Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GAC_32\Desktop.ini (Trojan.Generic.7552386 (Engine A)) Windows 7


  • This topic is locked This topic is locked
18 replies to this topic

#1 Dawny123

Dawny123

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 10 August 2012 - 01:10 PM

HitmanPro 3.6.1 (Build 163 64-bit) is showing Trojan in:

c:\Windows\assembly\GAC_32Desktop.ini
Trojan.Generic.7552386 (Engine A) Backdoor.Maxplus.6342 Trojan.Win32Sirefef!IK

and..

c:\windows\system32\services.exe as suspicious

Hitman tries to delete the file on reboot but it is not working as when I run the scan again it says the file is still infected.

I have tried various removal tools, Hitman, Spybot, McAfee (Stinger) but they are not working and I am at a loss as to what to try next.

McAfee finds ZeroAccess in the following:
c:\Windows\assembly\GAC_32Desktop.ini
c:\Windows\assembly\GAC_64Desktop.ini

Kind regards.


Logs follow:

DDS:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Craig at 18:31:23 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1320 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\HidFind.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Craig\Downloads\HitmanPro36_x64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bt.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628222547.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.ppg.eu/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0628CE13-01A6-4E74-9F13-5D0F3C31E166} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0628CE13-01A6-4E74-9F13-5D0F3C31E166}\244584572633D28473A5A5 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{A4365F48-8542-4291-894B-6226D265DD4E} : DhcpNameServer = 192.168.1.254 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628222547.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-16 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-16 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-16 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-7-10 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-7-10 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 hitmanpro36;HitmanPro 3.6 Support Driver;\??\C:\Windows\system32\drivers\hitmanpro36.sys --> C:\Windows\system32\drivers\hitmanpro36.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-7 135664]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-12-16 249936]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-7 135664]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-10 16:44:13 30496 ----a-w- C:\Windows\System32\drivers\hitmanpro36.sys
2012-08-10 16:05:51 -------- d-----w- C:\ProgramData\HitmanPro
2012-08-10 15:59:41 16200 ----a-w- C:\Windows\stinger.sys
2012-08-10 15:59:17 -------- d-----w- C:\Program Files (x86)\stinger
2012-08-10 15:34:43 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-10 14:26:12 -------- d-----w- C:\Users\Craig\AppData\Roaming\Simply Super Software
2012-08-10 14:26:07 -------- d-----w- C:\ProgramData\Simply Super Software
2012-08-10 14:26:07 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-08-10 13:54:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-10 13:54:27 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-10 12:19:56 61440 ----a-w- C:\ProgramData\bclrpkyc.exe
2012-08-10 12:19:56 -------- d-----w- C:\ProgramData\kpbpbvqkgdkauxe
2012-08-10 12:19:48 61440 ----a-w- C:\Users\Craig\0.8397469430571424.exe
2012-08-09 21:44:23 -------- d-----w- C:\Users\Craig\AppData\Roaming\Hon
2012-08-09 21:43:47 -------- d-----w- C:\Users\Craig\AppData\Roaming\Ywrepi
2012-08-09 21:43:47 -------- d-----w- C:\Users\Craig\AppData\Roaming\Uwryna
2012-08-09 21:43:47 -------- d-----w- C:\Users\Craig\AppData\Roaming\Tyir
2012-08-07 18:22:56 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9574FCF6-7061-439A-88F4-128E6B167361}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-03 18:30:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 18:30:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-05 21:06:30 772544 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-05 21:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 11:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:32:55.90 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 01:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 03:56 AM

Hi Gringo,

Thank you for your reply.

The situation has moved on somewhat since my original post. I have restored the laptop to a previous restore point that I believed to be prior to the malware infection, I then ran McAfee full scan again and it found Generic dx trojan, it has appeared to deal with this correctly and I have rebooted the laptop and just run another full McAfee scan which has come back clean. However, I am keen to go through any steps necessary to make sure that this really is completely removed and there are no remnants left on the machine.

I will run the security check and ComboFix now and post the results ASAP.

Kind regards

Dawn

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 04:00 AM

no problem

I may not respond untill later today


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 04:57 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.1
Java™ 6 Update 32
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

ComboFix 12-08-09.01 - Craig 11/08/2012 10:28:50.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1344 [GMT 1:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Dell
c:\programdata\Dell\Dell Stage\plugins\{6dedbe25-1baa-49d5-a314-3524143af6f7}.umj
c:\programdata\Dell\DellDock\BaseCategories.xml
c:\programdata\Dell\DellDock\BaseDesktopExclusions.xml
c:\programdata\Dell\DellDock\BaseSettings.xml
c:\programdata\Dell\DellDock\BRZ\BaseCategories.xml
c:\programdata\Dell\DellDock\BRZ\BaseSettings.xml
c:\programdata\Dell\DellDock\BRZ\Default.lang.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\BRZ\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\BRZ\uninstaller.xml
c:\programdata\Dell\DellDock\CHI\BaseCategories.xml
c:\programdata\Dell\DellDock\CHI\BaseSettings.xml
c:\programdata\Dell\DellDock\CHI\Default.lang.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\CHI\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\CHI\uninstaller.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\BT NetProtect Plus.lnk.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\Dell Support Center.lnk.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\Express Rip.lnk.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\iTunes.lnk.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\QuickTime Player.lnk.xml
c:\programdata\Dell\DellDock\ClearedDesktopShortcuts\Safari.lnk.xml
c:\programdata\Dell\DellDock\DAN\BaseCategories.xml
c:\programdata\Dell\DellDock\DAN\BaseSettings.xml
c:\programdata\Dell\DellDock\DAN\Default.lang.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\DAN\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\DAN\uninstaller.xml
c:\programdata\Dell\DellDock\Default.lang.xml
c:\programdata\Dell\DellDock\DUT\BaseCategories.xml
c:\programdata\Dell\DellDock\DUT\BaseSettings.xml
c:\programdata\Dell\DellDock\DUT\Default.lang.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\DUT\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\DUT\uninstaller.xml
c:\programdata\Dell\DellDock\error_log.txt
c:\programdata\Dell\DellDock\FRN\BaseCategories.xml
c:\programdata\Dell\DellDock\FRN\BaseSettings.xml
c:\programdata\Dell\DellDock\FRN\Default.lang.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\FRN\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\FRN\uninstaller.xml
c:\programdata\Dell\DellDock\GER\BaseCategories.xml
c:\programdata\Dell\DellDock\GER\BaseSettings.xml
c:\programdata\Dell\DellDock\GER\Default.lang.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\GER\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\GER\uninstaller.xml
c:\programdata\Dell\DellDock\images\aol_icon.jpg
c:\programdata\Dell\DellDock\images\ATT_32x32.JPG
c:\programdata\Dell\DellDock\images\Cozi.png
c:\programdata\Dell\DellDock\images\datasafe_32x32.jpg
c:\programdata\Dell\DellDock\images\DellSupport_32x32.jpg
c:\programdata\Dell\DellDock\images\DellSupportCenter_icon.jpg
c:\programdata\Dell\DellDock\images\dra.png
c:\programdata\Dell\DellDock\images\earthlink_icon.png
c:\programdata\Dell\DellDock\images\ebay_32x32.png
c:\programdata\Dell\DellDock\images\GDS_32x32.png
c:\programdata\Dell\DellDock\images\globe-32x32.png
c:\programdata\Dell\DellDock\images\McAfee_32x32.JPG
c:\programdata\Dell\DellDock\images\mycolors.png
c:\programdata\Dell\DellDock\images\netzero_icon.png
c:\programdata\Dell\DellDock\images\norton_32x32.PNG
c:\programdata\Dell\DellDock\images\pccilin_32x32.png
c:\programdata\Dell\DellDock\images\peoplepc.PNG
c:\programdata\Dell\DellDock\images\syncables_32x32.jpg
c:\programdata\Dell\DellDock\images\THX_32x32.jpg
c:\programdata\Dell\DellDock\images\windows_logo.png
c:\programdata\Dell\DellDock\images\wt.PNG
c:\programdata\Dell\DellDock\images\yp_32x32.JPG
c:\programdata\Dell\DellDock\ITN\BaseCategories.xml
c:\programdata\Dell\DellDock\ITN\BaseSettings.xml
c:\programdata\Dell\DellDock\ITN\Default.lang.XML
c:\programdata\Dell\DellDock\ITN\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\ITN\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\ITN\uninstaller.xml
c:\programdata\Dell\DellDock\JPN\BaseCategories.xml
c:\programdata\Dell\DellDock\JPN\BaseSettings.xml
c:\programdata\Dell\DellDock\JPN\Default.lang.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-aol .xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\JPN\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\JPN\uninstaller.xml
c:\programdata\Dell\DellDock\KOR\BaseCategories.xml
c:\programdata\Dell\DellDock\KOR\BaseSettings.xml
c:\programdata\Dell\DellDock\KOR\Default.lang.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\KOR\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\KOR\uninstaller.xml
c:\programdata\Dell\DellDock\langmap.ini
c:\programdata\Dell\DellDock\NOR\BaseCategories.xml
c:\programdata\Dell\DellDock\NOR\BaseSettings.xml
c:\programdata\Dell\DellDock\NOR\Default.lang.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\NOR\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\NOR\uninstaller.xml
c:\programdata\Dell\DellDock\Shortcuts\cozi.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-livemgr.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-skype.xml
c:\programdata\Dell\DellDock\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\Shortcuts\games-ddsgames.xml
c:\programdata\Dell\DellDock\Shortcuts\games-wtgames.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ddshelp.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-olsupport.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-syncables.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-acm.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-Dellmobilemanager.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-peoplepc.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-remoteaccess.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\internet-yp.xml
c:\programdata\Dell\DellDock\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\Shortcuts\music-ddsmusic.xml
c:\programdata\Dell\DellDock\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\Shortcuts\music-sbaudigy.xml
c:\programdata\Dell\DellDock\Shortcuts\music-thx.xml
c:\programdata\Dell\DellDock\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\music-zingspot.xml
c:\programdata\Dell\DellDock\Shortcuts\office-cozical.xml
c:\programdata\Dell\DellDock\Shortcuts\office-ddsoffice.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msOO.xml
c:\programdata\Dell\DellDock\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-adobephotoshop8.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\Shortcuts\security-datalocal.xml
c:\programdata\Dell\DellDock\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\Shortcuts\security-failsafe.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-adobepremiere8.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-cinemanowxp.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-ddsmovies.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-widi.xml
c:\programdata\Dell\DellDock\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\SPA\BaseCategories.xml
c:\programdata\Dell\DellDock\SPA\BaseSettings.xml
c:\programdata\Dell\DellDock\SPA\Default.lang.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-dellsportcenter.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-bestofweb.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-trend16.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\SPA\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\SPA\uninstaller.xml
c:\programdata\Dell\DellDock\startup_log.txt
c:\programdata\Dell\DellDock\SWE\BaseCategories.xml
c:\programdata\Dell\DellDock\SWE\BaseSettings.xml
c:\programdata\Dell\DellDock\SWE\Default.lang.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\SWE\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\SWE\uninstaller.xml
c:\programdata\Dell\DellDock\uninstaller.exe
c:\programdata\Dell\DellDock\uninstaller.xml
c:\programdata\Dell\DellDock\ZHO\BaseCategories.xml
c:\programdata\Dell\DellDock\ZHO\BaseSettings.xml
c:\programdata\Dell\DellDock\ZHO\Default.lang.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\bestofweb.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\emailchat-outlookmail.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\emailchat-sightspeed.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\emailchat-winmail.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-datasafepctransfer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-DellCustomize.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-dellsupportcenter.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-hybrid.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-mediareduc.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-ownermanual.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-pctuneup1.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-systemvideo.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-uninstaller.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-vistahelp.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\helpsupport-vistapctransfer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-aol.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-betterto.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-boxnet.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-bt.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-DellMobileBroadband.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-DellNetworkAssistant.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-earthlink.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-ericssonmgr.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-internetexplorer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-livewriter.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-netzero.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-tiscali.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internet-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\internetexplorer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\music-adobesoundbooth.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\music-idt32.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\music-idt64.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\music-vistamediaplayer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\office-msexcel.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\office-mspowerpoint.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\office-msword.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\office-worksspreadsheet.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\office-worksword.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\photos-adobephotoshop.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\photos-livephoto.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\photos-vistaphotogallery.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\photos-webcamm08.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\photos-webcamm09.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\recyclebin.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-boxnet.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-datasafe.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-facialrecognition.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-fingerprint.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-fingerprintm08.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-lojack.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-mcafee.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-norton2008.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-nortonsave.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-trendm.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-trendmicro.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\security-vistaparentalcontrol.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-adobepremiere.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-roxio10.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-sightspeed.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-vistamediaplayer.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-vistamoviemaker.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-webcamm08.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-webcamm09.xml
c:\programdata\Dell\DellDock\ZHO\Shortcuts\videos-windowsmediacenter.xml
c:\programdata\Dell\DellDock\ZHO\uninstaller.xml
c:\programdata\Dell\QuickSet\QSEBLSHARE
c:\programdata\lhbwooszwqnvbim
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\Craig\AppData\Roaming\Dell
c:\users\Craig\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\chassis.txt
c:\users\Craig\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\messagesFeed.xml
c:\users\Craig\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\status.txt
c:\users\Craig\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_event.xml
c:\users\Craig\AppData\Roaming\Dell\Dell Stage\{6dedbe25-1baa-49d5-a314-3524143af6f7}\tile_hover_images.txt
c:\users\Craig\AppData\Roaming\Tyir
c:\users\Craig\AppData\Roaming\Tyir\uvmer.ipd
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 09:39 . 2012-08-11 09:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 09:05 . 2012-08-11 09:05 -------- d-----w- c:\program files\CCleaner
2012-08-10 21:13 . 2012-08-10 21:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-10 21:05 . 2012-08-10 21:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-10 20:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-10 20:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-10 20:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{604E5609-3486-4C27-94A9-770BA9C76184}\mpengine.dll
2012-08-10 16:05 . 2012-08-10 20:38 -------- d-----w- c:\programdata\HitmanPro
2012-08-10 15:34 . 2012-08-10 15:34 -------- d-----w- c:\program files (x86)\Oracle
2012-08-10 14:26 . 2012-08-10 14:26 -------- d-----w- c:\users\Craig\AppData\Roaming\Simply Super Software
2012-08-10 14:26 . 2012-08-10 20:38 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-08-10 14:26 . 2012-08-10 14:26 -------- d-----w- c:\programdata\Simply Super Software
2012-08-10 13:54 . 2012-08-11 09:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-10 13:54 . 2012-08-10 21:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-10 12:19 . 2012-08-10 20:38 -------- d-----w- c:\programdata\kpbpbvqkgdkauxe
2012-08-09 21:44 . 2012-08-10 13:33 -------- d-----w- c:\users\Craig\AppData\Roaming\Hon
2012-08-09 21:43 . 2012-08-10 13:33 -------- d-----w- c:\users\Craig\AppData\Roaming\Uwryna
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 18:30 . 2012-04-09 18:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 18:30 . 2011-09-26 18:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 22:13 . 2010-04-14 08:37 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 21:06 . 2012-05-02 12:32 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 21:06 . 2010-05-03 08:32 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-10 22:17 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 21:40 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:40 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:40 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:39 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:40 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:40 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:39 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 12:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 12:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 12:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 12:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 12:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 12:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 12:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 12:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 12:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-10 22:12 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-10 22:12 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-10 22:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-10 22:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-10 22:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-10 22:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-10 22:12 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-10 22:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-10 22:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-10 22:12 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-10 22:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-10 22:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-10 22:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-10 22:12 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-10 22:12 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-10 22:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-10 22:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-10 22:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-10 22:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 21:39 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:39 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 21:39 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 21:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:39 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 11:25 . 2011-11-18 22:17 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-07 39408]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-27 1193176]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2012-04-12 559616]
.
c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:30]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 17:29]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 17:29]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bt.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-08-11 10:52:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 09:52
.
Pre-Run: 236,223,733,760 bytes free
Post-Run: 235,542,962,176 bytes free
.
- - End Of File - - AB59AA416683AB1AA612D8C6A6866015

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 05:15 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 06:18 AM

11:54:21.0998 5412 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:54:22.0030 5412 ============================================================
11:54:22.0030 5412 Current date / time: 2012/08/11 11:54:22.0014
11:54:22.0030 5412 SystemInfo:
11:54:22.0030 5412
11:54:22.0030 5412 OS Version: 6.1.7601 ServicePack: 1.0
11:54:22.0030 5412 Product type: Workstation
11:54:22.0030 5412 ComputerName: DELL
11:54:22.0030 5412 UserName: Craig
11:54:22.0030 5412 Windows directory: C:\Windows
11:54:22.0030 5412 System windows directory: C:\Windows
11:54:22.0030 5412 Running under WOW64
11:54:22.0030 5412 Processor architecture: Intel x64
11:54:22.0030 5412 Number of processors: 2
11:54:22.0030 5412 Page size: 0x1000
11:54:22.0030 5412 Boot type: Normal boot
11:54:22.0030 5412 ============================================================
11:54:23.0402 5412 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:54:23.0402 5412 ============================================================
11:54:23.0402 5412 \Device\Harddisk0\DR0:
11:54:23.0402 5412 MBR partitions:
11:54:23.0402 5412 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
11:54:23.0402 5412 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x236CE2B0
11:54:23.0402 5412 ============================================================
11:54:23.0434 5412 C: <-> \Device\Harddisk0\DR0\Partition1
11:54:23.0434 5412 ============================================================
11:54:23.0434 5412 Initialize success
11:54:23.0434 5412 ============================================================
11:54:32.0622 5432 ============================================================
11:54:32.0622 5432 Scan started
11:54:32.0622 5432 Mode: Manual;
11:54:32.0622 5432 ============================================================
11:54:32.0981 5432 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:54:32.0996 5432 1394ohci - ok
11:54:33.0074 5432 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:54:33.0074 5432 ACPI - ok
11:54:33.0121 5432 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:54:33.0121 5432 AcpiPmi - ok
11:54:33.0262 5432 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:54:33.0262 5432 AdobeARMservice - ok
11:54:33.0449 5432 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:54:33.0480 5432 AdobeFlashPlayerUpdateSvc - ok
11:54:33.0542 5432 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:54:33.0574 5432 adp94xx - ok
11:54:33.0620 5432 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:54:33.0620 5432 adpahci - ok
11:54:33.0636 5432 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:54:33.0652 5432 adpu320 - ok
11:54:33.0698 5432 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:54:33.0698 5432 AeLookupSvc - ok
11:54:33.0792 5432 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:54:33.0792 5432 AFD - ok
11:54:33.0823 5432 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:54:33.0839 5432 agp440 - ok
11:54:33.0870 5432 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:54:33.0870 5432 ALG - ok
11:54:33.0901 5432 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:54:33.0901 5432 aliide - ok
11:54:33.0918 5432 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:54:33.0918 5432 amdide - ok
11:54:33.0980 5432 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:54:33.0980 5432 AmdK8 - ok
11:54:33.0996 5432 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:54:33.0996 5432 AmdPPM - ok
11:54:34.0043 5432 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:54:34.0058 5432 amdsata - ok
11:54:34.0089 5432 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:54:34.0089 5432 amdsbs - ok
11:54:34.0121 5432 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:54:34.0121 5432 amdxata - ok
11:54:34.0167 5432 ApfiltrService (1412e9a88fe1f7e35ce6058a2ef03664) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:54:34.0167 5432 ApfiltrService - ok
11:54:34.0230 5432 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:54:34.0245 5432 AppID - ok
11:54:34.0277 5432 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:54:34.0277 5432 AppIDSvc - ok
11:54:34.0339 5432 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:54:34.0355 5432 Appinfo - ok
11:54:34.0495 5432 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:54:34.0495 5432 Apple Mobile Device - ok
11:54:34.0557 5432 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:54:34.0573 5432 arc - ok
11:54:34.0589 5432 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:54:34.0589 5432 arcsas - ok
11:54:34.0620 5432 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:54:34.0620 5432 AsyncMac - ok
11:54:34.0667 5432 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:54:34.0667 5432 atapi - ok
11:54:34.0760 5432 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:54:34.0776 5432 AudioEndpointBuilder - ok
11:54:34.0776 5432 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:54:34.0791 5432 AudioSrv - ok
11:54:34.0854 5432 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:54:34.0854 5432 AxInstSV - ok
11:54:34.0916 5432 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:54:34.0948 5432 b06bdrv - ok
11:54:35.0026 5432 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:54:35.0042 5432 b57nd60a - ok
11:54:35.0073 5432 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys
11:54:35.0073 5432 BCM42RLY - ok
11:54:35.0292 5432 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys
11:54:35.0307 5432 BCM43XX - ok
11:54:35.0479 5432 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:54:35.0479 5432 BDESVC - ok
11:54:35.0557 5432 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:54:35.0572 5432 Beep - ok
11:54:35.0666 5432 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:54:35.0682 5432 BFE - ok
11:54:35.0791 5432 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:54:35.0806 5432 BITS - ok
11:54:35.0900 5432 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:54:35.0900 5432 blbdrive - ok
11:54:36.0010 5432 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:54:36.0010 5432 Bonjour Service - ok
11:54:36.0088 5432 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:54:36.0088 5432 bowser - ok
11:54:36.0104 5432 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:54:36.0119 5432 BrFiltLo - ok
11:54:36.0135 5432 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:54:36.0135 5432 BrFiltUp - ok
11:54:36.0166 5432 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:54:36.0182 5432 BridgeMP - ok
11:54:36.0244 5432 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:54:36.0260 5432 Browser - ok
11:54:36.0291 5432 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:54:36.0307 5432 Brserid - ok
11:54:36.0338 5432 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:54:36.0353 5432 BrSerWdm - ok
11:54:36.0369 5432 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:54:36.0385 5432 BrUsbMdm - ok
11:54:36.0385 5432 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:54:36.0400 5432 BrUsbSer - ok
11:54:36.0416 5432 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:54:36.0416 5432 BTHMODEM - ok
11:54:36.0494 5432 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:54:36.0509 5432 bthserv - ok
11:54:36.0509 5432 catchme - ok
11:54:36.0541 5432 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:54:36.0556 5432 cdfs - ok
11:54:36.0619 5432 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:54:36.0650 5432 cdrom - ok
11:54:36.0728 5432 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:54:36.0728 5432 CertPropSvc - ok
11:54:36.0806 5432 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys
11:54:36.0806 5432 cfwids - ok
11:54:36.0821 5432 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:54:36.0821 5432 circlass - ok
11:54:36.0868 5432 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:54:36.0884 5432 CLFS - ok
11:54:36.0962 5432 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:54:36.0977 5432 clr_optimization_v2.0.50727_32 - ok
11:54:37.0071 5432 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:54:37.0087 5432 clr_optimization_v2.0.50727_64 - ok
11:54:37.0211 5432 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:54:37.0305 5432 clr_optimization_v4.0.30319_32 - ok
11:54:37.0383 5432 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:54:37.0399 5432 clr_optimization_v4.0.30319_64 - ok
11:54:37.0414 5432 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:54:37.0430 5432 CmBatt - ok
11:54:37.0445 5432 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:54:37.0461 5432 cmdide - ok
11:54:37.0523 5432 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:54:37.0523 5432 CNG - ok
11:54:37.0586 5432 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:54:37.0586 5432 Compbatt - ok
11:54:37.0633 5432 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:54:37.0648 5432 CompositeBus - ok
11:54:37.0679 5432 COMSysApp - ok
11:54:37.0726 5432 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:54:37.0742 5432 crcdisk - ok
11:54:37.0789 5432 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:54:37.0804 5432 CryptSvc - ok
11:54:37.0867 5432 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:54:37.0882 5432 DcomLaunch - ok
11:54:37.0960 5432 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:54:37.0960 5432 defragsvc - ok
11:54:38.0007 5432 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:54:38.0007 5432 DfsC - ok
11:54:38.0069 5432 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:54:38.0085 5432 Dhcp - ok
11:54:38.0132 5432 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:54:38.0132 5432 discache - ok
11:54:38.0194 5432 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:54:38.0194 5432 Disk - ok
11:54:38.0241 5432 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:54:38.0272 5432 Dnscache - ok
11:54:38.0428 5432 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
11:54:38.0428 5432 DockLoginService - ok
11:54:38.0506 5432 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:54:38.0537 5432 dot3svc - ok
11:54:38.0569 5432 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:54:38.0584 5432 DPS - ok
11:54:38.0615 5432 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:54:38.0631 5432 drmkaud - ok
11:54:38.0725 5432 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:54:38.0740 5432 DXGKrnl - ok
11:54:38.0803 5432 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:54:38.0818 5432 EapHost - ok
11:54:39.0052 5432 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:54:39.0115 5432 ebdrv - ok
11:54:39.0255 5432 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:54:39.0255 5432 EFS - ok
11:54:39.0364 5432 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:54:39.0380 5432 ehRecvr - ok
11:54:39.0442 5432 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:54:39.0442 5432 ehSched - ok
11:54:39.0551 5432 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:54:39.0598 5432 elxstor - ok
11:54:39.0645 5432 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:54:39.0661 5432 ErrDev - ok
11:54:39.0739 5432 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:54:39.0785 5432 EventSystem - ok
11:54:39.0832 5432 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:54:39.0863 5432 exfat - ok
11:54:39.0910 5432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:54:39.0910 5432 fastfat - ok
11:54:40.0004 5432 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:54:40.0019 5432 Fax - ok
11:54:40.0066 5432 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:54:40.0066 5432 fdc - ok
11:54:40.0097 5432 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:54:40.0097 5432 fdPHost - ok
11:54:40.0097 5432 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:54:40.0113 5432 FDResPub - ok
11:54:40.0129 5432 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:54:40.0129 5432 FileInfo - ok
11:54:40.0144 5432 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:54:40.0144 5432 Filetrace - ok
11:54:40.0175 5432 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:54:40.0191 5432 flpydisk - ok
11:54:40.0253 5432 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:54:40.0253 5432 FltMgr - ok
11:54:40.0394 5432 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:54:40.0441 5432 FontCache - ok
11:54:40.0597 5432 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:54:40.0612 5432 FontCache3.0.0.0 - ok
11:54:40.0659 5432 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:54:40.0659 5432 FsDepends - ok
11:54:40.0706 5432 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:54:40.0706 5432 Fs_Rec - ok
11:54:40.0768 5432 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:54:40.0784 5432 fvevol - ok
11:54:40.0799 5432 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:54:40.0799 5432 gagp30kx - ok
11:54:40.0909 5432 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
11:54:40.0909 5432 GameConsoleService - ok
11:54:40.0955 5432 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:54:40.0955 5432 GEARAspiWDM - ok
11:54:41.0049 5432 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:54:41.0080 5432 gpsvc - ok
11:54:41.0205 5432 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:41.0205 5432 gupdate - ok
11:54:41.0252 5432 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:54:41.0252 5432 gupdatem - ok
11:54:41.0299 5432 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:54:41.0314 5432 gusvc - ok
11:54:41.0361 5432 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:54:41.0361 5432 hcw85cir - ok
11:54:41.0408 5432 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:54:41.0408 5432 HDAudBus - ok
11:54:41.0423 5432 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:54:41.0439 5432 HidBatt - ok
11:54:41.0455 5432 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:54:41.0455 5432 HidBth - ok
11:54:41.0486 5432 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:54:41.0501 5432 HidIr - ok
11:54:41.0533 5432 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:54:41.0533 5432 hidserv - ok
11:54:41.0579 5432 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:54:41.0579 5432 HidUsb - ok
11:54:41.0611 5432 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:54:41.0626 5432 hkmsvc - ok
11:54:41.0673 5432 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:54:41.0689 5432 HomeGroupListener - ok
11:54:41.0735 5432 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:54:41.0735 5432 HomeGroupProvider - ok
11:54:41.0798 5432 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:54:41.0798 5432 HpSAMD - ok
11:54:41.0891 5432 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:54:41.0907 5432 HTTP - ok
11:54:41.0938 5432 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:54:41.0938 5432 hwpolicy - ok
11:54:41.0985 5432 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:54:41.0985 5432 i8042prt - ok
11:54:42.0110 5432 IAANTMON (7548066df68a8a1a56b043359f915f37) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:54:42.0110 5432 IAANTMON - ok
11:54:42.0172 5432 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
11:54:42.0172 5432 iaStor - ok
11:54:42.0235 5432 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:54:42.0281 5432 iaStorV - ok
11:54:42.0453 5432 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:54:42.0500 5432 idsvc - ok
11:54:42.0983 5432 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:54:43.0171 5432 igfx - ok
11:54:43.0342 5432 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:54:43.0342 5432 iirsp - ok
11:54:43.0467 5432 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:54:43.0483 5432 IKEEXT - ok
11:54:43.0514 5432 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:54:43.0514 5432 intelide - ok
11:54:43.0545 5432 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:54:43.0545 5432 intelppm - ok
11:54:43.0592 5432 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:54:43.0592 5432 IPBusEnum - ok
11:54:43.0639 5432 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:54:43.0639 5432 IpFilterDriver - ok
11:54:43.0717 5432 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:54:43.0732 5432 iphlpsvc - ok
11:54:43.0763 5432 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:54:43.0763 5432 IPMIDRV - ok
11:54:43.0779 5432 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:54:43.0795 5432 IPNAT - ok
11:54:43.0982 5432 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
11:54:43.0982 5432 iPod Service - ok
11:54:44.0013 5432 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:54:44.0013 5432 IRENUM - ok
11:54:44.0044 5432 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:54:44.0060 5432 isapnp - ok
11:54:44.0107 5432 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:54:44.0122 5432 iScsiPrt - ok
11:54:44.0169 5432 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
11:54:44.0169 5432 ivusb - ok
11:54:44.0200 5432 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:54:44.0200 5432 kbdclass - ok
11:54:44.0247 5432 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:54:44.0263 5432 kbdhid - ok
11:54:44.0294 5432 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:54:44.0294 5432 KeyIso - ok
11:54:44.0341 5432 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:54:44.0341 5432 KSecDD - ok
11:54:44.0356 5432 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:54:44.0356 5432 KSecPkg - ok
11:54:44.0403 5432 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:54:44.0419 5432 ksthunk - ok
11:54:44.0481 5432 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:54:44.0481 5432 KtmRm - ok
11:54:44.0528 5432 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:54:44.0543 5432 LanmanServer - ok
11:54:44.0575 5432 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:54:44.0590 5432 LanmanWorkstation - ok
11:54:44.0621 5432 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:54:44.0637 5432 lltdio - ok
11:54:44.0684 5432 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:54:44.0715 5432 lltdsvc - ok
11:54:44.0746 5432 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:54:44.0809 5432 lmhosts - ok
11:54:44.0887 5432 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:54:44.0902 5432 LSI_FC - ok
11:54:44.0933 5432 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:54:44.0933 5432 LSI_SAS - ok
11:54:44.0965 5432 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:54:44.0965 5432 LSI_SAS2 - ok
11:54:45.0199 5432 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:54:45.0214 5432 LSI_SCSI - ok
11:54:45.0292 5432 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:54:45.0292 5432 luafv - ok
11:54:45.0620 5432 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:45.0620 5432 McAfee SiteAdvisor Service - ok
11:54:45.0963 5432 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
11:54:45.0979 5432 McComponentHostService - ok
11:54:46.0010 5432 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:46.0010 5432 McMPFSvc - ok
11:54:46.0025 5432 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:46.0025 5432 mcmscsvc - ok
11:54:46.0041 5432 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:46.0041 5432 McNaiAnn - ok
11:54:46.0057 5432 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:46.0072 5432 McNASvc - ok
11:54:46.0150 5432 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe
11:54:46.0213 5432 McODS - ok
11:54:46.0228 5432 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
11:54:46.0228 5432 McProxy - ok
11:54:46.0447 5432 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
11:54:46.0462 5432 McShield - ok
11:54:46.0790 5432 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:54:46.0805 5432 Mcx2Svc - ok
11:54:46.0915 5432 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:54:46.0915 5432 megasas - ok
11:54:46.0946 5432 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:54:46.0961 5432 MegaSR - ok
11:54:47.0024 5432 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys
11:54:47.0024 5432 mfeapfk - ok
11:54:47.0117 5432 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys
11:54:47.0133 5432 mfeavfk - ok
11:54:47.0180 5432 mfeavfk01 - ok
11:54:47.0227 5432 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
11:54:47.0227 5432 mfefire - ok
11:54:47.0336 5432 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys
11:54:47.0336 5432 mfefirek - ok
11:54:47.0414 5432 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys
11:54:47.0414 5432 mfehidk - ok
11:54:47.0445 5432 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys
11:54:47.0445 5432 mfenlfk - ok
11:54:47.0492 5432 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys
11:54:47.0492 5432 mferkdet - ok
11:54:47.0554 5432 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe
11:54:47.0554 5432 mfevtp - ok
11:54:47.0617 5432 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys
11:54:47.0632 5432 mfewfpk - ok
11:54:47.0679 5432 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:54:47.0695 5432 MMCSS - ok
11:54:47.0741 5432 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:54:47.0757 5432 Modem - ok
11:54:47.0773 5432 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:54:47.0773 5432 monitor - ok
11:54:47.0819 5432 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:54:47.0835 5432 mouclass - ok
11:54:47.0866 5432 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:54:47.0866 5432 mouhid - ok
11:54:47.0897 5432 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:54:47.0897 5432 mountmgr - ok
11:54:47.0944 5432 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:54:47.0975 5432 mpio - ok
11:54:48.0007 5432 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:54:48.0007 5432 mpsdrv - ok
11:54:48.0100 5432 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:54:48.0131 5432 MpsSvc - ok
11:54:48.0178 5432 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:54:48.0209 5432 MRxDAV - ok
11:54:48.0256 5432 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:54:48.0303 5432 mrxsmb - ok
11:54:48.0381 5432 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:54:48.0381 5432 mrxsmb10 - ok
11:54:48.0428 5432 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:54:48.0428 5432 mrxsmb20 - ok
11:54:48.0475 5432 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:54:48.0475 5432 msahci - ok
11:54:48.0568 5432 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:54:48.0599 5432 msdsm - ok
11:54:48.0662 5432 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:54:48.0709 5432 MSDTC - ok
11:54:48.0771 5432 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:54:48.0771 5432 Msfs - ok
11:54:48.0787 5432 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:54:48.0787 5432 mshidkmdf - ok
11:54:48.0833 5432 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:54:48.0833 5432 msisadrv - ok
11:54:48.0880 5432 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:54:48.0896 5432 MSiSCSI - ok
11:54:48.0911 5432 msiserver - ok
11:54:48.0943 5432 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:54:48.0943 5432 MSKSSRV - ok
11:54:48.0974 5432 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:54:48.0974 5432 MSPCLOCK - ok
11:54:48.0989 5432 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:54:48.0989 5432 MSPQM - ok
11:54:49.0052 5432 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:54:49.0052 5432 MsRPC - ok
11:54:49.0067 5432 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:54:49.0067 5432 mssmbios - ok
11:54:49.0083 5432 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:54:49.0083 5432 MSTEE - ok
11:54:49.0099 5432 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:54:49.0114 5432 MTConfig - ok
11:54:49.0145 5432 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:54:49.0145 5432 Mup - ok
11:54:49.0208 5432 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:54:49.0255 5432 napagent - ok
11:54:49.0348 5432 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:54:49.0395 5432 NativeWifiP - ok
11:54:49.0473 5432 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:54:49.0489 5432 NDIS - ok
11:54:49.0551 5432 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:54:49.0551 5432 NdisCap - ok
11:54:49.0613 5432 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:54:49.0613 5432 NdisTapi - ok
11:54:49.0660 5432 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:54:49.0660 5432 Ndisuio - ok
11:54:49.0738 5432 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:54:49.0738 5432 NdisWan - ok
11:54:49.0785 5432 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:54:49.0785 5432 NDProxy - ok
11:54:49.0816 5432 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:54:49.0816 5432 NetBIOS - ok
11:54:49.0879 5432 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:54:49.0879 5432 NetBT - ok
11:54:49.0910 5432 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:54:49.0925 5432 Netlogon - ok
11:54:49.0988 5432 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:54:50.0003 5432 Netman - ok
11:54:50.0050 5432 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:54:50.0066 5432 netprofm - ok
11:54:50.0253 5432 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:54:50.0253 5432 NetTcpPortSharing - ok
11:54:50.0331 5432 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:54:50.0331 5432 nfrd960 - ok
11:54:50.0409 5432 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:54:50.0409 5432 NlaSvc - ok
11:54:50.0440 5432 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:54:50.0440 5432 Npfs - ok
11:54:50.0471 5432 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:54:50.0487 5432 nsi - ok
11:54:50.0487 5432 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:54:50.0503 5432 nsiproxy - ok
11:54:50.0721 5432 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:54:50.0752 5432 Ntfs - ok
11:54:50.0939 5432 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:54:50.0955 5432 Null - ok
11:54:51.0017 5432 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:54:51.0033 5432 nvraid - ok
11:54:51.0049 5432 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:54:51.0080 5432 nvstor - ok
11:54:51.0127 5432 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:54:51.0158 5432 nv_agp - ok
11:54:51.0283 5432 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:54:51.0314 5432 odserv - ok
11:54:51.0345 5432 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:54:51.0345 5432 ohci1394 - ok
11:54:51.0392 5432 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:54:51.0407 5432 ose - ok
11:54:51.0470 5432 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:54:51.0485 5432 p2pimsvc - ok
11:54:51.0548 5432 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:54:51.0563 5432 p2psvc - ok
11:54:51.0610 5432 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:54:51.0610 5432 Parport - ok
11:54:51.0673 5432 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:54:51.0673 5432 partmgr - ok
11:54:51.0688 5432 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:54:51.0719 5432 PcaSvc - ok
11:54:51.0766 5432 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:54:51.0766 5432 pci - ok
11:54:51.0782 5432 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:54:51.0782 5432 pciide - ok
11:54:51.0813 5432 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:54:51.0829 5432 pcmcia - ok
11:54:51.0844 5432 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:54:51.0860 5432 pcw - ok
11:54:51.0922 5432 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:54:51.0953 5432 PEAUTH - ok
11:54:52.0063 5432 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:54:52.0125 5432 PerfHost - ok
11:54:52.0265 5432 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:54:52.0297 5432 pla - ok
11:54:52.0359 5432 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:54:52.0375 5432 PlugPlay - ok
11:54:52.0406 5432 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:54:52.0406 5432 PNRPAutoReg - ok
11:54:52.0453 5432 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:54:52.0453 5432 PNRPsvc - ok
11:54:52.0499 5432 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:54:52.0515 5432 PolicyAgent - ok
11:54:52.0562 5432 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:54:52.0562 5432 Power - ok
11:54:52.0671 5432 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:54:52.0687 5432 PptpMiniport - ok
11:54:52.0733 5432 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:54:52.0733 5432 Processor - ok
11:54:52.0796 5432 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:54:52.0796 5432 ProfSvc - ok
11:54:52.0843 5432 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:54:52.0843 5432 ProtectedStorage - ok
11:54:52.0921 5432 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:54:52.0936 5432 Psched - ok
11:54:52.0967 5432 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
11:54:52.0967 5432 PxHlpa64 - ok
11:54:53.0108 5432 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:54:53.0170 5432 ql2300 - ok
11:54:53.0482 5432 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:54:53.0529 5432 ql40xx - ok
11:54:53.0591 5432 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:54:53.0607 5432 QWAVE - ok
11:54:53.0654 5432 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:54:53.0654 5432 QWAVEdrv - ok
11:54:53.0716 5432 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:54:53.0732 5432 RasAcd - ok
11:54:53.0779 5432 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:54:53.0779 5432 RasAgileVpn - ok
11:54:53.0810 5432 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:54:53.0825 5432 RasAuto - ok
11:54:53.0903 5432 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:54:53.0935 5432 Rasl2tp - ok
11:54:53.0997 5432 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:54:54.0028 5432 RasMan - ok
11:54:54.0091 5432 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:54:54.0106 5432 RasPppoe - ok
11:54:54.0122 5432 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:54:54.0137 5432 RasSstp - ok
11:54:54.0215 5432 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:54:54.0262 5432 rdbss - ok
11:54:54.0293 5432 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:54:54.0293 5432 rdpbus - ok
11:54:54.0325 5432 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:54:54.0325 5432 RDPCDD - ok
11:54:54.0356 5432 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:54:54.0356 5432 RDPENCDD - ok
11:54:54.0387 5432 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:54:54.0387 5432 RDPREFMP - ok
11:54:54.0465 5432 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:54:54.0496 5432 RDPWD - ok
11:54:54.0559 5432 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:54:54.0574 5432 rdyboost - ok
11:54:54.0605 5432 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:54:54.0605 5432 RemoteAccess - ok
11:54:54.0652 5432 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:54:54.0683 5432 RemoteRegistry - ok
11:54:54.0730 5432 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:54:54.0730 5432 RpcEptMapper - ok
11:54:54.0777 5432 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:54:54.0793 5432 RpcLocator - ok
11:54:54.0871 5432 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:54:54.0871 5432 RpcSs - ok
11:54:54.0933 5432 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:54:54.0933 5432 rspndr - ok
11:54:55.0027 5432 RSUSBSTOR (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys
11:54:55.0027 5432 RSUSBSTOR - ok
11:54:55.0120 5432 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:54:55.0120 5432 SamSs - ok
11:54:55.0229 5432 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:54:55.0229 5432 sbp2port - ok
11:54:55.0666 5432 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
11:54:55.0682 5432 SBSDWSCService - ok
11:54:55.0760 5432 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:54:55.0791 5432 SCardSvr - ok
11:54:55.0885 5432 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:54:55.0900 5432 scfilter - ok
11:54:56.0056 5432 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:54:56.0103 5432 Schedule - ok
11:54:56.0150 5432 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:54:56.0150 5432 SCPolicySvc - ok
11:54:56.0243 5432 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:54:56.0290 5432 SDRSVC - ok
11:54:56.0446 5432 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
11:54:56.0446 5432 SeaPort - ok
11:54:56.0680 5432 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:54:56.0680 5432 secdrv - ok
11:54:56.0774 5432 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:54:56.0789 5432 seclogon - ok
11:54:56.0852 5432 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:54:56.0852 5432 SENS - ok
11:54:56.0883 5432 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:54:56.0883 5432 SensrSvc - ok
11:54:56.0977 5432 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:54:56.0977 5432 Serenum - ok
11:54:57.0023 5432 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:54:57.0070 5432 Serial - ok
11:54:57.0242 5432 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:54:57.0273 5432 sermouse - ok
11:54:57.0367 5432 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:54:57.0367 5432 SessionEnv - ok
11:54:57.0476 5432 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:54:57.0476 5432 sffdisk - ok
11:54:57.0538 5432 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:54:57.0554 5432 sffp_mmc - ok
11:54:57.0585 5432 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:54:57.0616 5432 sffp_sd - ok
11:54:57.0835 5432 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:54:57.0835 5432 sfloppy - ok
11:54:58.0209 5432 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
11:54:58.0240 5432 SftService - ok
11:54:58.0475 5432 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:54:58.0522 5432 SharedAccess - ok
11:54:58.0616 5432 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:54:58.0647 5432 ShellHWDetection - ok
11:54:58.0740 5432 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:54:58.0756 5432 SiSRaid2 - ok
11:54:58.0787 5432 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:54:58.0803 5432 SiSRaid4 - ok
11:54:58.0850 5432 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:54:58.0865 5432 Smb - ok
11:54:59.0037 5432 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:54:59.0037 5432 SNMPTRAP - ok
11:54:59.0130 5432 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:54:59.0146 5432 spldr - ok
11:54:59.0224 5432 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:54:59.0255 5432 Spooler - ok
11:54:59.0646 5432 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:54:59.0771 5432 sppsvc - ok
11:54:59.0989 5432 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:55:00.0005 5432 sppuinotify - ok
11:55:00.0192 5432 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:55:00.0208 5432 srv - ok
11:55:00.0302 5432 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:55:00.0302 5432 srv2 - ok
11:55:00.0380 5432 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:55:00.0396 5432 srvnet - ok
11:55:00.0474 5432 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:55:00.0505 5432 SSDPSRV - ok
11:55:00.0568 5432 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:55:00.0583 5432 SstpSvc - ok
11:55:00.0802 5432 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
11:55:00.0817 5432 STacSV - ok
11:55:00.0848 5432 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:55:00.0864 5432 stexstor - ok
11:55:01.0036 5432 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys
11:55:01.0098 5432 STHDA - ok
11:55:01.0316 5432 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:55:01.0379 5432 stisvc - ok
11:55:01.0426 5432 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:55:01.0426 5432 swenum - ok
11:55:01.0550 5432 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:55:01.0566 5432 swprv - ok
11:55:01.0956 5432 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:55:02.0003 5432 SysMain - ok
11:55:02.0174 5432 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:55:02.0174 5432 TabletInputService - ok
11:55:02.0268 5432 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:55:02.0299 5432 TapiSrv - ok
11:55:02.0346 5432 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:55:02.0362 5432 TBS - ok
11:55:02.0611 5432 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:55:02.0658 5432 Tcpip - ok
11:55:03.0142 5432 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:55:03.0157 5432 TCPIP6 - ok
11:55:03.0422 5432 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:55:03.0438 5432 tcpipreg - ok
11:55:03.0485 5432 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:55:03.0500 5432 TDPIPE - ok
11:55:03.0688 5432 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:55:03.0688 5432 TDTCP - ok
11:55:03.0766 5432 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:55:03.0766 5432 tdx - ok
11:55:03.0828 5432 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:55:03.0828 5432 TermDD - ok
11:55:03.0968 5432 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:55:03.0984 5432 TermService - ok
11:55:04.0046 5432 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:55:04.0046 5432 Themes - ok
11:55:04.0156 5432 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:55:04.0156 5432 THREADORDER - ok
11:55:04.0405 5432 TomTomHOMEService (fbd16717fd68b206c4ce3bb3c9ee5cb3) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:55:04.0405 5432 TomTomHOMEService - ok
11:55:04.0499 5432 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:55:04.0499 5432 TrkWks - ok
11:55:04.0592 5432 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:55:04.0624 5432 TrustedInstaller - ok
11:55:04.0670 5432 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:55:04.0670 5432 tssecsrv - ok
11:55:04.0795 5432 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:55:04.0795 5432 TsUsbFlt - ok
11:55:04.0873 5432 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:55:04.0873 5432 tunnel - ok
11:55:04.0951 5432 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:55:04.0951 5432 uagp35 - ok
11:55:05.0076 5432 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:55:05.0123 5432 udfs - ok
11:55:05.0185 5432 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:55:05.0185 5432 UI0Detect - ok
11:55:05.0263 5432 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:55:05.0263 5432 uliagpkx - ok
11:55:05.0357 5432 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:55:05.0372 5432 umbus - ok
11:55:05.0450 5432 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:55:05.0450 5432 UmPass - ok
11:55:05.0528 5432 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:55:05.0528 5432 upnphost - ok
11:55:05.0591 5432 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:55:05.0591 5432 USBAAPL64 - ok
11:55:05.0638 5432 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
11:55:05.0653 5432 usbccgp - ok
11:55:05.0700 5432 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:55:05.0700 5432 usbcir - ok
11:55:05.0747 5432 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:55:05.0747 5432 usbehci - ok
11:55:05.0794 5432 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:55:05.0840 5432 usbhub - ok
11:55:05.0872 5432 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:55:05.0872 5432 usbohci - ok
11:55:05.0918 5432 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:55:05.0918 5432 usbprint - ok
11:55:05.0950 5432 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:55:05.0965 5432 USBSTOR - ok
11:55:05.0996 5432 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:55:06.0012 5432 usbuhci - ok
11:55:06.0043 5432 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:55:06.0059 5432 UxSms - ok
11:55:06.0090 5432 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:55:06.0090 5432 VaultSvc - ok
11:55:06.0215 5432 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:55:06.0230 5432 vdrvroot - ok
11:55:06.0308 5432 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:55:06.0340 5432 vds - ok
11:55:06.0386 5432 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:55:06.0402 5432 vga - ok
11:55:06.0433 5432 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:55:06.0464 5432 VgaSave - ok
11:55:06.0527 5432 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:55:06.0542 5432 vhdmp - ok
11:55:06.0589 5432 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:55:06.0589 5432 viaide - ok
11:55:06.0652 5432 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:55:06.0652 5432 volmgr - ok
11:55:06.0714 5432 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:55:06.0714 5432 volmgrx - ok
11:55:06.0776 5432 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:55:06.0776 5432 volsnap - ok
11:55:06.0823 5432 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:55:06.0870 5432 vsmraid - ok
11:55:07.0073 5432 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:55:07.0104 5432 VSS - ok
11:55:07.0463 5432 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:55:07.0478 5432 vwifibus - ok
11:55:07.0525 5432 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:55:07.0541 5432 vwififlt - ok
11:55:07.0588 5432 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
11:55:07.0588 5432 vwifimp - ok
11:55:07.0681 5432 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:55:07.0728 5432 W32Time - ok
11:55:07.0822 5432 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:55:07.0822 5432 WacomPen - ok
11:55:07.0946 5432 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:55:07.0946 5432 WANARP - ok
11:55:08.0024 5432 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:55:08.0040 5432 Wanarpv6 - ok
11:55:08.0305 5432 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:55:08.0399 5432 WatAdminSvc - ok
11:55:08.0555 5432 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:55:08.0648 5432 wbengine - ok
11:55:08.0820 5432 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:55:08.0836 5432 WbioSrvc - ok
11:55:08.0929 5432 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:55:08.0945 5432 wcncsvc - ok
11:55:08.0976 5432 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:55:08.0976 5432 WcsPlugInService - ok
11:55:09.0070 5432 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:55:09.0085 5432 Wd - ok
11:55:09.0132 5432 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:55:09.0194 5432 Wdf01000 - ok
11:55:09.0241 5432 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:55:09.0241 5432 WdiServiceHost - ok
11:55:09.0241 5432 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:55:09.0241 5432 WdiSystemHost - ok
11:55:09.0304 5432 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:55:09.0335 5432 WebClient - ok
11:55:09.0413 5432 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:55:09.0491 5432 Wecsvc - ok
11:55:09.0522 5432 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:55:09.0522 5432 wercplsupport - ok
11:55:09.0553 5432 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:55:09.0553 5432 WerSvc - ok
11:55:09.0709 5432 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:55:09.0709 5432 WfpLwf - ok
11:55:09.0803 5432 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
11:55:09.0818 5432 WimFltr - ok
11:55:09.0865 5432 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:55:09.0865 5432 WIMMount - ok
11:55:09.0959 5432 WinDefend - ok
11:55:09.0974 5432 WinHttpAutoProxySvc - ok
11:55:10.0115 5432 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:55:10.0193 5432 Winmgmt - ok
11:55:10.0411 5432 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:55:10.0458 5432 WinRM - ok
11:55:10.0926 5432 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:55:10.0942 5432 Wlansvc - ok
11:55:11.0129 5432 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
11:55:11.0129 5432 wltrysvc - ok
11:55:11.0332 5432 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:55:11.0332 5432 WmiAcpi - ok
11:55:11.0784 5432 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:55:11.0784 5432 wmiApSrv - ok
11:55:11.0846 5432 WMPNetworkSvc - ok
11:55:11.0924 5432 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:55:11.0924 5432 WPCSvc - ok
11:55:11.0971 5432 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:55:12.0002 5432 WPDBusEnum - ok
11:55:12.0034 5432 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:55:12.0034 5432 ws2ifsl - ok
11:55:12.0049 5432 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:55:12.0065 5432 wscsvc - ok
11:55:12.0065 5432 WSearch - ok
11:55:12.0330 5432 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:55:12.0408 5432 wuauserv - ok
11:55:12.0642 5432 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:55:12.0658 5432 WudfPf - ok
11:55:12.0720 5432 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:55:12.0736 5432 WUDFRd - ok
11:55:12.0829 5432 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:55:12.0829 5432 wudfsvc - ok
11:55:12.0876 5432 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:55:12.0923 5432 WwanSvc - ok
11:55:13.0001 5432 yukonw7 (79d9ce9614c955dd31aa2556b4014662) C:\Windows\system32\DRIVERS\yk62x64.sys
11:55:13.0001 5432 yukonw7 - ok
11:55:13.0032 5432 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
11:55:13.0391 5432 \Device\Harddisk0\DR0 - ok
11:55:13.0438 5432 Boot (0x1200) (da95cc62c3dd36d8f886bc7d401d0b4b) \Device\Harddisk0\DR0\Partition0
11:55:13.0438 5432 \Device\Harddisk0\DR0\Partition0 - ok
11:55:13.0453 5432 Boot (0x1200) (d55f103d8f93626bc96715ce52a9f530) \Device\Harddisk0\DR0\Partition1
11:55:13.0453 5432 \Device\Harddisk0\DR0\Partition1 - ok
11:55:13.0453 5432 ============================================================
11:55:13.0453 5432 Scan finished
11:55:13.0453 5432 ============================================================
11:55:13.0469 5536 Detected object count: 0
11:55:13.0469 5536 Actual detected object count: 0

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-11 12:03:30
-----------------------------
12:03:30.560 OS Version: Windows x64 6.1.7601 Service Pack 1
12:03:30.560 Number of processors: 2 586 0x170A
12:03:30.560 ComputerName: DELL UserName:
12:03:31.371 Initialize success
12:06:39.269 AVAST engine defs: 12081100
12:06:47.225 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:06:47.241 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
12:06:47.256 Disk 0 MBR read successfully
12:06:47.256 Disk 0 MBR scan
12:06:47.272 Disk 0 Windows VISTA default MBR code
12:06:47.287 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
12:06:47.303 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
12:06:47.319 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290204 MB offset 30801920
12:06:47.350 Disk 0 scanning C:\Windows\system32\drivers
12:07:00.096 Service scanning
12:07:25.074 Modules scanning
12:07:25.074 Disk 0 trace - called modules:
12:07:25.136 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:07:25.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003322060]
12:07:25.152 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002e60050]
12:07:26.525 AVAST engine scan C:\Windows
12:07:33.155 AVAST engine scan C:\Windows\system32
12:11:53.009 AVAST engine scan C:\Windows\system32\drivers
12:12:07.815 AVAST engine scan C:\Users\Craig
12:16:53.191 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
12:16:53.207 The log file has been saved successfully to "E:\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 10:32 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\kpbpbvqkgdkauxe
c:\users\Craig\AppData\Roaming\Hon
c:\users\Craig\AppData\Roaming\Uwryna

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

[b]"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 01:03 PM

ComboFix 12-08-09.01 - Craig 11/08/2012 17:34:35.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1816 [GMT 1:00]
Running from: c:\users\Craig\Desktop\ComboFix.exe
Command switches used :: c:\users\Craig\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Dell
c:\programdata\Dell\DellDock\error_log.txt
c:\programdata\kpbpbvqkgdkauxe
c:\programdata\kpbpbvqkgdkauxe\btn-green.png
c:\programdata\kpbpbvqkgdkauxe\corners-btn.png
c:\programdata\kpbpbvqkgdkauxe\corners1.png
c:\programdata\kpbpbvqkgdkauxe\corners2.png
c:\programdata\kpbpbvqkgdkauxe\corners3.png
c:\programdata\kpbpbvqkgdkauxe\corners4.png
c:\programdata\kpbpbvqkgdkauxe\ie6-7.css
c:\programdata\kpbpbvqkgdkauxe\main.html
c:\programdata\kpbpbvqkgdkauxe\McAfee.png
c:\programdata\kpbpbvqkgdkauxe\pay20.png
c:\programdata\kpbpbvqkgdkauxe\pay21.png
c:\programdata\kpbpbvqkgdkauxe\pay23.png
c:\programdata\kpbpbvqkgdkauxe\steps-en.png
c:\programdata\kpbpbvqkgdkauxe\style.css
c:\programdata\kpbpbvqkgdkauxe\tabs.png
c:\programdata\kpbpbvqkgdkauxe\uk-flag.png
c:\programdata\kpbpbvqkgdkauxe\uk-image.png
c:\programdata\kpbpbvqkgdkauxe\wait.html
c:\users\Craig\AppData\Roaming\Hon
c:\users\Craig\AppData\Roaming\Hon\ywcauxd.kyb
c:\users\Craig\AppData\Roaming\Hon\ywcauxd.tmp
c:\users\Craig\AppData\Roaming\Uwryna
c:\users\Craig\AppData\Roaming\Uwryna\obhu.qui
c:\users\Craig\AppData\Roaming\Uwryna\obhu.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 16:43 . 2012-08-11 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 09:05 . 2012-08-11 09:05 -------- d-----w- c:\program files\CCleaner
2012-08-10 21:13 . 2012-08-10 21:14 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-10 21:05 . 2012-08-10 21:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-10 20:59 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-08-10 20:59 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-08-10 20:49 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{604E5609-3486-4C27-94A9-770BA9C76184}\mpengine.dll
2012-08-10 16:05 . 2012-08-10 20:38 -------- d-----w- c:\programdata\HitmanPro
2012-08-10 15:34 . 2012-08-10 15:34 -------- d-----w- c:\program files (x86)\Oracle
2012-08-10 14:26 . 2012-08-10 14:26 -------- d-----w- c:\users\Craig\AppData\Roaming\Simply Super Software
2012-08-10 14:26 . 2012-08-10 20:38 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-08-10 14:26 . 2012-08-10 14:26 -------- d-----w- c:\programdata\Simply Super Software
2012-08-10 13:54 . 2012-08-11 09:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-10 13:54 . 2012-08-10 21:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 18:30 . 2012-04-09 18:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 18:30 . 2011-09-26 18:45 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-10 22:13 . 2010-04-14 08:37 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 21:06 . 2012-05-02 12:32 772544 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-05 21:06 . 2010-05-03 08:32 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-10 22:17 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-10 21:40 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-10 21:40 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-10 21:40 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-10 21:39 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-10 21:40 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-10 21:40 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-10 21:39 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 12:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 12:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 12:43 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 12:43 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 12:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 12:43 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 12:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-23 12:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-23 12:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-10 22:12 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-10 22:12 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-10 22:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-10 22:12 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-10 22:12 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-10 22:12 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-10 22:12 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-10 22:12 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-10 22:12 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-10 22:12 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-10 22:12 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-10 22:12 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-10 22:12 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-10 22:12 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-10 22:12 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-10 22:12 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-10 22:12 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-10 22:12 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-10 22:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-10 21:39 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-10 21:39 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-10 21:39 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-10 21:39 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-10 21:39 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-10 21:39 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-10 21:39 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-10 21:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-10 21:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 11:25 . 2011-11-18 22:17 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-11_09.46.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-07 18:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-11 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-07 18:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 16:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-07 18:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 16:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-04-02 11:23 . 2012-08-11 10:54 27106 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-11 10:54 32276 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-07 16:32 . 2012-08-11 16:44 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-07 16:32 . 2012-08-11 09:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-07 16:32 . 2012-08-11 16:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-04-07 16:32 . 2012-08-11 09:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 16:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-11 09:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-08-11 09:48 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-04-07 17:25 . 2012-08-11 10:54 5462 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-433087379-1333064702-3876645287-1001_UserData.bin
- 2012-08-11 09:40 . 2012-08-11 09:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-11 16:44 . 2012-08-11 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-11 16:44 . 2012-08-11 16:44 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-11 09:40 . 2012-08-11 09:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-04-16 07:33 . 2012-08-11 16:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-04-16 07:33 . 2011-04-16 07:33 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-17 16:06 . 2012-08-11 16:27 226670 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:12 . 2012-08-11 08:54 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-08-11 16:52 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-04-10 20:47 . 2012-08-11 16:43 675584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-04-10 20:47 . 2012-08-11 08:07 675584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-11 09:39 274964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-11 16:43 274964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-18 21:53 . 2012-08-11 09:39 2264537 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-433087379-1333064702-3876645287-1001-8192.dat
+ 2011-05-18 21:53 . 2012-08-11 16:43 2264537 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-433087379-1333064702-3876645287-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-07 39408]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify Web Helper"="c:\users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-27 1193176]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2012-04-12 559616]
.
c:\users\Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-16 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-28 1255736]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-05-08 215552]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-05-20 393728]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:30]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 17:29]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-07 17:29]
.
2012-07-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-11 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bt.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2012-08-11 18:59:38 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 17:59
ComboFix2.txt 2012-08-11 09:52
.
Pre-Run: 234,314,072,064 bytes free
Post-Run: 234,196,480,000 bytes free
.
- - End Of File - - EBA45B6B85779D3082E7C9958BC2D242

Computer seems to be behaving normally at the moment :-)

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 01:13 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 01:24 PM

Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
BT NetProtect Plus
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Express Rip
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java™ 6 Update 32
Java™ 7 Update 5
JavaFX 2.1.1
Juniper Networks Setup Client
Junk Mail filter update
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSVCRT
PowerDVD DX
QuickTime
Roxio Burn
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Spotify
Spybot - Search & Destroy
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VoiceOver Kit
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Yahoo! BrowserPlus 2.9.2

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 01:36 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Java™ 6 Update 32
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 02:21 PM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Craig :: DELL [administrator]

Protection: Enabled

11/08/2012 20:13:16
mbam-log-2012-08-11 (20-13-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196831
Time elapsed: 3 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:19:51, on 11/08/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\Craig\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120628222547.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://my.ppg.eu/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13801 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 AM

Posted 11 August 2012 - 02:30 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
      O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Craig\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Dawny123

Dawny123
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 11 August 2012 - 05:34 PM

Hi,

Here is the ESET log:


C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application


Thank you for your help, it is getting late here now so I will have to pick this up again tomorrow.

Kind regards

Dawn




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users