 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:43:20.0320 3316 LSI_SAS - ok
08:43:20.0336 3316 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:43:20.0352 3316 LSI_SAS2 - ok
08:43:20.0367 3316 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:43:20.0383 3316 LSI_SCSI - ok
08:43:20.0383 3316 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:43:20.0414 3316 luafv - ok
08:43:20.0445 3316 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:43:20.0461 3316 Mcx2Svc - ok
08:43:20.0476 3316 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:43:20.0492 3316 megasas - ok
08:43:20.0508 3316 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:43:20.0523 3316 MegaSR - ok
08:43:20.0554 3316 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
08:43:20.0554 3316 MEIx64 - ok
08:43:20.0632 3316 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
08:43:20.0648 3316 Microsoft Office Groove Audit Service - ok
08:43:20.0664 3316 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:43:20.0710 3316 MMCSS - ok
08:43:20.0726 3316 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:43:20.0742 3316 Modem - ok
08:43:20.0757 3316 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:43:20.0773 3316 monitor - ok
08:43:20.0788 3316 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:43:20.0804 3316 mouclass - ok
08:43:20.0804 3316 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:43:20.0835 3316 mouhid - ok
08:43:20.0851 3316 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:43:20.0866 3316 mountmgr - ok
08:43:20.0882 3316 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:43:20.0898 3316 mpio - ok
08:43:20.0913 3316 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:43:20.0944 3316 mpsdrv - ok
08:43:20.0976 3316 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:43:21.0038 3316 MpsSvc - ok
08:43:21.0054 3316 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:43:21.0069 3316 MRxDAV - ok
08:43:21.0085 3316 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:43:21.0100 3316 mrxsmb - ok
08:43:21.0132 3316 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:43:21.0147 3316 mrxsmb10 - ok
08:43:21.0178 3316 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:43:21.0210 3316 mrxsmb20 - ok
08:43:21.0225 3316 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:43:21.0241 3316 msahci - ok
08:43:21.0256 3316 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:43:21.0256 3316 msdsm - ok
08:43:21.0272 3316 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:43:21.0288 3316 MSDTC - ok
08:43:21.0319 3316 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:43:21.0366 3316 Msfs - ok
08:43:21.0381 3316 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:43:21.0397 3316 mshidkmdf - ok
08:43:21.0397 3316 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:43:21.0412 3316 msisadrv - ok
08:43:21.0428 3316 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:43:21.0490 3316 MSiSCSI - ok
08:43:21.0490 3316 msiserver - ok
08:43:21.0522 3316 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:43:21.0568 3316 MSKSSRV - ok
08:43:21.0568 3316 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:43:21.0600 3316 MSPCLOCK - ok
08:43:21.0615 3316 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:43:21.0646 3316 MSPQM - ok
08:43:21.0662 3316 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:43:21.0678 3316 MsRPC - ok
08:43:21.0678 3316 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
08:43:21.0693 3316 mssmbios - ok
08:43:21.0709 3316 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:43:21.0724 3316 MSTEE - ok
08:43:21.0740 3316 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:43:21.0756 3316 MTConfig - ok
08:43:21.0756 3316 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:43:21.0771 3316 Mup - ok
08:43:21.0787 3316 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:43:21.0834 3316 napagent - ok
08:43:21.0865 3316 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:43:21.0912 3316 NativeWifiP - ok
08:43:22.0005 3316 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
08:43:22.0068 3316 NAUpdate - ok
08:43:22.0099 3316 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
08:43:22.0146 3316 NDIS - ok
08:43:22.0161 3316 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:43:22.0192 3316 NdisCap - ok
08:43:22.0208 3316 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:43:22.0239 3316 NdisTapi - ok
08:43:22.0255 3316 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:43:22.0270 3316 Ndisuio - ok
08:43:22.0286 3316 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:43:22.0317 3316 NdisWan - ok
08:43:22.0317 3316 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:43:22.0333 3316 NDProxy - ok
08:43:22.0364 3316 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:43:22.0380 3316 NetBIOS - ok
08:43:22.0395 3316 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:43:22.0426 3316 NetBT - ok
08:43:22.0442 3316 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:22.0442 3316 Netlogon - ok
08:43:22.0473 3316 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:43:22.0536 3316 Netman - ok
08:43:22.0614 3316 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:22.0629 3316 NetMsmqActivator - ok
08:43:22.0645 3316 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:22.0660 3316 NetPipeActivator - ok
08:43:22.0692 3316 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:43:22.0738 3316 netprofm - ok
08:43:22.0738 3316 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:22.0754 3316 NetTcpActivator - ok
08:43:22.0754 3316 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:43:22.0754 3316 NetTcpPortSharing - ok
08:43:22.0785 3316 netvsc (73ce12b8bdd747b0063cb0a7ef44cea7) C:\Windows\system32\DRIVERS\netvsc60.sys
08:43:22.0801 3316 netvsc - ok
08:43:22.0832 3316 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:43:22.0848 3316 nfrd960 - ok
08:43:22.0863 3316 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:43:22.0894 3316 NlaSvc - ok
08:43:23.0004 3316 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
08:43:23.0082 3316 NOBU - ok
08:43:23.0128 3316 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:43:23.0160 3316 Npfs - ok
08:43:23.0175 3316 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:43:23.0191 3316 nsi - ok
08:43:23.0206 3316 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:43:23.0222 3316 nsiproxy - ok
08:43:23.0269 3316 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:43:23.0331 3316 Ntfs - ok
08:43:23.0362 3316 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:43:23.0409 3316 Null - ok
08:43:23.0425 3316 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
08:43:23.0456 3316 nusb3hub - ok
08:43:23.0456 3316 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
08:43:23.0487 3316 nusb3xhc - ok
08:43:23.0503 3316 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:43:23.0518 3316 nvraid - ok
08:43:23.0550 3316 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:43:23.0565 3316 nvstor - ok
08:43:23.0581 3316 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:43:23.0596 3316 nv_agp - ok
08:43:23.0659 3316 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:43:23.0674 3316 odserv - ok
08:43:23.0690 3316 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:43:23.0721 3316 ohci1394 - ok
08:43:23.0752 3316 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:43:23.0768 3316 ose - ok
08:43:23.0799 3316 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:23.0830 3316 p2pimsvc - ok
08:43:23.0846 3316 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:43:23.0877 3316 p2psvc - ok
08:43:23.0893 3316 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:43:23.0908 3316 Parport - ok
08:43:23.0924 3316 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
08:43:23.0940 3316 partmgr - ok
08:43:23.0955 3316 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:43:23.0986 3316 PcaSvc - ok
08:43:24.0002 3316 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:43:24.0002 3316 pci - ok
08:43:24.0018 3316 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:43:24.0018 3316 pciide - ok
08:43:24.0033 3316 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:43:24.0049 3316 pcmcia - ok
08:43:24.0064 3316 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:43:24.0080 3316 pcw - ok
08:43:24.0096 3316 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:43:24.0158 3316 PEAUTH - ok
08:43:24.0236 3316 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
08:43:24.0267 3316 PeerDistSvc - ok
08:43:24.0314 3316 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:43:24.0345 3316 PerfHost - ok
08:43:24.0408 3316 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:43:24.0486 3316 pla - ok
08:43:24.0564 3316 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:43:24.0595 3316 PlugPlay - ok
08:43:24.0610 3316 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:43:24.0626 3316 PNRPAutoReg - ok
08:43:24.0642 3316 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:43:24.0657 3316 PNRPsvc - ok
08:43:24.0704 3316 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:43:24.0751 3316 PolicyAgent - ok
08:43:24.0751 3316 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll
08:43:24.0766 3316 Power - ok
08:43:24.0813 3316 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:43:24.0860 3316 PptpMiniport - ok
08:43:24.0876 3316 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:43:24.0891 3316 Processor - ok
08:43:24.0922 3316 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
08:43:24.0954 3316 ProfSvc - ok
08:43:24.0969 3316 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:24.0985 3316 ProtectedStorage - ok
08:43:24.0985 3316 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:43:25.0016 3316 Psched - ok
08:43:25.0047 3316 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:43:25.0063 3316 PxHlpa64 - ok
08:43:25.0094 3316 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:43:25.0156 3316 ql2300 - ok
08:43:25.0234 3316 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:43:25.0250 3316 ql40xx - ok
08:43:25.0266 3316 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:43:25.0281 3316 QWAVE - ok
08:43:25.0297 3316 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:43:25.0312 3316 QWAVEdrv - ok
08:43:25.0328 3316 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:43:25.0359 3316 RasAcd - ok
08:43:25.0390 3316 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:43:25.0422 3316 RasAgileVpn - ok
08:43:25.0437 3316 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:43:25.0468 3316 RasAuto - ok
08:43:25.0484 3316 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:43:25.0531 3316 Rasl2tp - ok
08:43:25.0562 3316 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:43:25.0609 3316 RasMan - ok
08:43:25.0624 3316 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:43:25.0656 3316 RasPppoe - ok
08:43:25.0671 3316 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:43:25.0702 3316 RasSstp - ok
08:43:25.0718 3316 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:43:25.0749 3316 rdbss - ok
08:43:25.0749 3316 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
08:43:25.0765 3316 rdpbus - ok
08:43:25.0765 3316 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:43:25.0796 3316 RDPCDD - ok
08:43:25.0812 3316 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
08:43:25.0827 3316 RDPDR - ok
08:43:25.0843 3316 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:43:25.0890 3316 RDPENCDD - ok
08:43:25.0905 3316 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:43:25.0921 3316 RDPREFMP - ok
08:43:25.0952 3316 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
08:43:25.0983 3316 RDPWD - ok
08:43:25.0999 3316 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:43:26.0030 3316 rdyboost - ok
08:43:26.0046 3316 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:43:26.0092 3316 RemoteAccess - ok
08:43:26.0108 3316 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:43:26.0155 3316 RemoteRegistry - ok
08:43:26.0280 3316 RoxMediaDB13 (053a0d66b1982d93a20062e4da40b29b) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe
08:43:26.0311 3316 RoxMediaDB13 - ok
08:43:26.0342 3316 RoxWatch12 (495c85b15470374a9499451893742ee6) C:\Program Files (x86)\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe
08:43:26.0358 3316 RoxWatch12 - ok
08:43:26.0436 3316 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:43:26.0482 3316 RpcEptMapper - ok
08:43:26.0498 3316 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:43:26.0514 3316 RpcLocator - ok
08:43:26.0529 3316 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:43:26.0576 3316 RpcSs - ok
08:43:26.0607 3316 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:43:26.0638 3316 rspndr - ok
08:43:26.0654 3316 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
08:43:26.0654 3316 s3cap - ok
08:43:26.0670 3316 Sahdad64 (27db9153d259d632d15483deeab799ed) C:\Windows\system32\Drivers\Sahdad64.sys
08:43:26.0685 3316 Sahdad64 - ok
08:43:26.0685 3316 Saibad64 (f77849d909b90bcacfcf7295aecf299b) C:\Windows\system32\Drivers\Saibad64.sys
08:43:26.0701 3316 Saibad64 - ok
08:43:26.0701 3316 SaibVdAd64 (704d415290a568f68de20942dac23f7e) C:\Windows\system32\Drivers\SaibVdAd64.sys
08:43:26.0716 3316 SaibVdAd64 - ok
08:43:26.0732 3316 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:26.0748 3316 SamSs - ok
08:43:26.0748 3316 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:43:26.0763 3316 sbp2port - ok
08:43:26.0779 3316 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:43:26.0810 3316 SCardSvr - ok
08:43:26.0810 3316 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:43:26.0841 3316 scfilter - ok
08:43:26.0872 3316 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:43:26.0935 3316 Schedule - ok
08:43:26.0950 3316 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:43:26.0997 3316 SCPolicySvc - ok
08:43:27.0028 3316 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:43:27.0060 3316 SDRSVC - ok
08:43:27.0075 3316 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:43:27.0122 3316 secdrv - ok
08:43:27.0138 3316 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:43:27.0153 3316 seclogon - ok
08:43:27.0184 3316 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
08:43:27.0216 3316 SENS - ok
08:43:27.0216 3316 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:43:27.0247 3316 SensrSvc - ok
08:43:27.0278 3316 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:43:27.0309 3316 Serenum - ok
08:43:27.0325 3316 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:43:27.0340 3316 Serial - ok
08:43:27.0372 3316 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:43:27.0403 3316 sermouse - ok
08:43:27.0434 3316 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:43:27.0481 3316 SessionEnv - ok
08:43:27.0496 3316 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:43:27.0496 3316 sffdisk - ok
08:43:27.0512 3316 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:43:27.0528 3316 sffp_mmc - ok
08:43:27.0528 3316 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:43:27.0543 3316 sffp_sd - ok
08:43:27.0543 3316 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:43:27.0559 3316 sfloppy - ok
08:43:27.0684 3316 SftService (421c30c8e686dc41e64881269982b382) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
08:43:27.0762 3316 SftService - ok
08:43:27.0840 3316 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:43:27.0871 3316 SharedAccess - ok
08:43:27.0902 3316 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:43:27.0918 3316 ShellHWDetection - ok
08:43:27.0949 3316 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:43:27.0949 3316 SiSRaid2 - ok
08:43:27.0964 3316 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:43:27.0980 3316 SiSRaid4 - ok
08:43:28.0011 3316 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:43:28.0042 3316 Smb - ok
08:43:28.0058 3316 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:43:28.0074 3316 SNMPTRAP - ok
08:43:28.0089 3316 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:43:28.0089 3316 spldr - ok
08:43:28.0120 3316 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:43:28.0152 3316 Spooler - ok
08:43:28.0245 3316 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:43:28.0339 3316 sppsvc - ok
08:43:28.0386 3316 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:43:28.0432 3316 sppuinotify - ok
08:43:28.0448 3316 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:43:28.0495 3316 srv - ok
08:43:28.0510 3316 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:43:28.0542 3316 srv2 - ok
08:43:28.0557 3316 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:43:28.0573 3316 srvnet - ok
08:43:28.0588 3316 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:43:28.0635 3316 SSDPSRV - ok
08:43:28.0651 3316 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:43:28.0666 3316 SstpSvc - ok
08:43:28.0682 3316 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:43:28.0682 3316 stexstor - ok
08:43:28.0713 3316 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:43:28.0744 3316 stisvc - ok
08:43:28.0760 3316 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
08:43:28.0776 3316 StorSvc - ok
08:43:28.0791 3316 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
08:43:28.0807 3316 storvsc - ok
08:43:28.0807 3316 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
08:43:28.0822 3316 swenum - ok
08:43:28.0838 3316 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:43:28.0885 3316 swprv - ok
08:43:28.0900 3316 SynthVid (4cdd7df58730d23ba9cb5829a6e2ecea) C:\Windows\system32\DRIVERS\VMBusVideoM.sys
08:43:28.0916 3316 SynthVid - ok
08:43:28.0963 3316 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:43:29.0025 3316 SysMain - ok
08:43:29.0072 3316 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:43:29.0103 3316 TabletInputService - ok
08:43:29.0119 3316 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:43:29.0150 3316 TapiSrv - ok
08:43:29.0166 3316 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:43:29.0181 3316 TBS - ok
08:43:29.0244 3316 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
08:43:29.0275 3316 Tcpip - ok
08:43:29.0368 3316 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
08:43:29.0400 3316 TCPIP6 - ok
08:43:29.0446 3316 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:43:29.0493 3316 tcpipreg - ok
08:43:29.0509 3316 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:43:29.0509 3316 TDPIPE - ok
08:43:29.0540 3316 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:43:29.0540 3316 TDTCP - ok
08:43:29.0556 3316 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:43:29.0602 3316 tdx - ok
08:43:29.0618 3316 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
08:43:29.0634 3316 TermDD - ok
08:43:29.0649 3316 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:43:29.0680 3316 TermService - ok
08:43:29.0696 3316 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:43:29.0712 3316 Themes - ok
08:43:29.0743 3316 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:43:29.0758 3316 THREADORDER - ok
08:43:29.0790 3316 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
08:43:29.0805 3316 tmactmon - ok
08:43:29.0836 3316 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
08:43:29.0852 3316 tmcomm - ok
08:43:29.0852 3316 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
08:43:29.0868 3316 tmeevw - ok
08:43:29.0868 3316 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
08:43:29.0883 3316 tmevtmgr - ok
08:43:29.0899 3316 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
08:43:29.0899 3316 tmnciesc - ok
08:43:29.0914 3316 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
08:43:29.0930 3316 tmtdi - ok
08:43:29.0946 3316 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:43:29.0992 3316 TrkWks - ok
08:43:30.0039 3316 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:43:30.0070 3316 TrustedInstaller - ok
08:43:30.0086 3316 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:43:30.0102 3316 tssecsrv - ok
08:43:30.0117 3316 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:43:30.0133 3316 TsUsbFlt - ok
08:43:30.0133 3316 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:43:30.0148 3316 TsUsbGD - ok
08:43:30.0180 3316 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:43:30.0211 3316 tunnel - ok
08:43:30.0226 3316 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:43:30.0226 3316 uagp35 - ok
08:43:30.0258 3316 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:43:30.0304 3316 udfs - ok
08:43:30.0320 3316 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:43:30.0336 3316 UI0Detect - ok
08:43:30.0351 3316 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:43:30.0367 3316 uliagpkx - ok
08:43:30.0382 3316 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:43:30.0398 3316 umbus - ok
08:43:30.0414 3316 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:43:30.0429 3316 UmPass - ok
08:43:30.0460 3316 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
08:43:30.0476 3316 UmRdpService - ok
08:43:30.0507 3316 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:43:30.0538 3316 upnphost - ok
08:43:30.0554 3316 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
08:43:30.0585 3316 usbccgp - ok
08:43:30.0601 3316 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:43:30.0616 3316 usbcir - ok
08:43:30.0632 3316 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
08:43:30.0648 3316 usbehci - ok
08:43:30.0663 3316 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
08:43:30.0694 3316 usbhub - ok
08:43:30.0694 3316 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:43:30.0726 3316 usbohci - ok
08:43:30.0726 3316 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:43:30.0757 3316 usbprint - ok
08:43:30.0772 3316 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:43:30.0804 3316 USBSTOR - ok
08:43:30.0819 3316 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:43:30.0819 3316 usbuhci - ok
08:43:30.0835 3316 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:43:30.0850 3316 UxSms - ok
08:43:30.0866 3316 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:43:30.0882 3316 VaultSvc - ok
08:43:30.0897 3316 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:43:30.0897 3316 vdrvroot - ok
08:43:30.0928 3316 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:43:30.0960 3316 vds - ok
08:43:30.0960 3316 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:43:30.0975 3316 vga - ok
08:43:30.0991 3316 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:43:31.0022 3316 VgaSave - ok
08:43:31.0038 3316 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:43:31.0053 3316 vhdmp - ok
08:43:31.0053 3316 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:43:31.0053 3316 viaide - ok
08:43:31.0069 3316 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
08:43:31.0069 3316 VMBusHID - ok
08:43:31.0131 3316 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:43:31.0147 3316 volmgr - ok
08:43:31.0162 3316 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:43:31.0194 3316 volmgrx - ok
08:43:31.0194 3316 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:43:31.0225 3316 volsnap - ok
08:43:31.0240 3316 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
08:43:31.0240 3316 vpcbus - ok
08:43:31.0256 3316 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
08:43:31.0272 3316 vpcnfltr - ok
08:43:31.0272 3316 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
08:43:31.0287 3316 vpcusb - ok
08:43:31.0303 3316 vpcvmm (30d4243726a15a14f5c5e45898d14394) C:\Windows\system32\drivers\vpcvmm.sys
08:43:31.0318 3316 vpcvmm - ok
08:43:31.0350 3316 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:43:31.0365 3316 vsmraid - ok
08:43:31.0396 3316 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:43:31.0506 3316 VSS - ok
08:43:31.0568 3316 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
08:43:31.0599 3316 vwifibus - ok
08:43:31.0630 3316 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:43:31.0677 3316 W32Time - ok
08:43:31.0677 3316 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:43:31.0693 3316 WacomPen - ok
08:43:31.0708 3316 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:43:31.0740 3316 WANARP - ok
08:43:31.0740 3316 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:43:31.0771 3316 Wanarpv6 - ok
08:43:31.0818 3316 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
08:43:31.0864 3316 WatAdminSvc - ok
08:43:31.0911 3316 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:43:31.0942 3316 wbengine - ok
08:43:31.0989 3316 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:43:32.0020 3316 WbioSrvc - ok
08:43:32.0052 3316 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:43:32.0067 3316 wcncsvc - ok
08:43:32.0067 3316 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:43:32.0083 3316 WcsPlugInService - ok
08:43:32.0098 3316 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:43:32.0114 3316 Wd - ok
08:43:32.0130 3316 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:43:32.0161 3316 Wdf01000 - ok
08:43:32.0192 3316 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:43:32.0223 3316 WdiServiceHost - ok
08:43:32.0223 3316 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:43:32.0239 3316 WdiSystemHost - ok
08:43:32.0270 3316 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:43:32.0286 3316 WebClient - ok
08:43:32.0301 3316 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:43:32.0332 3316 Wecsvc - ok
08:43:32.0332 3316 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:43:32.0395 3316 wercplsupport - ok
08:43:32.0410 3316 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:43:32.0426 3316 WerSvc - ok
08:43:32.0457 3316 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:43:32.0488 3316 WfpLwf - ok
08:43:32.0520 3316 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
08:43:32.0535 3316 WimFltr - ok
08:43:32.0551 3316 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:43:32.0566 3316 WIMMount - ok
08:43:32.0598 3316 WinDefend - ok
08:43:32.0598 3316 WinHttpAutoProxySvc - ok
08:43:32.0644 3316 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:43:32.0691 3316 Winmgmt - ok
08:43:32.0738 3316 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:43:32.0816 3316 WinRM - ok
08:43:32.0894 3316 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:43:32.0910 3316 Wlansvc - ok
08:43:32.0941 3316 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:43:32.0941 3316 wlcrasvc - ok
08:43:33.0066 3316 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:43:33.0112 3316 wlidsvc - ok
08:43:33.0175 3316 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:43:33.0190 3316 WmiAcpi - ok
08:43:33.0222 3316 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:43:33.0253 3316 wmiApSrv - ok
08:43:33.0268 3316 WMPNetworkSvc - ok
08:43:33.0300 3316 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:43:33.0315 3316 WPCSvc - ok
08:43:33.0331 3316 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:43:33.0362 3316 WPDBusEnum - ok
08:43:33.0362 3316 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:43:33.0393 3316 ws2ifsl - ok
08:43:33.0409 3316 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
08:43:33.0440 3316 wscsvc - ok
08:43:33.0440 3316 WSearch - ok
08:43:33.0502 3316 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
08:43:33.0596 3316 wuauserv - ok
08:43:33.0643 3316 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:43:33.0690 3316 WudfPf - ok
08:43:33.0690 3316 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:43:33.0721 3316 WUDFRd - ok
08:43:33.0736 3316 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:43:33.0752 3316 wudfsvc - ok
08:43:33.0768 3316 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:43:33.0783 3316 WwanSvc - ok
08:43:33.0799 3316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:43:33.0924 3316 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
08:43:33.0924 3316 \Device\Harddisk0\DR0 - detected TDSS File System (1)
08:43:33.0924 3316 Boot (0x1200) (07f0ea99f308de005323e00516ac7499) \Device\Harddisk0\DR0\Partition0
08:43:33.0924 3316 \Device\Harddisk0\DR0\Partition0 - ok
08:43:33.0955 3316 Boot (0x1200) (c18cdcf24848af75d8ec601f10d3843c) \Device\Harddisk0\DR0\Partition1
08:43:33.0955 3316 \Device\Harddisk0\DR0\Partition1 - ok
08:43:33.0955 3316 ============================================================
08:43:33.0955 3316 Scan finished
08:43:33.0955 3316 ============================================================
08:43:33.0955 8712 Detected object count: 2
08:43:33.0955 8712 Actual detected object count: 2
08:43:52.0581 8712 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
08:43:52.0581 8712 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:43:52.0613 8712 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
08:43:57.0152 8712 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
08:43:57.0495 8712 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
08:44:00.0803 8712 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
08:44:03.0891 8712 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
08:44:03.0907 8712 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
08:44:06.0824 8712 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
08:44:06.0824 8712 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
08:44:06.0824 8712 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
08:44:06.0840 8712 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
08:44:10.0100 8712 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
08:44:13.0080 8712 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
08:44:13.0095 8712 \Device\Harddisk0\DR0\TDLFS - deleted
08:44:13.0095 8712 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
08:54:11.0376 4940 Deinitialize success

----------------------------------------------------------------------------------------

Mbam Log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Xps8300 :: ROB [administrator]

5/9/2012 8:57:12 AM
mbam-log-2012-05-09 (08-57-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205359
Time elapsed: 1 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

--------------------------------------------------------------------------------

ESET Scan log

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
C:\TDSSKiller_Quarantine\09.05.2012_08.42.55\tdlfs0000\tsk0000.dta Win64/Olmarik.AD trojan
C:\TDSSKiller_Quarantine\09.05.2012_08.42.55\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KQ trojan

#11 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 09 May 2012 - 08:45 AM

sorry, here is the screenshot of what my AV found

Attached Files



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 10 May 2012 - 07:47 AM

Hello jet222,



Your logs looks good to me.
The detected files by ESET and your TrendMicro are in the quarantine folders of the tools we have been using.
They will be gone once we do our final cleanups.

I'll get back to you later today since I should go to work. Stay tuned.



Regards,
Georgi

cXfZ4wS.png


#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 11 May 2012 - 07:12 AM

Hello,



Nicely done !
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.





STEP 1 UPDATING TASKS



Upgrading Java:



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME


  • Download the latest version of Java SE 6 Update 32.
  • Click the Java SE 6 Update 32 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u32-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java => (Java™ 6 Update 30)
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-6u32-windows-i586.exe and select "Run as an Administrator.")


Repeat the steps above and download and install - Java SE 7 Update 4 (remove => (Java™ 7 Update 1 via Control Panel).



I suggest you to download and install the latest version of Skype as well. => Skype 5.9.0.115 Final


  • It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
  • Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
  • You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

Posted Image



Visit Microsoft's Windows Update Site Frequently



  • It is important that you visit Windows Update regularly.
  • This will ensure your computer has always the latest security updates available installed on your computer.
  • If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.





STEP 2 CLEANUP



1. Uninstall Combofix - The following will implement some cleanup procedures as well as reset System Restore points:


  • Right-click on the Windows "Start" button.
  • Click "Properties."
  • Click "Customize" on the "Taskbar and Start Menu Properties" screen.
  • Place a check mark next to "Run" command on the list of options.
  • Click "OK."
  • Click the Windows logo to open the Start menu. The "Run" command is now present and can be clicked to open a "Run" dialog.
  • Copy/paste the following text into the Run box and click OK => ComboFix /Uninstall and hit Enter
.





2. To remove all of the tools we used and the files and folders they created, please do the following:



  • Please reopen Posted Image on your desktop.
  • In the upper right click CleanUp
    Posted Image
  • This will delete OTL and will clean up after it.


Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


You can uninstall - ESET Online Scanner v3.





STEP 3 SECURITY ADVICES



Change all your passwords !



For peace of mind, I would however advise you that all your passwords be changed!! (just in case).





Keep your antivirus software turned on and up-to-date



  • Make sure your antivirus software is turned on and up-to-date.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note:
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Note: Go ahead and empty TrendMicro's Quarantine folder.
  • By the way, you should scan your computer with an antimalware program (like Malwarebytes' Anti-Malware) on a regular basis just as you would an antivirus software.




Practice Safe Internet



One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:


  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
    Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  • Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  • Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.




Create an image of your system








Optimize Windows 7 for better performance



Check the following link for more info:
http://windows.microsoft.com/en-us/windows7/Optimize-Windows-7-for-better-performance



I would definitely recommend you to check to check your hard drives for errors.



5/8/2012 9:21:18 AM, Error: Disk [11]  - The driver detected a controller error on \...\DR7.
5/8/2012 8:52:09 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR5.
5/3/2012 4:37:15 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR10.
5/2/2012 8:28:03 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk5\DR8.



Run CHKDSK to check for disk errors


  • Click Start => go to RUN and type in cmd and then hit Enter.
  • At the command prompt, type the following command chkdsk c: /x /f /r and then press Enter.
  • If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
  • At the command prompt, type exit and then press Enter.
  • Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
    This process can take up to an hour!
  • When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
  • Once Event Viewer is open, select Windows logs => Application => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
  • Scroll through the Source column to find the most recent entry titled WinInit and id of 1001.
  • Double-click WinInit to view the CHKDSK results.
  • Repeat the steps for all drives in your PC.

    chkdsk c: /x /f /r
    chkdsk d: /x /f /r
    chkdsk e: /x /f /r

    etc.



Follow this list and your potential for being infected again will reduce dramatically.



Safe Surfing ! ;)



Regards,
Georgi

cXfZ4wS.png


#14 jet222

jet222
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 13 May 2012 - 01:59 PM

i am out of town at the moment, i will be returning on monday evening, please keep my topic open until i have had a chance to do these last steps in case i have any questions, thanks

#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:52 AM

Posted 13 May 2012 - 09:55 PM

Hi,



Not a problem and thanks for letting me know. :)



Regards,
Georgi

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users