Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win64/Sirefef.B - MSE, Windows Firewall, Windows Update will not turn on - Restarts every minute when attempt to use M Security Essentials


  • This topic is locked This topic is locked
29 replies to this topic

#1 StuckDragonfly

StuckDragonfly

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 11 August 2012 - 02:01 PM

I recently downloaded the Sims 3 Pets from Origin. Think it's possibly not a coincidence that when I searched through the similar topics for the virus that people had the Sims 3 in their files. I checked the file location for something MalwareBytes picked up and it was created the day I downloaded this game. I can't seem to get rid of this virus. Microsoft Security Essentials, Windows Firewall and Windows Update will not turn on. When I scan with M Security Essentials and with M Security Scanner it gets to a certain point and then comes up saying there is a critical error and the laptop will restart in one minute. What can I do to get rid of this virus? I've uninstalled M Security Essentials now and have installed MalwareBytes. My details are:

64 Bit Operating System
Dell Inspiron N7010
Windows 7 Home Premium

The same restarting seems to happen on MalwareBytes. It's got to the same file on a quick scan three times:

C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U

There are three files inside:

00000001.@
800000cb.@
80000000.@

Once it's identified it, it says it urgently needs to restart.

Microsoft Security Essentials identified it as Win64/Sirefef.B

From MalwareBytes:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Bethany :: BETHANY-PC [administrator]

Protection: Disabled

11/08/2012 19:46:55
mbam-log-2012-08-11 (19-46-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 195309
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@ (RootKit.0Access.H) -> Quarantined and deleted successfully.

(end)

Am going to do the Farbar scan other people seem to do.

This is also what was asked for:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by Bethany at 20:40:26 on 2012-08-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2445 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\SkypeMate\SkypeMate.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [Google Update] "C:\Users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\Bethany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Bethany\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYPEM~1.LNK - C:\Program Files (x86)\SkypeMate\SkypeMate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DD206963-A749-461F-91DD-650B060B3655} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E165CA10-A1CE-47B2-9855-2888EB49FBA6} : DhcpNameServer = 172.21.124.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\d928ww13.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Wolfram Research\Browser\8.0.4.2609412\npmathplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bethany\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bethany\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Bethany\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-3-12 98208]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-3-12 705856]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-12 2533400]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-11 655944]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-9 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-8 136176]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-11 19:21:41 -------- d-----w- C:\FRST
2012-08-11 17:55:46 328704 ----a-w- C:\Windows\System32\services.exe.D80990AE1303698A
2012-08-11 17:47:19 -------- d-----w- C:\Users\Bethany\AppData\Roaming\Malwarebytes
2012-08-11 17:46:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-11 17:46:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-11 17:46:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-11 17:14:22 328704 ----a-w- C:\Windows\System32\services.exe.8C59D09F16B09653
2012-08-11 17:08:02 328704 ----a-w- C:\Windows\System32\services.exe.0E6597D679960A22
2012-08-11 10:26:56 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-11 10:24:02 -------- d--h--w- C:\ProgramData\Common Files
2012-08-11 10:24:02 -------- d-----w- C:\ProgramData\MFAData
2012-08-11 09:40:39 328704 ----a-w- C:\Windows\System32\services.exe.DD13055FB3D46C40
2012-08-11 09:29:40 328704 ----a-w- C:\Windows\System32\services.exe.28955D1542FA7C4A
2012-08-11 05:45:22 -------- d-----w- C:\Users\Bethany\AppData\Local\{234604D3-FE08-496E-90F1-BABA8BA436BA}
2012-08-11 05:45:01 -------- d-----w- C:\Users\Bethany\AppData\Local\{D7B3C9E6-9C5C-4122-A499-D5589EBD3A3F}
2012-08-10 17:56:44 328704 ----a-w- C:\Windows\System32\services.exe.66EC58DB49070EC9
2012-08-10 09:20:47 -------- d--h--w- C:\Windows\AxInstSV
2012-08-10 06:41:45 328704 ----a-w- C:\Windows\System32\services.exe.6AA1C8156C214009
2012-08-10 06:14:05 -------- d-----w- C:\Users\Bethany\AppData\Local\Macromedia
2012-08-10 05:24:24 -------- d-----w- C:\Users\Bethany\AppData\Local\{157BF054-534D-4D0D-BEAC-830B656700F4}
2012-08-10 05:24:01 -------- d-----w- C:\Users\Bethany\AppData\Local\{C18C6B1F-DEDE-4415-852A-AFC69CB191EA}
2012-08-09 19:30:46 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-09 19:24:11 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-08-09 16:28:48 -------- d-----w- C:\ProgramData\EA Core
2012-08-09 07:26:12 -------- d-----w- C:\Users\Bethany\AppData\Local\{3DF11251-9326-4674-9C45-F9D4ACE0ED71}
2012-08-09 07:25:51 -------- d-----w- C:\Users\Bethany\AppData\Local\{8502F9A5-6544-4B5A-A622-E8D5D1EE6F58}
2012-08-07 07:03:30 -------- d-----w- C:\Users\Bethany\AppData\Local\{0F31874B-CDD8-46D0-A840-482B5BF55A76}
2012-08-07 07:03:09 -------- d-----w- C:\Users\Bethany\AppData\Local\{2178CC94-7D5A-466E-BC04-D60E71D56168}
2012-08-07 02:07:39 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-08-10 05:55:08 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 14:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 14:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-03-19 23:24:10 3993600 ----a-w- C:\Program Files (x86)\GUTC4CB.tmp
.
============= FINISH: 20:40:41.50 ===============

Attached Files


Edited by StuckDragonfly, 11 August 2012 - 02:46 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 01:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 03:42 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 22
Java™ 6 Update 31
Java version out of Date!
Adobe Reader X (10.1.1)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Combofix did not produce a log???

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 03:50 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)

[*]Second Type the following in the edit box after "Search:". services.exe
[*]Click the Search button
[*]It will make a log (Search.txt)
[/list]
I want you to poste Both the FRST.txt report and the Search.txt into your reply to me

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 04:36 AM

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 12-08-2012 12:26:10
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [161304 2010-07-29] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2010-07-29] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [415256 2010-07-29] (Intel Corporation)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [207845 2011-05-30] ()
HKLM\...\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [4144448 2010-11-10] (Dell, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2825741 2011-05-30] ()
HKLM-x32\...\Run: [Conime] %windir%\system32\conime.exe [x]
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2922496 2011-06-16] (Eastman Kodak Company)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [x]
HKU\Bethany\...\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [x]
HKU\Bethany\...\Run: [Google Update] "C:\Users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-15] (Google Inc.)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-04] (Dell)
HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Bethany\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Bethany\Start Menu\Programs\Startup\SkypeMate.lnk
ShortcutTarget: SkypeMate.lnk -> C:\Program Files (x86)\SkypeMate\SkypeMate.exe (Yealink)

==================== Services (Whitelisted) ======

3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 RoxWatch12; "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe" [219632 2010-11-25] (Sonic Solutions)
3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2010-11-08] (MicroVision Development, Inc.)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-07-01] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

0 2797f20f81f8c8c1; C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys [83408 2012-08-10] () ATTENTION =====> Rootkit?
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-11] (AVG Technologies)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-12 03:28 - 2012-08-12 11:20 - 00000000 ____D C:\Qoobox
2012-08-12 03:27 - 2012-08-12 03:27 - 00000081 ____A C:\Users\Bethany\Desktop\Win64Sirefef.B - MSE, Windows Firewall, Windows Update will not turn on - Restarts every minute when attempt to use M Securi.URL
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{C2310892-0F73-40CB-837D-A32147BABA68}
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{9DB89521-D0BC-40A0-8E4C-D09537C9339A}
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\Local Settings\{C2310892-0F73-40CB-837D-A32147BABA68}
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\Local Settings\{9DB89521-D0BC-40A0-8E4C-D09537C9339A}
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\AppData\Local\{C2310892-0F73-40CB-837D-A32147BABA68}
2012-08-12 01:13 - 2012-08-12 01:13 - 00000000 ____D C:\Users\Bethany\AppData\Local\{9DB89521-D0BC-40A0-8E4C-D09537C9339A}
2012-08-11 17:07 - 2012-08-11 17:07 - 56469504 ____A C:\Users\Bethany\Downloads\eav_nt64_enu.msi
2012-08-11 17:06 - 2012-08-11 17:06 - 01378744 ____A (ESET) C:\Users\Bethany\Downloads\eset_nod32_antivirus_live_installer(1).exe
2012-08-11 17:01 - 2012-08-11 17:01 - 01378744 ____A (ESET) C:\Users\Bethany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-11 16:59 - 2012-08-11 17:01 - 00000000 ____D C:\Users\All Users\ESET
2012-08-11 16:59 - 2012-08-11 17:01 - 00000000 ____D C:\Users\All Users\Application Data\ESET
2012-08-11 16:59 - 2012-08-11 17:01 - 00000000 ____D C:\Program Files\ESET
2012-08-11 16:57 - 2012-08-11 16:57 - 01374624 ____A (ESET) C:\Users\Bethany\Downloads\eset_smart_security_live_installer.exe
2012-08-11 16:53 - 2012-08-11 16:53 - 00000145 ____A C:\Users\Bethany\Desktop\ESET Download For Home.URL
2012-08-11 15:36 - 2012-08-11 15:36 - 02322184 ____A (ESET) C:\Users\Bethany\Downloads\esetsmartinstaller_enu.exe
2012-08-11 15:36 - 2012-08-11 15:36 - 00000000 ____D C:\Program Files (x86)\ESET
2012-08-11 14:49 - 2012-08-12 03:44 - 00000000 ____D C:\Users\Bethany\Desktop\Virus Details
2012-08-11 14:36 - 2012-08-11 14:36 - 00607260 ____R (Swearware) C:\Users\Bethany\Downloads\dds.com
2012-08-11 14:35 - 2012-08-11 14:35 - 00000000 ____A C:\Users\Bethany\defogger_reenable
2012-08-11 14:34 - 2012-08-11 14:34 - 00050477 ____A C:\Users\Bethany\Downloads\Defogger.exe
2012-08-11 14:22 - 2012-08-11 14:24 - 00022476 ____A C:\Users\Bethany\Downloads\FRST.txt
2012-08-11 14:22 - 2012-08-11 14:22 - 01439703 ____A (Farbar) C:\Users\Bethany\Downloads\FRST64(1).exe
2012-08-11 14:21 - 2012-08-11 14:23 - 00000000 ____D C:\FRST
2012-08-11 14:21 - 2012-08-11 14:21 - 01439703 ____A (Farbar) C:\Users\Bethany\Downloads\FRST64.exe
2012-08-11 12:55 - 2012-08-11 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D80990AE1303698A
2012-08-11 12:47 - 2012-08-11 12:47 - 00000000 ____D C:\Users\Bethany\Application Data\Malwarebytes
2012-08-11 12:47 - 2012-08-11 12:47 - 00000000 ____D C:\Users\Bethany\AppData\Roaming\Malwarebytes
2012-08-11 12:46 - 2012-08-11 12:46 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-11 12:46 - 2012-08-11 12:46 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes
2012-08-11 12:45 - 2012-08-11 12:46 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bethany\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-11 12:14 - 2012-08-11 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C59D09F16B09653
2012-08-11 12:08 - 2012-08-11 12:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E6597D679960A22
2012-08-11 12:03 - 2012-08-11 12:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(4).exe
2012-08-11 11:52 - 2012-08-11 11:53 - 74550304 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\msert(1).exe
2012-08-11 08:01 - 2012-08-11 08:01 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(3).exe
2012-08-11 07:21 - 2012-08-11 07:21 - 74544184 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\msert.exe
2012-08-11 05:26 - 2012-08-11 05:26 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-11 05:24 - 2012-08-11 06:36 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-11 05:24 - 2012-08-11 06:36 - 00000000 ____D C:\Users\All Users\Application Data\MFAData
2012-08-11 05:23 - 2012-08-11 05:23 - 03879800 ____A (AVG Technologies) C:\Users\Bethany\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-11 04:40 - 2012-08-11 04:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD13055FB3D46C40
2012-08-11 04:31 - 2012-08-12 05:22 - 00001008 ____A C:\Windows\setupact.log
2012-08-11 04:31 - 2012-08-11 04:31 - 00000000 ____A C:\Windows\setuperr.log
2012-08-11 04:29 - 2012-08-11 04:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28955D1542FA7C4A
2012-08-11 04:16 - 2012-08-11 04:16 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(2).exe
2012-08-11 04:10 - 2012-08-11 04:10 - 05154304 ____A C:\Users\Bethany\Downloads\WindowsDefender.msi
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{D7B3C9E6-9C5C-4122-A499-D5589EBD3A3F}
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{234604D3-FE08-496E-90F1-BABA8BA436BA}
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\Local Settings\{D7B3C9E6-9C5C-4122-A499-D5589EBD3A3F}
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\Local Settings\{234604D3-FE08-496E-90F1-BABA8BA436BA}
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\AppData\Local\{D7B3C9E6-9C5C-4122-A499-D5589EBD3A3F}
2012-08-11 00:45 - 2012-08-11 00:45 - 00000000 ____D C:\Users\Bethany\AppData\Local\{234604D3-FE08-496E-90F1-BABA8BA436BA}
2012-08-10 12:56 - 2012-08-10 12:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66EC58DB49070EC9
2012-08-10 12:40 - 2012-08-10 12:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(1).exe
2012-08-10 04:20 - 2012-08-10 04:20 - 00000000 ___HD C:\Windows\AxInstSV
2012-08-10 01:41 - 2012-08-10 01:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AA1C8156C214009
2012-08-10 01:27 - 2012-08-10 01:27 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall.exe
2012-08-10 01:14 - 2012-08-10 01:14 - 00000000 ____D C:\Users\Bethany\Local Settings\Macromedia
2012-08-10 01:14 - 2012-08-10 01:14 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\Macromedia
2012-08-10 01:14 - 2012-08-10 01:14 - 00000000 ____D C:\Users\Bethany\AppData\Local\Macromedia
2012-08-10 00:25 - 2012-08-10 00:25 - 00083408 ____A C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{C18C6B1F-DEDE-4415-852A-AFC69CB191EA}
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{157BF054-534D-4D0D-BEAC-830B656700F4}
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\Local Settings\{C18C6B1F-DEDE-4415-852A-AFC69CB191EA}
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\Local Settings\{157BF054-534D-4D0D-BEAC-830B656700F4}
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\AppData\Local\{C18C6B1F-DEDE-4415-852A-AFC69CB191EA}
2012-08-10 00:24 - 2012-08-10 00:24 - 00000000 ____D C:\Users\Bethany\AppData\Local\{157BF054-534D-4D0D-BEAC-830B656700F4}
2012-08-09 14:30 - 2012-08-11 15:55 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-09 14:30 - 2012-08-10 00:55 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-09 14:30 - 2012-08-09 14:30 - 00000000 ____D C:\Windows\System32\Macromed
2012-08-09 14:24 - 2012-08-09 14:24 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-09 11:49 - 2012-08-09 11:49 - 00000000 __RHD C:\Users\Bethany\Application Data\SecuROM
2012-08-09 11:49 - 2012-08-09 11:49 - 00000000 __RHD C:\Users\Bethany\AppData\Roaming\SecuROM
2012-08-09 11:28 - 2012-08-09 11:28 - 00000000 ____D C:\Users\All Users\EA Core
2012-08-09 11:28 - 2012-08-09 11:28 - 00000000 ____D C:\Users\All Users\Application Data\EA Core
2012-08-09 11:04 - 2012-08-09 11:04 - 00000539 ____A C:\Windows\KB893803v2.log
2012-08-09 11:03 - 2012-08-09 11:03 - 16909472 ____A (Electronic Arts, Inc.) C:\Users\Bethany\Downloads\OriginThinSetup.exe
2012-08-09 02:26 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{3DF11251-9326-4674-9C45-F9D4ACE0ED71}
2012-08-09 02:26 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\Local Settings\{3DF11251-9326-4674-9C45-F9D4ACE0ED71}
2012-08-09 02:26 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\AppData\Local\{3DF11251-9326-4674-9C45-F9D4ACE0ED71}
2012-08-09 02:25 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{8502F9A5-6544-4B5A-A622-E8D5D1EE6F58}
2012-08-09 02:25 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\Local Settings\{8502F9A5-6544-4B5A-A622-E8D5D1EE6F58}
2012-08-09 02:25 - 2012-08-09 02:26 - 00000000 ____D C:\Users\Bethany\AppData\Local\{8502F9A5-6544-4B5A-A622-E8D5D1EE6F58}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{2178CC94-7D5A-466E-BC04-D60E71D56168}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\Local Settings\Application Data\{0F31874B-CDD8-46D0-A840-482B5BF55A76}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\Local Settings\{2178CC94-7D5A-466E-BC04-D60E71D56168}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\Local Settings\{0F31874B-CDD8-46D0-A840-482B5BF55A76}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\AppData\Local\{2178CC94-7D5A-466E-BC04-D60E71D56168}
2012-08-07 02:03 - 2012-08-07 02:03 - 00000000 ____D C:\Users\Bethany\AppData\Local\{0F31874B-CDD8-46D0-A840-482B5BF55A76}
2012-08-06 21:07 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-08-06 11:16 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-08-06 11:16 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-08-06 11:16 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-08-06 11:16 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-08-06 11:16 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-08-06 11:16 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-08-06 11:16 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-08-06 11:16 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-08-06 11:16 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-08-06 11:16 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-08-06 11:16 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-08-06 11:16 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-08-06 11:16 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-08-06 11:16 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-08-06 11:16 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-08-06 11:16 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-08-06 11:16 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-08-06 11:16 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-08-06 11:16 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll


============ 3 Months Modified Files ========================

2012-08-12 05:22 - 2012-08-11 04:31 - 00001008 ____A C:\Windows\setupact.log
2012-08-12 05:22 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-12 03:27 - 2012-08-12 03:27 - 00000081 ____A C:\Users\Bethany\Desktop\Win64Sirefef.B - MSE, Windows Firewall, Windows Update will not turn on - Restarts every minute when attempt to use M Securi.URL
2012-08-11 17:07 - 2012-08-11 17:07 - 56469504 ____A C:\Users\Bethany\Downloads\eav_nt64_enu.msi
2012-08-11 17:06 - 2012-08-11 17:06 - 01378744 ____A (ESET) C:\Users\Bethany\Downloads\eset_nod32_antivirus_live_installer(1).exe
2012-08-11 17:02 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-11 17:02 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-11 17:01 - 2012-08-11 17:01 - 01378744 ____A (ESET) C:\Users\Bethany\Downloads\eset_nod32_antivirus_live_installer.exe
2012-08-11 17:01 - 2009-07-14 00:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-11 16:57 - 2012-08-11 16:57 - 01374624 ____A (ESET) C:\Users\Bethany\Downloads\eset_smart_security_live_installer.exe
2012-08-11 16:55 - 2011-09-08 05:28 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-11 16:53 - 2012-08-11 16:53 - 00000145 ____A C:\Users\Bethany\Desktop\ESET Download For Home.URL
2012-08-11 16:34 - 2011-09-08 05:28 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-11 16:17 - 2011-12-10 17:34 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001UA.job
2012-08-11 15:55 - 2012-08-09 14:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-11 15:36 - 2012-08-11 15:36 - 02322184 ____A (ESET) C:\Users\Bethany\Downloads\esetsmartinstaller_enu.exe
2012-08-11 14:36 - 2012-08-11 14:36 - 00607260 ____R (Swearware) C:\Users\Bethany\Downloads\dds.com
2012-08-11 14:35 - 2012-08-11 14:35 - 00000000 ____A C:\Users\Bethany\defogger_reenable
2012-08-11 14:34 - 2012-08-11 14:34 - 00050477 ____A C:\Users\Bethany\Downloads\Defogger.exe
2012-08-11 14:24 - 2012-08-11 14:22 - 00022476 ____A C:\Users\Bethany\Downloads\FRST.txt
2012-08-11 14:22 - 2012-08-11 14:22 - 01439703 ____A (Farbar) C:\Users\Bethany\Downloads\FRST64(1).exe
2012-08-11 14:21 - 2012-08-11 14:21 - 01439703 ____A (Farbar) C:\Users\Bethany\Downloads\FRST64.exe
2012-08-11 14:07 - 2011-03-11 23:41 - 00036886 ____A C:\Windows\PFRO.log
2012-08-11 13:44 - 2012-04-18 04:04 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-08-11 13:14 - 2011-09-10 13:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-11 12:55 - 2012-08-11 12:55 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D80990AE1303698A
2012-08-11 12:46 - 2012-08-11 12:45 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Bethany\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-11 12:14 - 2012-08-11 12:14 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8C59D09F16B09653
2012-08-11 12:08 - 2012-08-11 12:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0E6597D679960A22
2012-08-11 12:06 - 2009-07-14 00:10 - 02070150 ____A C:\Windows\WindowsUpdate.log
2012-08-11 12:04 - 2011-09-10 13:07 - 00787942 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-11 12:03 - 2012-08-11 12:03 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(4).exe
2012-08-11 11:53 - 2012-08-11 11:52 - 74550304 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\msert(1).exe
2012-08-11 11:47 - 2012-04-18 04:04 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-08-11 11:17 - 2011-12-10 17:34 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001Core.job
2012-08-11 08:01 - 2012-08-11 08:01 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(3).exe
2012-08-11 07:21 - 2012-08-11 07:21 - 74544184 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\msert.exe
2012-08-11 05:26 - 2012-08-11 05:26 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-11 05:23 - 2012-08-11 05:23 - 03879800 ____A (AVG Technologies) C:\Users\Bethany\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-11 04:40 - 2012-08-11 04:40 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.DD13055FB3D46C40
2012-08-11 04:31 - 2012-08-11 04:31 - 00000000 ____A C:\Windows\setuperr.log
2012-08-11 04:29 - 2012-08-11 04:29 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.28955D1542FA7C4A
2012-08-11 04:16 - 2012-08-11 04:16 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(2).exe
2012-08-11 04:10 - 2012-08-11 04:10 - 05154304 ____A C:\Users\Bethany\Downloads\WindowsDefender.msi
2012-08-10 12:56 - 2012-08-10 12:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66EC58DB49070EC9
2012-08-10 12:40 - 2012-08-10 12:40 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall(1).exe
2012-08-10 01:41 - 2012-08-10 01:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AA1C8156C214009
2012-08-10 01:27 - 2012-08-10 01:27 - 12621696 ____A (Microsoft Corporation) C:\Users\Bethany\Downloads\mseinstall.exe
2012-08-10 00:55 - 2012-08-09 14:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-10 00:55 - 2011-08-06 15:34 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-10 00:25 - 2012-08-10 00:25 - 00083408 ____A C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys
2012-08-09 11:04 - 2012-08-09 11:04 - 00000539 ____A C:\Windows\KB893803v2.log
2012-08-09 11:03 - 2012-08-09 11:03 - 16909472 ____A (Electronic Arts, Inc.) C:\Users\Bethany\Downloads\OriginThinSetup.exe
2012-08-06 21:25 - 2009-07-13 23:45 - 00369088 ____A C:\Windows\System32\FNTCACHE.DAT
2012-08-06 21:01 - 2011-08-11 13:40 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-18 13:59 - 2012-06-18 13:59 - 00000081 ____A C:\Users\Bethany\Desktop\Brain Atlas.URL
2012-06-18 13:57 - 2012-06-18 13:57 - 00000079 ____A C:\Users\Bethany\Desktop\Cognition.URL
2012-06-18 13:53 - 2012-06-18 13:53 - 00000064 ____A C:\Users\Bethany\Desktop\Home Nature Neuroscience.URL
2012-06-18 06:37 - 2012-06-18 06:37 - 03862112 ____A (Piriform Ltd) C:\Users\Bethany\Downloads\ccsetup319.exe
2012-06-18 06:18 - 2012-06-18 06:18 - 03594744 ____A (Piriform Ltd) C:\Users\Bethany\Downloads\dfsetup210.exe
2012-06-17 17:29 - 2012-06-17 17:29 - 00000060 ____A C:\Users\Bethany\Desktop\WordPress.com Log In.URL
2012-06-14 15:51 - 2011-08-08 12:16 - 00020480 ____A C:\Users\Bethany\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-14 15:51 - 2011-08-08 12:16 - 00020480 ____A C:\Users\Bethany\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-14 15:51 - 2011-08-08 12:16 - 00020480 ____A C:\Users\Bethany\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-11 22:08 - 2012-08-06 21:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 00:43 - 2012-08-06 11:16 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 23:41 - 2012-08-06 11:16 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 01:06 - 2012-08-06 11:16 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 01:06 - 2012-08-06 11:16 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 01:02 - 2012-08-06 11:16 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 00:05 - 2012-08-06 11:16 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 00:05 - 2012-08-06 11:16 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 00:03 - 2012-08-06 11:16 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 17:19 - 2012-06-21 01:55 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 01:55 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 01:55 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 01:55 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 01:55 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 01:55 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 01:55 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 09:19 - 2012-06-21 01:55 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 09:15 - 2012-06-21 01:55 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 00:50 - 2012-08-06 11:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 00:48 - 2012-08-06 11:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 00:48 - 2012-08-06 11:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 00:45 - 2012-08-06 11:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 00:44 - 2012-08-06 11:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 23:40 - 2012-08-06 11:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 23:40 - 2012-08-06 11:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 23:39 - 2012-08-06 11:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 23:34 - 2012-08-06 11:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll


ZeroAccess:
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@

ZeroAccess:
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\L
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%
Total physical RAM: 3892.52 MB
Available physical RAM: 3318.06 MB
Total Pagefile: 3890.67 MB
Available Pagefile: 3315.48 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:406.17 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:5.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:3.72 GB) (Free:1.93 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3816 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 101 MB 31 KB
Partition 2 Primary 14 GB 102 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 101 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 E RECOVERY NTFS Partition 14 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3814 MB 1116 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3814 MB Healthy

==================================================================================

Last Boot: 2012-08-06 21:05

======================= End Of Log ==========================

Result of the second scan:

Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-12 12:29:09
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#6 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 06:34 AM

Will this virus be fixable or will I have to have my laptop completely wiped and set up anew?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 12:09 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
C:\Windows\assembly\GAC\Desktop.ini 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}
2012-08-10 00:25 - 2012-08-10 00:25 - 00083408 ____A C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys
0 2797f20f81f8c8c1; C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys [83408 2012-08-10] () ATTENTION =====> Rootkit?


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 12:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-12 19:46:09 Run:1
Running from E:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\assembly\GAC_32\Desktop.ini not found.
C:\Windows\assembly\GAC_64\Desktop.ini not found.
C:\Windows\assembly\GAC\Desktop.ini not found.

The operation completed successfully.
C:\Windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.
C:\Users\Bethany\AppData\Local\{c614d3bf-243a-3fd7-a4fd-36cd3756874b} moved successfully.
C:\Windows\System32\Drivers\2797f20f81f8c8c1.sys moved successfully.
2797f20f81f8c8c1 service deleted successfully.

==== End of Fixlog ====

Will this have fully fixed my laptop? Or does something else need to be done? There is also a Trojan called hysoxqihotur and one called regedit that seemed to be on here. :(

If you manage to help me fully fix this, I'll donate. ^^

I still cannot turn on Windows Firewall. It has the same virus error as before, 0x80070424.

Edited by StuckDragonfly, 12 August 2012 - 12:54 PM.


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 01:33 PM

I want you to run combofix for me now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 02:02 PM

After this log came up, I clicked to go on Firefox but it said it was in a registry key marked for deletion. So I restarted the laptop and Firefox works again. Will the laptop be fixed now?

ComboFix 12-08-10.02 - Bethany 12/08/2012 19:36:39.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2556 [GMT 1:00]
Running from: c:\users\Bethany\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\140239b3-d59a-46fa-b856-17682a46cb44.dll
c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
c:\users\Bethany\AppData\Roaming\B2F93FD7.reg
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\00000001.@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\80000000.@
c:\windows\Installer\{c614d3bf-243a-3fd7-a4fd-36cd3756874b}\U\800000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 18:41 . 2012-08-12 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 17:04 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 17:03 . 2012-08-12 17:11 -------- d-----w- c:\programdata\AVAST Software
2012-08-12 17:03 . 2012-08-12 17:03 -------- d-----w- c:\program files\AVAST Software
2012-08-12 16:25 . 2012-08-12 16:25 -------- d-----w- c:\users\Bethany\AppData\Local\ElevatedDiagnostics
2012-08-12 16:03 . 2012-08-12 16:46 -------- d-----w- c:\users\Bethany\AppData\Roaming\CheckPoint
2012-08-12 15:58 . 2012-08-12 15:58 126 ----a-w- C:\user.js
2012-08-12 15:58 . 2012-08-12 15:58 -------- d-----w- c:\programdata\CheckPoint
2012-08-11 21:59 . 2012-08-11 22:01 -------- d-----w- c:\program files\ESET
2012-08-11 19:21 . 2012-08-11 19:23 -------- d-----w- C:\FRST
2012-08-11 17:55 . 2012-08-11 17:55 328704 ----a-w- c:\windows\system32\services.exe.D80990AE1303698A
2012-08-11 17:47 . 2012-08-11 17:47 -------- d-----w- c:\users\Bethany\AppData\Roaming\Malwarebytes
2012-08-11 17:46 . 2012-08-11 17:46 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 17:14 . 2012-08-11 17:14 328704 ----a-w- c:\windows\system32\services.exe.8C59D09F16B09653
2012-08-11 17:08 . 2012-08-11 17:08 328704 ----a-w- c:\windows\system32\services.exe.0E6597D679960A22
2012-08-11 10:26 . 2012-08-11 10:26 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-11 10:24 . 2012-08-11 11:36 -------- d-----w- c:\programdata\MFAData
2012-08-11 10:24 . 2012-08-11 10:24 -------- d--h--w- c:\programdata\Common Files
2012-08-11 09:40 . 2012-08-11 09:40 328704 ----a-w- c:\windows\system32\services.exe.DD13055FB3D46C40
2012-08-11 09:29 . 2012-08-11 09:29 328704 ----a-w- c:\windows\system32\services.exe.28955D1542FA7C4A
2012-08-10 17:56 . 2012-08-10 17:56 328704 ----a-w- c:\windows\system32\services.exe.66EC58DB49070EC9
2012-08-10 09:20 . 2012-08-10 09:20 -------- d--h--w- c:\windows\AxInstSV
2012-08-10 06:41 . 2012-08-10 06:41 328704 ----a-w- c:\windows\system32\services.exe.6AA1C8156C214009
2012-08-10 06:14 . 2012-08-10 06:14 -------- d-----w- c:\users\Bethany\AppData\Local\Macromedia
2012-08-09 19:30 . 2012-08-10 05:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 19:30 . 2012-08-09 19:30 -------- d-----w- c:\windows\system32\Macromed
2012-08-09 19:24 . 2012-08-09 19:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 16:49 . 2012-08-09 16:49 -------- d--h--r- c:\users\Bethany\AppData\Roaming\SecuROM
2012-08-09 16:28 . 2012-08-09 16:28 -------- d-----w- c:\programdata\EA Core
2012-08-07 02:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 05:55 . 2011-08-06 20:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-07 02:01 . 2011-08-11 18:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 06:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 06:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 06:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-13 19:23 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 19:23 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 19:23 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-19 23:24 . 2012-03-19 23:24 3993600 ----a-w- c:\program files (x86)\GUTC4CB.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
c:\users\Bethany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
SkypeMate.lnk - c:\program files (x86)\SkypeMate\SkypeMate.exe [2011-7-11 670720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-07 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-11 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 05:55]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 10:28]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 10:28]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001Core.job
- c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 19:14]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001UA.job
- c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 19:14]
.
2012-08-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\d928ww13.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=b4b799a80000000000008ca98241083d&q=
FF - user.js: extensions.zonealarm.id - b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm.instlDay - 15564
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.416:58
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114250670732058-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe
Wow6432Node-HKLM-Run-ZoneAlarm Installer - c:\program files (x86)\CheckPoint\Install\Launcher.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2680311957-1608801264-3090932800-1001\Software\SecuROM\License information*]
"datasecu"=hex:55,2f,97,a7,1b,fa,c2,5a,d2,d2,d9,8e,0d,dd,4b,be,04,a3,a3,2a,f4,
00,da,aa,0b,26,0a,a3,15,0a,50,cd,56,09,48,74,c2,08,65,a7,75,b3,86,db,f0,c0,\
"rkeysecu"=hex:1a,fb,98,b2,88,c9,28,54,e6,25,f6,84,ca,58,f9,e9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-08-12 19:48:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-12 18:48
.
Pre-Run: 434,973,663,232 bytes free
Post-Run: 435,220,566,016 bytes free
.
- - End Of File - - 298BCE72693F3699217A7523FC5EAE3D

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 02:05 PM

Greetings

It takes a little more than that - we have to make sure it all has been removed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 02:31 PM

20:10:14.0285 3720 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:10:14.0426 3720 ============================================================
20:10:14.0426 3720 Current date / time: 2012/08/12 20:10:14.0426
20:10:14.0426 3720 SystemInfo:
20:10:14.0426 3720
20:10:14.0426 3720 OS Version: 6.1.7601 ServicePack: 1.0
20:10:14.0426 3720 Product type: Workstation
20:10:14.0426 3720 ComputerName: BETHANY-PC
20:10:14.0426 3720 UserName: Bethany
20:10:14.0426 3720 Windows directory: C:\Windows
20:10:14.0426 3720 System windows directory: C:\Windows
20:10:14.0426 3720 Running under WOW64
20:10:14.0426 3720 Processor architecture: Intel x64
20:10:14.0426 3720 Number of processors: 2
20:10:14.0426 3720 Page size: 0x1000
20:10:14.0426 3720 Boot type: Normal boot
20:10:14.0426 3720 ============================================================
20:10:14.0909 3720 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:10:14.0909 3720 ============================================================
20:10:14.0909 3720 \Device\Harddisk0\DR0:
20:10:14.0909 3720 MBR partitions:
20:10:14.0909 3720 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1D4C000
20:10:14.0909 3720 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7F000, BlocksNum 0x38606830
20:10:14.0909 3720 ============================================================
20:10:14.0941 3720 C: <-> \Device\Harddisk0\DR0\Partition1
20:10:14.0941 3720 ============================================================
20:10:14.0941 3720 Initialize success
20:10:14.0941 3720 ============================================================
20:11:05.0188 3628 ============================================================
20:11:05.0188 3628 Scan started
20:11:05.0188 3628 Mode: Manual;
20:11:05.0188 3628 ============================================================
20:11:05.0453 3628 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:11:05.0469 3628 1394ohci - ok
20:11:05.0547 3628 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:11:05.0563 3628 ACPI - ok
20:11:05.0609 3628 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:11:05.0609 3628 AcpiPmi - ok
20:11:05.0750 3628 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:11:05.0750 3628 AdobeARMservice - ok
20:11:05.0843 3628 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:11:05.0843 3628 AdobeFlashPlayerUpdateSvc - ok
20:11:05.0937 3628 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:11:05.0968 3628 adp94xx - ok
20:11:06.0062 3628 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:11:06.0077 3628 adpahci - ok
20:11:06.0109 3628 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:11:06.0124 3628 adpu320 - ok
20:11:06.0140 3628 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:11:06.0155 3628 AeLookupSvc - ok
20:11:06.0233 3628 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:11:06.0233 3628 AERTFilters - ok
20:11:06.0327 3628 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:11:06.0358 3628 AFD - ok
20:11:06.0421 3628 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:11:06.0421 3628 agp440 - ok
20:11:06.0452 3628 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:11:06.0452 3628 ALG - ok
20:11:06.0514 3628 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:11:06.0514 3628 aliide - ok
20:11:06.0530 3628 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:11:06.0530 3628 amdide - ok
20:11:06.0577 3628 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:11:06.0577 3628 AmdK8 - ok
20:11:06.0592 3628 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:11:06.0608 3628 AmdPPM - ok
20:11:06.0623 3628 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:11:06.0639 3628 amdsata - ok
20:11:06.0655 3628 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:11:06.0655 3628 amdsbs - ok
20:11:06.0686 3628 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:11:06.0686 3628 amdxata - ok
20:11:06.0748 3628 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:11:06.0748 3628 AppID - ok
20:11:06.0795 3628 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:11:06.0795 3628 AppIDSvc - ok
20:11:06.0826 3628 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:11:06.0826 3628 Appinfo - ok
20:11:06.0889 3628 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:11:06.0904 3628 arc - ok
20:11:06.0920 3628 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:11:06.0920 3628 arcsas - ok
20:11:07.0060 3628 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:11:07.0076 3628 aspnet_state - ok
20:11:07.0123 3628 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:11:07.0123 3628 AsyncMac - ok
20:11:07.0185 3628 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:11:07.0201 3628 atapi - ok
20:11:07.0279 3628 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:11:07.0310 3628 AudioEndpointBuilder - ok
20:11:07.0325 3628 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:11:07.0325 3628 AudioSrv - ok
20:11:07.0388 3628 avgtp (e964ea70249dde1343c8f694b52575ee) C:\Windows\system32\drivers\avgtpx64.sys
20:11:07.0388 3628 avgtp - ok
20:11:07.0481 3628 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:11:07.0481 3628 AxInstSV - ok
20:11:07.0559 3628 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:11:07.0575 3628 b06bdrv - ok
20:11:07.0653 3628 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:11:07.0669 3628 b57nd60a - ok
20:11:07.0747 3628 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:11:07.0747 3628 BDESVC - ok
20:11:07.0762 3628 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:11:07.0778 3628 Beep - ok
20:11:07.0871 3628 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:11:07.0903 3628 BFE - ok
20:11:07.0965 3628 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:11:07.0965 3628 blbdrive - ok
20:11:08.0027 3628 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:11:08.0043 3628 bowser - ok
20:11:08.0090 3628 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:11:08.0090 3628 BrFiltLo - ok
20:11:08.0105 3628 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:11:08.0105 3628 BrFiltUp - ok
20:11:08.0199 3628 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:11:08.0215 3628 BridgeMP - ok
20:11:08.0246 3628 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:11:08.0246 3628 Browser - ok
20:11:08.0277 3628 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:11:08.0308 3628 Brserid - ok
20:11:08.0324 3628 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:11:08.0324 3628 BrSerWdm - ok
20:11:08.0339 3628 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:11:08.0355 3628 BrUsbMdm - ok
20:11:08.0355 3628 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:11:08.0355 3628 BrUsbSer - ok
20:11:08.0433 3628 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:11:08.0433 3628 BthEnum - ok
20:11:08.0449 3628 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:11:08.0464 3628 BTHMODEM - ok
20:11:08.0495 3628 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:11:08.0495 3628 BthPan - ok
20:11:08.0542 3628 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:11:08.0573 3628 BTHPORT - ok
20:11:08.0651 3628 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:11:08.0651 3628 bthserv - ok
20:11:08.0667 3628 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:11:08.0667 3628 BTHUSB - ok
20:11:08.0698 3628 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
20:11:08.0698 3628 btusbflt - ok
20:11:08.0761 3628 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:11:08.0761 3628 btwaudio - ok
20:11:08.0776 3628 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
20:11:08.0776 3628 btwavdt - ok
20:11:08.0932 3628 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:11:08.0979 3628 btwdins - ok
20:11:09.0026 3628 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:11:09.0026 3628 btwl2cap - ok
20:11:09.0073 3628 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:11:09.0073 3628 btwrchid - ok
20:11:09.0073 3628 catchme - ok
20:11:09.0104 3628 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:11:09.0104 3628 cdfs - ok
20:11:09.0182 3628 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:11:09.0182 3628 cdrom - ok
20:11:09.0244 3628 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:11:09.0244 3628 CertPropSvc - ok
20:11:09.0307 3628 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:11:09.0307 3628 circlass - ok
20:11:09.0385 3628 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:11:09.0400 3628 CLFS - ok
20:11:09.0463 3628 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:11:09.0463 3628 clr_optimization_v2.0.50727_32 - ok
20:11:09.0509 3628 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:11:09.0509 3628 clr_optimization_v2.0.50727_64 - ok
20:11:09.0634 3628 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:11:09.0634 3628 clr_optimization_v4.0.30319_32 - ok
20:11:09.0681 3628 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:11:09.0681 3628 clr_optimization_v4.0.30319_64 - ok
20:11:09.0743 3628 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:11:09.0743 3628 CmBatt - ok
20:11:09.0759 3628 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:11:09.0759 3628 cmdide - ok
20:11:09.0853 3628 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:11:09.0868 3628 CNG - ok
20:11:09.0931 3628 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:11:09.0931 3628 Compbatt - ok
20:11:10.0055 3628 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:11:10.0055 3628 CompositeBus - ok
20:11:10.0087 3628 COMSysApp - ok
20:11:10.0118 3628 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:11:10.0118 3628 crcdisk - ok
20:11:10.0165 3628 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:11:10.0165 3628 CryptSvc - ok
20:11:10.0227 3628 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:11:10.0243 3628 CtClsFlt - ok
20:11:10.0305 3628 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:11:10.0336 3628 DcomLaunch - ok
20:11:10.0367 3628 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:11:10.0399 3628 defragsvc - ok
20:11:10.0430 3628 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:11:10.0430 3628 DfsC - ok
20:11:10.0508 3628 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:11:10.0539 3628 Dhcp - ok
20:11:10.0555 3628 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:11:10.0555 3628 discache - ok
20:11:10.0617 3628 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:11:10.0633 3628 Disk - ok
20:11:10.0664 3628 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:11:10.0664 3628 Dnscache - ok
20:11:10.0711 3628 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:11:10.0726 3628 dot3svc - ok
20:11:10.0742 3628 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:11:10.0757 3628 DPS - ok
20:11:10.0804 3628 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:11:10.0804 3628 drmkaud - ok
20:11:10.0882 3628 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:11:10.0898 3628 DXGKrnl - ok
20:11:10.0976 3628 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:11:10.0976 3628 EapHost - ok
20:11:11.0194 3628 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:11:11.0303 3628 ebdrv - ok
20:11:11.0397 3628 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:11:11.0397 3628 EFS - ok
20:11:11.0491 3628 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:11:11.0522 3628 ehRecvr - ok
20:11:11.0553 3628 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:11:11.0569 3628 ehSched - ok
20:11:11.0678 3628 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:11:11.0693 3628 elxstor - ok
20:11:11.0756 3628 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:11:11.0756 3628 ErrDev - ok
20:11:11.0818 3628 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:11:11.0834 3628 EventSystem - ok
20:11:12.0005 3628 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:11:12.0052 3628 EvtEng - ok
20:11:12.0193 3628 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:11:12.0208 3628 exfat - ok
20:11:12.0224 3628 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:11:12.0239 3628 fastfat - ok
20:11:12.0349 3628 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:11:12.0380 3628 Fax - ok
20:11:12.0411 3628 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:11:12.0411 3628 fdc - ok
20:11:12.0473 3628 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:11:12.0473 3628 fdPHost - ok
20:11:12.0489 3628 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:11:12.0489 3628 FDResPub - ok
20:11:12.0505 3628 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:11:12.0505 3628 FileInfo - ok
20:11:12.0536 3628 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:11:12.0536 3628 Filetrace - ok
20:11:12.0551 3628 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:11:12.0551 3628 flpydisk - ok
20:11:12.0598 3628 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:11:12.0614 3628 FltMgr - ok
20:11:12.0707 3628 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:11:12.0770 3628 FontCache - ok
20:11:12.0832 3628 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:11:12.0832 3628 FontCache3.0.0.0 - ok
20:11:12.0879 3628 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:11:12.0895 3628 FsDepends - ok
20:11:12.0926 3628 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:11:12.0926 3628 Fs_Rec - ok
20:11:13.0004 3628 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:11:13.0004 3628 fvevol - ok
20:11:13.0051 3628 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:11:13.0066 3628 gagp30kx - ok
20:11:13.0191 3628 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
20:11:13.0207 3628 GameConsoleService - ok
20:11:13.0285 3628 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:11:13.0331 3628 gpsvc - ok
20:11:13.0425 3628 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:13.0425 3628 gupdate - ok
20:11:13.0456 3628 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:11:13.0456 3628 gupdatem - ok
20:11:13.0487 3628 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:11:13.0487 3628 hcw85cir - ok
20:11:13.0550 3628 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:11:13.0565 3628 HDAudBus - ok
20:11:13.0581 3628 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:11:13.0581 3628 HECIx64 - ok
20:11:13.0612 3628 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:11:13.0612 3628 HidBatt - ok
20:11:13.0628 3628 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:11:13.0628 3628 HidBth - ok
20:11:13.0643 3628 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:11:13.0643 3628 HidIr - ok
20:11:13.0675 3628 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:11:13.0675 3628 hidserv - ok
20:11:13.0753 3628 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:11:13.0753 3628 HidUsb - ok
20:11:13.0784 3628 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:11:13.0784 3628 hkmsvc - ok
20:11:13.0815 3628 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:11:13.0831 3628 HomeGroupListener - ok
20:11:13.0862 3628 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:11:13.0877 3628 HomeGroupProvider - ok
20:11:13.0940 3628 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:11:13.0940 3628 HpSAMD - ok
20:11:14.0002 3628 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:11:14.0049 3628 HTTP - ok
20:11:14.0080 3628 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:11:14.0080 3628 hwpolicy - ok
20:11:14.0127 3628 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:11:14.0127 3628 i8042prt - ok
20:11:14.0189 3628 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:11:14.0189 3628 iaStor - ok
20:11:14.0267 3628 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:11:14.0283 3628 iaStorV - ok
20:11:14.0408 3628 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:11:14.0455 3628 idsvc - ok
20:11:15.0188 3628 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:11:15.0391 3628 igfx - ok
20:11:15.0531 3628 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:11:15.0531 3628 iirsp - ok
20:11:15.0640 3628 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:11:15.0671 3628 IKEEXT - ok
20:11:15.0703 3628 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:11:15.0703 3628 Impcd - ok
20:11:15.0859 3628 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
20:11:15.0874 3628 IntcAzAudAddService - ok
20:11:16.0015 3628 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:11:16.0046 3628 IntcDAud - ok
20:11:16.0077 3628 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:11:16.0077 3628 intelide - ok
20:11:16.0124 3628 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:11:16.0124 3628 intelppm - ok
20:11:16.0155 3628 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:11:16.0155 3628 IPBusEnum - ok
20:11:16.0186 3628 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:11:16.0186 3628 IpFilterDriver - ok
20:11:16.0311 3628 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:11:16.0327 3628 iphlpsvc - ok
20:11:16.0373 3628 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:11:16.0373 3628 IPMIDRV - ok
20:11:16.0451 3628 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:11:16.0451 3628 IPNAT - ok
20:11:16.0498 3628 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:11:16.0514 3628 IRENUM - ok
20:11:16.0529 3628 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:11:16.0529 3628 isapnp - ok
20:11:16.0561 3628 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:11:16.0576 3628 iScsiPrt - ok
20:11:16.0639 3628 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:11:16.0639 3628 kbdclass - ok
20:11:16.0685 3628 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:11:16.0685 3628 kbdhid - ok
20:11:16.0717 3628 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:16.0717 3628 KeyIso - ok
20:11:16.0904 3628 Kodak AiO Network Discovery Service (3d1e2d4a75bb4230b0cee140b5585dcd) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:11:16.0904 3628 Kodak AiO Network Discovery Service - ok
20:11:16.0951 3628 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:11:16.0951 3628 KSecDD - ok
20:11:16.0982 3628 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:11:16.0982 3628 KSecPkg - ok
20:11:17.0029 3628 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:11:17.0029 3628 ksthunk - ok
20:11:17.0122 3628 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:11:17.0138 3628 KtmRm - ok
20:11:17.0185 3628 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:11:17.0185 3628 L1C - ok
20:11:17.0263 3628 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:11:17.0278 3628 LanmanServer - ok
20:11:17.0309 3628 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:11:17.0309 3628 LanmanWorkstation - ok
20:11:17.0387 3628 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:11:17.0387 3628 lltdio - ok
20:11:17.0465 3628 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:11:17.0481 3628 lltdsvc - ok
20:11:17.0497 3628 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:11:17.0512 3628 lmhosts - ok
20:11:17.0606 3628 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:11:17.0621 3628 LMS - ok
20:11:17.0668 3628 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:11:17.0684 3628 LSI_FC - ok
20:11:17.0715 3628 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:11:17.0715 3628 LSI_SAS - ok
20:11:17.0731 3628 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:11:17.0731 3628 LSI_SAS2 - ok
20:11:17.0762 3628 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:11:17.0762 3628 LSI_SCSI - ok
20:11:17.0824 3628 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:11:17.0824 3628 luafv - ok
20:11:17.0855 3628 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:11:17.0855 3628 Mcx2Svc - ok
20:11:17.0871 3628 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:11:17.0887 3628 megasas - ok
20:11:17.0902 3628 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:11:17.0933 3628 MegaSR - ok
20:11:17.0965 3628 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:11:17.0965 3628 MMCSS - ok
20:11:17.0980 3628 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:11:17.0980 3628 Modem - ok
20:11:18.0027 3628 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:11:18.0027 3628 monitor - ok
20:11:18.0089 3628 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:11:18.0089 3628 mouclass - ok
20:11:18.0136 3628 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:11:18.0152 3628 mouhid - ok
20:11:18.0167 3628 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:11:18.0167 3628 mountmgr - ok
20:11:18.0308 3628 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:11:18.0323 3628 MozillaMaintenance - ok
20:11:18.0355 3628 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:11:18.0355 3628 mpio - ok
20:11:18.0370 3628 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:11:18.0386 3628 mpsdrv - ok
20:11:18.0511 3628 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:11:18.0542 3628 MpsSvc - ok
20:11:18.0573 3628 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:11:18.0589 3628 MRxDAV - ok
20:11:18.0620 3628 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:11:18.0620 3628 mrxsmb - ok
20:11:18.0651 3628 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:11:18.0667 3628 mrxsmb10 - ok
20:11:18.0698 3628 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:11:18.0698 3628 mrxsmb20 - ok
20:11:18.0745 3628 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:11:18.0745 3628 msahci - ok
20:11:18.0776 3628 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:11:18.0776 3628 msdsm - ok
20:11:18.0823 3628 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:11:18.0823 3628 MSDTC - ok
20:11:18.0885 3628 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:11:18.0901 3628 Msfs - ok
20:11:18.0901 3628 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:11:18.0901 3628 mshidkmdf - ok
20:11:18.0932 3628 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:11:18.0932 3628 msisadrv - ok
20:11:18.0994 3628 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:11:18.0994 3628 MSiSCSI - ok
20:11:19.0010 3628 msiserver - ok
20:11:19.0057 3628 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:11:19.0057 3628 MSKSSRV - ok
20:11:19.0103 3628 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:11:19.0119 3628 MSPCLOCK - ok
20:11:19.0119 3628 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:11:19.0119 3628 MSPQM - ok
20:11:19.0166 3628 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:11:19.0197 3628 MsRPC - ok
20:11:19.0228 3628 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:11:19.0228 3628 mssmbios - ok
20:11:19.0244 3628 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:11:19.0244 3628 MSTEE - ok
20:11:19.0259 3628 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:11:19.0275 3628 MTConfig - ok
20:11:19.0291 3628 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:11:19.0291 3628 Mup - ok
20:11:19.0400 3628 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:11:19.0415 3628 MyWiFiDHCPDNS - ok
20:11:19.0478 3628 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:11:19.0509 3628 napagent - ok
20:11:19.0603 3628 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:11:19.0618 3628 NativeWifiP - ok
20:11:19.0743 3628 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:11:19.0790 3628 NDIS - ok
20:11:19.0868 3628 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:11:19.0868 3628 NdisCap - ok
20:11:19.0915 3628 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:11:19.0915 3628 NdisTapi - ok
20:11:19.0961 3628 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:11:19.0961 3628 Ndisuio - ok
20:11:19.0993 3628 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:11:20.0008 3628 NdisWan - ok
20:11:20.0024 3628 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:11:20.0024 3628 NDProxy - ok
20:11:20.0086 3628 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:11:20.0086 3628 NetBIOS - ok
20:11:20.0117 3628 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:11:20.0133 3628 NetBT - ok
20:11:20.0149 3628 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:20.0149 3628 Netlogon - ok
20:11:20.0227 3628 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:11:20.0242 3628 Netman - ok
20:11:20.0367 3628 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:20.0367 3628 NetMsmqActivator - ok
20:11:20.0398 3628 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:20.0398 3628 NetPipeActivator - ok
20:11:20.0476 3628 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:11:20.0492 3628 netprofm - ok
20:11:20.0523 3628 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:20.0523 3628 NetTcpActivator - ok
20:11:20.0539 3628 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:11:20.0539 3628 NetTcpPortSharing - ok
20:11:21.0100 3628 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:11:21.0272 3628 NETw5s64 - ok
20:11:21.0443 3628 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:11:21.0443 3628 nfrd960 - ok
20:11:21.0521 3628 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:11:21.0553 3628 NlaSvc - ok
20:11:21.0568 3628 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:11:21.0568 3628 Npfs - ok
20:11:21.0584 3628 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:11:21.0584 3628 nsi - ok
20:11:21.0599 3628 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:11:21.0615 3628 nsiproxy - ok
20:11:21.0724 3628 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:11:21.0802 3628 Ntfs - ok
20:11:21.0911 3628 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:11:21.0911 3628 Null - ok
20:11:21.0974 3628 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:11:21.0974 3628 nvraid - ok
20:11:22.0036 3628 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:11:22.0036 3628 nvstor - ok
20:11:22.0067 3628 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:11:22.0083 3628 nv_agp - ok
20:11:22.0114 3628 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:11:22.0114 3628 ohci1394 - ok
20:11:22.0161 3628 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:11:22.0177 3628 p2pimsvc - ok
20:11:22.0223 3628 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:11:22.0255 3628 p2psvc - ok
20:11:22.0270 3628 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:11:22.0270 3628 Parport - ok
20:11:22.0301 3628 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:11:22.0301 3628 partmgr - ok
20:11:22.0317 3628 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:11:22.0333 3628 PcaSvc - ok
20:11:22.0379 3628 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:11:22.0379 3628 pci - ok
20:11:22.0411 3628 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:11:22.0411 3628 pciide - ok
20:11:22.0442 3628 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:11:22.0457 3628 pcmcia - ok
20:11:22.0473 3628 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:11:22.0473 3628 pcw - ok
20:11:22.0520 3628 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:11:22.0551 3628 PEAUTH - ok
20:11:22.0613 3628 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:11:22.0613 3628 PerfHost - ok
20:11:22.0707 3628 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:11:22.0769 3628 pla - ok
20:11:22.0847 3628 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:11:22.0863 3628 PlugPlay - ok
20:11:22.0879 3628 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:11:22.0894 3628 PNRPAutoReg - ok
20:11:22.0925 3628 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:11:22.0941 3628 PNRPsvc - ok
20:11:22.0972 3628 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:11:23.0003 3628 PolicyAgent - ok
20:11:23.0035 3628 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:11:23.0035 3628 Power - ok
20:11:23.0113 3628 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:11:23.0128 3628 PptpMiniport - ok
20:11:23.0159 3628 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:11:23.0159 3628 Processor - ok
20:11:23.0206 3628 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:11:23.0222 3628 ProfSvc - ok
20:11:23.0237 3628 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:23.0237 3628 ProtectedStorage - ok
20:11:23.0315 3628 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:11:23.0315 3628 Psched - ok
20:11:23.0378 3628 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:11:23.0378 3628 PxHlpa64 - ok
20:11:23.0518 3628 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:11:23.0581 3628 ql2300 - ok
20:11:23.0721 3628 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:11:23.0721 3628 ql40xx - ok
20:11:23.0752 3628 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:11:23.0768 3628 QWAVE - ok
20:11:23.0783 3628 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:11:23.0783 3628 QWAVEdrv - ok
20:11:23.0893 3628 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
20:11:23.0893 3628 RapiMgr - ok
20:11:23.0908 3628 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:11:23.0924 3628 RasAcd - ok
20:11:23.0971 3628 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:11:23.0971 3628 RasAgileVpn - ok
20:11:24.0002 3628 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:11:24.0002 3628 RasAuto - ok
20:11:24.0033 3628 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:11:24.0049 3628 Rasl2tp - ok
20:11:24.0127 3628 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:11:24.0142 3628 RasMan - ok
20:11:24.0173 3628 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:11:24.0173 3628 RasPppoe - ok
20:11:24.0205 3628 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:11:24.0220 3628 RasSstp - ok
20:11:24.0267 3628 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:11:24.0283 3628 rdbss - ok
20:11:24.0298 3628 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:11:24.0298 3628 rdpbus - ok
20:11:24.0314 3628 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:11:24.0314 3628 RDPCDD - ok
20:11:24.0376 3628 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:11:24.0376 3628 RDPENCDD - ok
20:11:24.0392 3628 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:11:24.0392 3628 RDPREFMP - ok
20:11:24.0423 3628 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:11:24.0439 3628 RDPWD - ok
20:11:24.0517 3628 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:11:24.0532 3628 rdyboost - ok
20:11:24.0688 3628 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:11:24.0719 3628 RegSrvc - ok
20:11:24.0782 3628 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:11:24.0782 3628 RemoteAccess - ok
20:11:24.0829 3628 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:11:24.0829 3628 RemoteRegistry - ok
20:11:24.0922 3628 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:11:24.0922 3628 RFCOMM - ok
20:11:25.0094 3628 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:11:25.0156 3628 RoxMediaDB12OEM - ok
20:11:25.0203 3628 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:11:25.0203 3628 RoxWatch12 - ok
20:11:25.0312 3628 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:11:25.0312 3628 RpcEptMapper - ok
20:11:25.0328 3628 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:11:25.0328 3628 RpcLocator - ok
20:11:25.0390 3628 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:11:25.0406 3628 RpcSs - ok
20:11:25.0499 3628 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:11:25.0499 3628 rspndr - ok
20:11:25.0577 3628 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
20:11:25.0577 3628 RSUSBSTOR - ok
20:11:25.0609 3628 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:25.0609 3628 SamSs - ok
20:11:25.0640 3628 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:11:25.0640 3628 sbp2port - ok
20:11:25.0687 3628 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:11:25.0702 3628 SCardSvr - ok
20:11:25.0733 3628 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:11:25.0733 3628 scfilter - ok
20:11:25.0827 3628 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:11:25.0858 3628 Schedule - ok
20:11:25.0889 3628 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:11:25.0889 3628 SCPolicySvc - ok
20:11:25.0936 3628 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:11:25.0952 3628 SDRSVC - ok
20:11:26.0030 3628 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:11:26.0030 3628 secdrv - ok
20:11:26.0061 3628 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:11:26.0061 3628 seclogon - ok
20:11:26.0139 3628 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:11:26.0139 3628 SENS - ok
20:11:26.0155 3628 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:11:26.0155 3628 SensrSvc - ok
20:11:26.0170 3628 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:11:26.0186 3628 Serenum - ok
20:11:26.0201 3628 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:11:26.0201 3628 Serial - ok
20:11:26.0264 3628 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:11:26.0264 3628 sermouse - ok
20:11:26.0311 3628 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:11:26.0311 3628 SessionEnv - ok
20:11:26.0342 3628 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:11:26.0342 3628 sffdisk - ok
20:11:26.0357 3628 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:11:26.0357 3628 sffp_mmc - ok
20:11:26.0373 3628 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:11:26.0373 3628 sffp_sd - ok
20:11:26.0389 3628 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:11:26.0389 3628 sfloppy - ok
20:11:26.0498 3628 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:11:26.0498 3628 SftService - ok
20:11:26.0607 3628 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:11:26.0623 3628 SharedAccess - ok
20:11:26.0669 3628 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:11:26.0685 3628 ShellHWDetection - ok
20:11:26.0763 3628 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:11:26.0779 3628 SiSRaid2 - ok
20:11:26.0794 3628 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:11:26.0794 3628 SiSRaid4 - ok
20:11:26.0872 3628 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:11:26.0872 3628 SkypeUpdate - ok
20:11:26.0935 3628 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:11:26.0935 3628 Smb - ok
20:11:26.0997 3628 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:11:26.0997 3628 SNMPTRAP - ok
20:11:27.0013 3628 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:11:27.0013 3628 spldr - ok
20:11:27.0075 3628 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:11:27.0075 3628 Spooler - ok
20:11:27.0309 3628 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:11:27.0418 3628 sppsvc - ok
20:11:27.0496 3628 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:11:27.0512 3628 sppuinotify - ok
20:11:27.0574 3628 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:11:27.0590 3628 srv - ok
20:11:27.0621 3628 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:11:27.0637 3628 srv2 - ok
20:11:27.0668 3628 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:11:27.0683 3628 srvnet - ok
20:11:27.0746 3628 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:11:27.0761 3628 SSDPSRV - ok
20:11:27.0777 3628 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:11:27.0777 3628 SstpSvc - ok
20:11:27.0808 3628 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:11:27.0808 3628 stexstor - ok
20:11:27.0902 3628 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:11:27.0949 3628 stisvc - ok
20:11:28.0042 3628 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:11:28.0058 3628 stllssvr - ok
20:11:28.0073 3628 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:11:28.0073 3628 swenum - ok
20:11:28.0136 3628 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:11:28.0151 3628 swprv - ok
20:11:28.0229 3628 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
20:11:28.0229 3628 SynTP - ok
20:11:28.0354 3628 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:11:28.0417 3628 SysMain - ok
20:11:28.0510 3628 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:11:28.0510 3628 TabletInputService - ok
20:11:28.0557 3628 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:11:28.0573 3628 TapiSrv - ok
20:11:28.0604 3628 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:11:28.0619 3628 TBS - ok
20:11:28.0775 3628 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:11:28.0853 3628 Tcpip - ok
20:11:29.0119 3628 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:11:29.0134 3628 TCPIP6 - ok
20:11:29.0228 3628 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:11:29.0228 3628 tcpipreg - ok
20:11:29.0259 3628 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:11:29.0259 3628 TDPIPE - ok
20:11:29.0290 3628 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:11:29.0290 3628 TDTCP - ok
20:11:29.0321 3628 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:11:29.0321 3628 tdx - ok
20:11:29.0353 3628 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:11:29.0353 3628 TermDD - ok
20:11:29.0415 3628 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:11:29.0446 3628 TermService - ok
20:11:29.0477 3628 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:11:29.0477 3628 Themes - ok
20:11:29.0509 3628 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:11:29.0509 3628 THREADORDER - ok
20:11:29.0587 3628 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:11:29.0587 3628 TrkWks - ok
20:11:29.0633 3628 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:11:29.0649 3628 TrustedInstaller - ok
20:11:29.0680 3628 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:11:29.0680 3628 tssecsrv - ok
20:11:29.0743 3628 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:11:29.0743 3628 TsUsbFlt - ok
20:11:29.0821 3628 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:11:29.0821 3628 tunnel - ok
20:11:29.0867 3628 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:11:29.0867 3628 uagp35 - ok
20:11:29.0914 3628 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:11:29.0930 3628 udfs - ok
20:11:29.0977 3628 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:11:29.0977 3628 UI0Detect - ok
20:11:30.0008 3628 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:11:30.0008 3628 uliagpkx - ok
20:11:30.0070 3628 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:11:30.0070 3628 umbus - ok
20:11:30.0133 3628 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:11:30.0133 3628 UmPass - ok
20:11:30.0367 3628 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:11:30.0429 3628 UNS - ok
20:11:30.0554 3628 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:11:30.0569 3628 upnphost - ok
20:11:30.0663 3628 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:11:30.0663 3628 usbaudio - ok
20:11:30.0710 3628 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:11:30.0710 3628 usbccgp - ok
20:11:30.0725 3628 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:11:30.0725 3628 usbcir - ok
20:11:30.0741 3628 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:11:30.0741 3628 usbehci - ok
20:11:30.0819 3628 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:11:30.0835 3628 usbhub - ok
20:11:30.0850 3628 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:11:30.0866 3628 usbohci - ok
20:11:30.0913 3628 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:11:30.0928 3628 usbprint - ok
20:11:30.0944 3628 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:11:30.0944 3628 usbscan - ok
20:11:30.0959 3628 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:11:30.0959 3628 USBSTOR - ok
20:11:30.0975 3628 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:11:30.0991 3628 usbuhci - ok
20:11:31.0053 3628 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:11:31.0069 3628 usbvideo - ok
20:11:31.0100 3628 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:11:31.0100 3628 usb_rndisx - ok
20:11:31.0131 3628 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:11:31.0131 3628 UxSms - ok
20:11:31.0193 3628 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:11:31.0193 3628 VaultSvc - ok
20:11:31.0240 3628 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:11:31.0240 3628 vdrvroot - ok
20:11:31.0303 3628 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:11:31.0334 3628 vds - ok
20:11:31.0396 3628 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:11:31.0396 3628 vga - ok
20:11:31.0412 3628 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:11:31.0412 3628 VgaSave - ok
20:11:31.0443 3628 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:11:31.0459 3628 vhdmp - ok
20:11:31.0490 3628 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:11:31.0490 3628 viaide - ok
20:11:31.0521 3628 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:11:31.0521 3628 volmgr - ok
20:11:31.0568 3628 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:11:31.0583 3628 volmgrx - ok
20:11:31.0615 3628 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:11:31.0630 3628 volsnap - ok
20:11:31.0708 3628 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:11:31.0708 3628 vsmraid - ok
20:11:31.0833 3628 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:11:31.0895 3628 VSS - ok
20:11:31.0989 3628 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:11:31.0989 3628 vwifibus - ok
20:11:32.0005 3628 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:11:32.0005 3628 vwififlt - ok
20:11:32.0051 3628 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:11:32.0051 3628 vwifimp - ok
20:11:32.0098 3628 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:11:32.0129 3628 W32Time - ok
20:11:32.0161 3628 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:11:32.0161 3628 WacomPen - ok
20:11:32.0223 3628 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:32.0223 3628 WANARP - ok
20:11:32.0223 3628 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:11:32.0239 3628 Wanarpv6 - ok
20:11:32.0379 3628 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:11:32.0410 3628 WatAdminSvc - ok
20:11:32.0535 3628 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:11:32.0566 3628 wbengine - ok
20:11:32.0691 3628 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:11:32.0707 3628 WbioSrvc - ok
20:11:32.0800 3628 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
20:11:32.0816 3628 WcesComm - ok
20:11:32.0863 3628 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:11:32.0894 3628 wcncsvc - ok
20:11:32.0909 3628 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:11:32.0909 3628 WcsPlugInService - ok
20:11:32.0956 3628 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:11:32.0956 3628 Wd - ok
20:11:33.0003 3628 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:11:33.0034 3628 Wdf01000 - ok
20:11:33.0065 3628 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:11:33.0065 3628 WdiServiceHost - ok
20:11:33.0065 3628 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:11:33.0065 3628 WdiSystemHost - ok
20:11:33.0097 3628 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
20:11:33.0097 3628 wdkmd - ok
20:11:33.0143 3628 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:11:33.0159 3628 WebClient - ok
20:11:33.0206 3628 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:11:33.0221 3628 Wecsvc - ok
20:11:33.0253 3628 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:11:33.0253 3628 wercplsupport - ok
20:11:33.0315 3628 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:11:33.0315 3628 WerSvc - ok
20:11:33.0377 3628 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:11:33.0377 3628 WfpLwf - ok
20:11:33.0440 3628 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:11:33.0440 3628 WimFltr - ok
20:11:33.0471 3628 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:11:33.0471 3628 WIMMount - ok
20:11:33.0549 3628 WinDefend - ok
20:11:33.0565 3628 WinHttpAutoProxySvc - ok
20:11:33.0627 3628 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:11:33.0643 3628 Winmgmt - ok
20:11:33.0799 3628 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:11:33.0861 3628 WinRM - ok
20:11:34.0017 3628 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:11:34.0017 3628 WinUsb - ok
20:11:34.0095 3628 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:11:34.0126 3628 Wlansvc - ok
20:11:34.0251 3628 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:11:34.0251 3628 wlcrasvc - ok
20:11:34.0469 3628 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:11:34.0532 3628 wlidsvc - ok
20:11:34.0672 3628 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:11:34.0672 3628 WmiAcpi - ok
20:11:34.0735 3628 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:11:34.0750 3628 wmiApSrv - ok
20:11:34.0813 3628 WMPNetworkSvc - ok
20:11:34.0844 3628 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:11:34.0844 3628 WPCSvc - ok
20:11:34.0875 3628 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:11:34.0891 3628 WPDBusEnum - ok
20:11:34.0922 3628 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:34.0922 3628 ws2ifsl - ok
20:11:34.0984 3628 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:11:35.0000 3628 wscsvc - ok
20:11:35.0000 3628 WSearch - ok
20:11:35.0187 3628 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:11:35.0281 3628 wuauserv - ok
20:11:35.0390 3628 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:11:35.0390 3628 WudfPf - ok
20:11:35.0452 3628 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:35.0452 3628 WUDFRd - ok
20:11:35.0483 3628 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:11:35.0483 3628 wudfsvc - ok
20:11:35.0530 3628 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:11:35.0546 3628 WwanSvc - ok
20:11:35.0639 3628 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:11:35.0983 3628 \Device\Harddisk0\DR0 - ok
20:11:35.0983 3628 Boot (0x1200) (8b423c5132c11b954cd90b5897810be9) \Device\Harddisk0\DR0\Partition0
20:11:35.0983 3628 \Device\Harddisk0\DR0\Partition0 - ok
20:11:36.0014 3628 Boot (0x1200) (2045157cf01f29be08e643d7819c1d82) \Device\Harddisk0\DR0\Partition1
20:11:36.0014 3628 \Device\Harddisk0\DR0\Partition1 - ok
20:11:36.0014 3628 ============================================================
20:11:36.0014 3628 Scan finished
20:11:36.0014 3628 ============================================================
20:11:36.0029 4460 Detected object count: 0
20:11:36.0029 4460 Actual detected object count: 0
20:12:06.0044 3552 ============================================================
20:12:06.0044 3552 Scan started
20:12:06.0044 3552 Mode: Manual;
20:12:06.0044 3552 ============================================================
20:12:06.0184 3552 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:06.0184 3552 1394ohci - ok
20:12:06.0216 3552 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:06.0231 3552 ACPI - ok
20:12:06.0247 3552 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:06.0262 3552 AcpiPmi - ok
20:12:06.0356 3552 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:12:06.0356 3552 AdobeARMservice - ok
20:12:06.0450 3552 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:12:06.0450 3552 AdobeFlashPlayerUpdateSvc - ok
20:12:06.0512 3552 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:06.0512 3552 adp94xx - ok
20:12:06.0559 3552 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:06.0559 3552 adpahci - ok
20:12:06.0590 3552 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:06.0590 3552 adpu320 - ok
20:12:06.0621 3552 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:12:06.0621 3552 AeLookupSvc - ok
20:12:06.0699 3552 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
20:12:06.0699 3552 AERTFilters - ok
20:12:06.0762 3552 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:12:06.0762 3552 AFD - ok
20:12:06.0777 3552 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:06.0777 3552 agp440 - ok
20:12:06.0808 3552 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:12:06.0808 3552 ALG - ok
20:12:06.0824 3552 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:06.0824 3552 aliide - ok
20:12:06.0840 3552 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:06.0840 3552 amdide - ok
20:12:06.0855 3552 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:06.0871 3552 AmdK8 - ok
20:12:06.0886 3552 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:06.0886 3552 AmdPPM - ok
20:12:06.0918 3552 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:12:06.0918 3552 amdsata - ok
20:12:06.0933 3552 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:06.0949 3552 amdsbs - ok
20:12:06.0964 3552 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:12:06.0964 3552 amdxata - ok
20:12:06.0996 3552 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:06.0996 3552 AppID - ok
20:12:07.0027 3552 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:12:07.0027 3552 AppIDSvc - ok
20:12:07.0058 3552 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:12:07.0058 3552 Appinfo - ok
20:12:07.0089 3552 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:07.0089 3552 arc - ok
20:12:07.0105 3552 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:07.0105 3552 arcsas - ok
20:12:07.0198 3552 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:12:07.0214 3552 aspnet_state - ok
20:12:07.0230 3552 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:07.0230 3552 AsyncMac - ok
20:12:07.0261 3552 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:07.0261 3552 atapi - ok
20:12:07.0323 3552 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:12:07.0339 3552 AudioEndpointBuilder - ok
20:12:07.0354 3552 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:12:07.0354 3552 AudioSrv - ok
20:12:07.0386 3552 avgtp (e964ea70249dde1343c8f694b52575ee) C:\Windows\system32\drivers\avgtpx64.sys
20:12:07.0386 3552 avgtp - ok
20:12:07.0417 3552 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:12:07.0417 3552 AxInstSV - ok
20:12:07.0464 3552 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:07.0464 3552 b06bdrv - ok
20:12:07.0510 3552 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:07.0510 3552 b57nd60a - ok
20:12:07.0542 3552 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:12:07.0542 3552 BDESVC - ok
20:12:07.0557 3552 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:07.0557 3552 Beep - ok
20:12:07.0620 3552 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
20:12:07.0635 3552 BFE - ok
20:12:07.0666 3552 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:07.0666 3552 blbdrive - ok
20:12:07.0698 3552 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:07.0698 3552 bowser - ok
20:12:07.0729 3552 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:07.0729 3552 BrFiltLo - ok
20:12:07.0744 3552 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:07.0744 3552 BrFiltUp - ok
20:12:07.0760 3552 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
20:12:07.0760 3552 BridgeMP - ok
20:12:07.0791 3552 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:12:07.0807 3552 Browser - ok
20:12:07.0838 3552 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:07.0838 3552 Brserid - ok
20:12:07.0854 3552 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:07.0854 3552 BrSerWdm - ok
20:12:07.0885 3552 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:07.0885 3552 BrUsbMdm - ok
20:12:07.0900 3552 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:07.0900 3552 BrUsbSer - ok
20:12:07.0916 3552 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:12:07.0916 3552 BthEnum - ok
20:12:07.0932 3552 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:12:07.0932 3552 BTHMODEM - ok
20:12:07.0978 3552 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:12:07.0978 3552 BthPan - ok
20:12:08.0025 3552 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:12:08.0025 3552 BTHPORT - ok
20:12:08.0056 3552 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:12:08.0056 3552 bthserv - ok
20:12:08.0088 3552 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:12:08.0088 3552 BTHUSB - ok
20:12:08.0103 3552 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys
20:12:08.0103 3552 btusbflt - ok
20:12:08.0119 3552 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys
20:12:08.0119 3552 btwaudio - ok
20:12:08.0134 3552 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
20:12:08.0134 3552 btwavdt - ok
20:12:08.0259 3552 btwdins (10ffb5fa51d5713d872b41a59dfc2213) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
20:12:08.0275 3552 btwdins - ok
20:12:08.0290 3552 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:12:08.0290 3552 btwl2cap - ok
20:12:08.0306 3552 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
20:12:08.0306 3552 btwrchid - ok
20:12:08.0306 3552 catchme - ok
20:12:08.0337 3552 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:12:08.0337 3552 cdfs - ok
20:12:08.0368 3552 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:12:08.0368 3552 cdrom - ok
20:12:08.0400 3552 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:12:08.0400 3552 CertPropSvc - ok
20:12:08.0415 3552 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:12:08.0415 3552 circlass - ok
20:12:08.0462 3552 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:12:08.0462 3552 CLFS - ok
20:12:08.0540 3552 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:12:08.0540 3552 clr_optimization_v2.0.50727_32 - ok
20:12:08.0587 3552 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:12:08.0587 3552 clr_optimization_v2.0.50727_64 - ok
20:12:08.0649 3552 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:12:08.0649 3552 clr_optimization_v4.0.30319_32 - ok
20:12:08.0696 3552 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:12:08.0696 3552 clr_optimization_v4.0.30319_64 - ok
20:12:08.0712 3552 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:12:08.0712 3552 CmBatt - ok
20:12:08.0743 3552 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:12:08.0743 3552 cmdide - ok
20:12:08.0790 3552 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:12:08.0805 3552 CNG - ok
20:12:08.0821 3552 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:12:08.0821 3552 Compbatt - ok
20:12:08.0836 3552 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:12:08.0836 3552 CompositeBus - ok
20:12:08.0852 3552 COMSysApp - ok
20:12:08.0868 3552 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:12:08.0868 3552 crcdisk - ok
20:12:08.0899 3552 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:12:08.0899 3552 CryptSvc - ok
20:12:08.0946 3552 CtClsFlt (fbe228abeab2be13b9c3a3a112d4d8dc) C:\Windows\system32\DRIVERS\CtClsFlt.sys
20:12:08.0946 3552 CtClsFlt - ok
20:12:09.0008 3552 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:12:09.0008 3552 DcomLaunch - ok
20:12:09.0055 3552 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:12:09.0055 3552 defragsvc - ok
20:12:09.0086 3552 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:12:09.0086 3552 DfsC - ok
20:12:09.0133 3552 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:12:09.0133 3552 Dhcp - ok
20:12:09.0164 3552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:12:09.0164 3552 discache - ok
20:12:09.0195 3552 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:12:09.0195 3552 Disk - ok
20:12:09.0226 3552 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:12:09.0226 3552 Dnscache - ok
20:12:09.0273 3552 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:12:09.0273 3552 dot3svc - ok
20:12:09.0289 3552 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:12:09.0289 3552 DPS - ok
20:12:09.0320 3552 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:12:09.0320 3552 drmkaud - ok
20:12:09.0398 3552 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:12:09.0414 3552 DXGKrnl - ok
20:12:09.0445 3552 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:12:09.0445 3552 EapHost - ok
20:12:09.0648 3552 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:12:09.0663 3552 ebdrv - ok
20:12:09.0772 3552 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:12:09.0788 3552 EFS - ok
20:12:09.0866 3552 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:12:09.0866 3552 ehRecvr - ok
20:12:09.0913 3552 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:12:09.0913 3552 ehSched - ok
20:12:09.0991 3552 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:12:10.0006 3552 elxstor - ok
20:12:10.0100 3552 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:12:10.0100 3552 ErrDev - ok
20:12:10.0147 3552 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:12:10.0162 3552 EventSystem - ok
20:12:10.0318 3552 EvtEng (b56d9602db5fe1c116b1ca5efd8e2e50) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
20:12:10.0334 3552 EvtEng - ok
20:12:10.0490 3552 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:12:10.0490 3552 exfat - ok
20:12:10.0521 3552 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:12:10.0521 3552 fastfat - ok
20:12:10.0584 3552 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:12:10.0599 3552 Fax - ok
20:12:10.0630 3552 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:12:10.0630 3552 fdc - ok
20:12:10.0646 3552 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:12:10.0646 3552 fdPHost - ok
20:12:10.0662 3552 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:12:10.0677 3552 FDResPub - ok
20:12:10.0693 3552 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:12:10.0693 3552 FileInfo - ok
20:12:10.0708 3552 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:12:10.0708 3552 Filetrace - ok
20:12:10.0724 3552 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:12:10.0724 3552 flpydisk - ok
20:12:10.0755 3552 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:12:10.0771 3552 FltMgr - ok
20:12:10.0849 3552 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:12:10.0864 3552 FontCache - ok
20:12:10.0927 3552 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:12:10.0927 3552 FontCache3.0.0.0 - ok
20:12:10.0974 3552 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:12:10.0974 3552 FsDepends - ok
20:12:11.0005 3552 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:12:11.0005 3552 Fs_Rec - ok
20:12:11.0052 3552 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:12:11.0052 3552 fvevol - ok
20:12:11.0067 3552 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:12:11.0067 3552 gagp30kx - ok
20:12:11.0161 3552 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
20:12:11.0161 3552 GameConsoleService - ok
20:12:11.0239 3552 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:12:11.0239 3552 gpsvc - ok
20:12:11.0286 3552 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:12:11.0286 3552 gupdate - ok
20:12:11.0301 3552 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:12:11.0301 3552 gupdatem - ok
20:12:11.0332 3552 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:12:11.0332 3552 hcw85cir - ok
20:12:11.0348 3552 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:12:11.0348 3552 HDAudBus - ok
20:12:11.0379 3552 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
20:12:11.0379 3552 HECIx64 - ok
20:12:11.0395 3552 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:12:11.0410 3552 HidBatt - ok
20:12:11.0426 3552 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:12:11.0426 3552 HidBth - ok
20:12:11.0442 3552 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:12:11.0442 3552 HidIr - ok
20:12:11.0473 3552 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
20:12:11.0473 3552 hidserv - ok
20:12:11.0504 3552 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:12:11.0504 3552 HidUsb - ok
20:12:11.0535 3552 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:12:11.0535 3552 hkmsvc - ok
20:12:11.0566 3552 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:12:11.0582 3552 HomeGroupListener - ok
20:12:11.0598 3552 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:12:11.0598 3552 HomeGroupProvider - ok
20:12:11.0613 3552 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:12:11.0613 3552 HpSAMD - ok
20:12:11.0691 3552 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:12:11.0691 3552 HTTP - ok
20:12:11.0722 3552 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:12:11.0722 3552 hwpolicy - ok
20:12:11.0738 3552 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:12:11.0754 3552 i8042prt - ok
20:12:11.0800 3552 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
20:12:11.0800 3552 iaStor - ok
20:12:11.0863 3552 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:12:11.0863 3552 iaStorV - ok
20:12:11.0988 3552 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:12:11.0988 3552 idsvc - ok
20:12:12.0580 3552 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:12:12.0643 3552 igfx - ok
20:12:12.0752 3552 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:12:12.0752 3552 iirsp - ok
20:12:12.0830 3552 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:12:12.0846 3552 IKEEXT - ok
20:12:12.0877 3552 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
20:12:12.0877 3552 Impcd - ok
20:12:13.0033 3552 IntcAzAudAddService (6e4ccb3aff07e2b9f2a937385c84b573) C:\Windows\system32\drivers\RTKVHD64.sys
20:12:13.0048 3552 IntcAzAudAddService - ok
20:12:13.0158 3552 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
20:12:13.0173 3552 IntcDAud - ok
20:12:13.0189 3552 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:12:13.0189 3552 intelide - ok
20:12:13.0220 3552 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:12:13.0220 3552 intelppm - ok
20:12:13.0251 3552 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:12:13.0251 3552 IPBusEnum - ok
20:12:13.0282 3552 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:12:13.0282 3552 IpFilterDriver - ok
20:12:13.0345 3552 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
20:12:13.0345 3552 iphlpsvc - ok
20:12:13.0376 3552 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:12:13.0376 3552 IPMIDRV - ok
20:12:13.0407 3552 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:12:13.0407 3552 IPNAT - ok
20:12:13.0438 3552 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:12:13.0438 3552 IRENUM - ok
20:12:13.0454 3552 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:12:13.0454 3552 isapnp - ok
20:12:13.0485 3552 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:12:13.0485 3552 iScsiPrt - ok
20:12:13.0501 3552 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:12:13.0501 3552 kbdclass - ok
20:12:13.0532 3552 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:12:13.0532 3552 kbdhid - ok
20:12:13.0548 3552 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:13.0563 3552 KeyIso - ok
20:12:13.0688 3552 Kodak AiO Network Discovery Service (3d1e2d4a75bb4230b0cee140b5585dcd) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
20:12:13.0704 3552 Kodak AiO Network Discovery Service - ok
20:12:13.0735 3552 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:12:13.0735 3552 KSecDD - ok
20:12:13.0766 3552 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:12:13.0766 3552 KSecPkg - ok
20:12:13.0797 3552 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:12:13.0797 3552 ksthunk - ok
20:12:13.0844 3552 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:12:13.0844 3552 KtmRm - ok
20:12:13.0891 3552 L1C (39918db0efcf045a1ce6fabbf339f975) C:\Windows\system32\DRIVERS\L1C62x64.sys
20:12:13.0891 3552 L1C - ok
20:12:13.0922 3552 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
20:12:13.0922 3552 LanmanServer - ok
20:12:13.0953 3552 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:12:13.0969 3552 LanmanWorkstation - ok
20:12:14.0000 3552 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:12:14.0000 3552 lltdio - ok
20:12:14.0031 3552 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:12:14.0047 3552 lltdsvc - ok
20:12:14.0062 3552 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:12:14.0062 3552 lmhosts - ok
20:12:14.0156 3552 LMS (23d990150d56b670a62b21b9abdd45ee) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
20:12:14.0172 3552 LMS - ok
20:12:14.0187 3552 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:12:14.0187 3552 LSI_FC - ok
20:12:14.0234 3552 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:12:14.0234 3552 LSI_SAS - ok
20:12:14.0250 3552 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:12:14.0250 3552 LSI_SAS2 - ok
20:12:14.0281 3552 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:12:14.0281 3552 LSI_SCSI - ok
20:12:14.0296 3552 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:12:14.0296 3552 luafv - ok
20:12:14.0328 3552 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:12:14.0328 3552 Mcx2Svc - ok
20:12:14.0343 3552 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:12:14.0343 3552 megasas - ok
20:12:14.0390 3552 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:12:14.0390 3552 MegaSR - ok
20:12:14.0421 3552 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:12:14.0421 3552 MMCSS - ok
20:12:14.0437 3552 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:12:14.0437 3552 Modem - ok
20:12:14.0452 3552 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:12:14.0452 3552 monitor - ok
20:12:14.0484 3552 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:12:14.0484 3552 mouclass - ok
20:12:14.0499 3552 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:12:14.0499 3552 mouhid - ok
20:12:14.0530 3552 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:12:14.0530 3552 mountmgr - ok
20:12:14.0608 3552 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:12:14.0608 3552 MozillaMaintenance - ok
20:12:14.0640 3552 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:12:14.0640 3552 mpio - ok
20:12:14.0671 3552 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:12:14.0671 3552 mpsdrv - ok
20:12:14.0733 3552 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
20:12:14.0749 3552 MpsSvc - ok
20:12:14.0780 3552 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:12:14.0780 3552 MRxDAV - ok
20:12:14.0811 3552 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:12:14.0811 3552 mrxsmb - ok
20:12:14.0858 3552 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:12:14.0858 3552 mrxsmb10 - ok
20:12:14.0874 3552 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:12:14.0874 3552 mrxsmb20 - ok
20:12:14.0920 3552 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:12:14.0920 3552 msahci - ok
20:12:14.0952 3552 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:12:14.0952 3552 msdsm - ok
20:12:14.0998 3552 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:12:14.0998 3552 MSDTC - ok
20:12:15.0030 3552 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:12:15.0045 3552 Msfs - ok
20:12:15.0045 3552 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:12:15.0045 3552 mshidkmdf - ok
20:12:15.0076 3552 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:12:15.0076 3552 msisadrv - ok
20:12:15.0108 3552 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:12:15.0108 3552 MSiSCSI - ok
20:12:15.0108 3552 msiserver - ok
20:12:15.0123 3552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:12:15.0123 3552 MSKSSRV - ok
20:12:15.0139 3552 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:12:15.0154 3552 MSPCLOCK - ok
20:12:15.0154 3552 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:12:15.0154 3552 MSPQM - ok
20:12:15.0201 3552 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:12:15.0201 3552 MsRPC - ok
20:12:15.0232 3552 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:12:15.0232 3552 mssmbios - ok
20:12:15.0248 3552 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:12:15.0248 3552 MSTEE - ok
20:12:15.0264 3552 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:12:15.0264 3552 MTConfig - ok
20:12:15.0279 3552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:12:15.0279 3552 Mup - ok
20:12:15.0373 3552 MyWiFiDHCPDNS (a9bc2302fbdf52c8af4e2fc966288d21) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
20:12:15.0373 3552 MyWiFiDHCPDNS - ok
20:12:15.0420 3552 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:12:15.0435 3552 napagent - ok
20:12:15.0466 3552 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:12:15.0466 3552 NativeWifiP - ok
20:12:15.0544 3552 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:12:15.0560 3552 NDIS - ok
20:12:15.0576 3552 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:12:15.0576 3552 NdisCap - ok
20:12:15.0591 3552 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:12:15.0591 3552 NdisTapi - ok
20:12:15.0622 3552 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:12:15.0622 3552 Ndisuio - ok
20:12:15.0654 3552 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:12:15.0654 3552 NdisWan - ok
20:12:15.0669 3552 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:12:15.0669 3552 NDProxy - ok
20:12:15.0685 3552 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:12:15.0685 3552 NetBIOS - ok
20:12:15.0732 3552 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:12:15.0732 3552 NetBT - ok
20:12:15.0747 3552 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:15.0747 3552 Netlogon - ok
20:12:15.0794 3552 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:12:15.0794 3552 Netman - ok
20:12:15.0888 3552 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:15.0888 3552 NetMsmqActivator - ok
20:12:15.0888 3552 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:15.0903 3552 NetPipeActivator - ok
20:12:15.0934 3552 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:12:15.0934 3552 netprofm - ok
20:12:15.0950 3552 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:15.0950 3552 NetTcpActivator - ok
20:12:15.0950 3552 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:12:15.0950 3552 NetTcpPortSharing - ok
20:12:16.0387 3552 NETw5s64 (24f64343f14a119308456e1ca7507b26) C:\Windows\system32\DRIVERS\NETw5s64.sys
20:12:16.0434 3552 NETw5s64 - ok
20:12:16.0527 3552 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:12:16.0527 3552 nfrd960 - ok
20:12:16.0574 3552 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:12:16.0590 3552 NlaSvc - ok
20:12:16.0605 3552 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:12:16.0605 3552 Npfs - ok
20:12:16.0621 3552 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:12:16.0636 3552 nsi - ok
20:12:16.0636 3552 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:12:16.0636 3552 nsiproxy - ok
20:12:16.0761 3552 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:12:16.0777 3552 Ntfs - ok
20:12:16.0870 3552 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:12:16.0870 3552 Null - ok
20:12:16.0917 3552 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:12:16.0917 3552 nvraid - ok
20:12:16.0933 3552 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:12:16.0933 3552 nvstor - ok
20:12:16.0948 3552 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:12:16.0948 3552 nv_agp - ok
20:12:16.0980 3552 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:12:16.0980 3552 ohci1394 - ok
20:12:17.0011 3552 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:12:17.0026 3552 p2pimsvc - ok
20:12:17.0073 3552 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:12:17.0073 3552 p2psvc - ok
20:12:17.0104 3552 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:12:17.0104 3552 Parport - ok
20:12:17.0136 3552 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:12:17.0136 3552 partmgr - ok
20:12:17.0151 3552 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:12:17.0151 3552 PcaSvc - ok
20:12:17.0182 3552 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:12:17.0182 3552 pci - ok
20:12:17.0214 3552 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:12:17.0214 3552 pciide - ok
20:12:17.0245 3552 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:12:17.0245 3552 pcmcia - ok
20:12:17.0276 3552 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:12:17.0276 3552 pcw - ok
20:12:17.0323 3552 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:12:17.0338 3552 PEAUTH - ok
20:12:17.0401 3552 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:12:17.0401 3552 PerfHost - ok
20:12:17.0541 3552 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:12:17.0541 3552 pla - ok
20:12:17.0588 3552 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:12:17.0588 3552 PlugPlay - ok
20:12:17.0619 3552 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:12:17.0619 3552 PNRPAutoReg - ok
20:12:17.0650 3552 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:12:17.0666 3552 PNRPsvc - ok
20:12:17.0697 3552 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:12:17.0713 3552 PolicyAgent - ok
20:12:17.0744 3552 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:12:17.0744 3552 Power - ok
20:12:17.0791 3552 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:12:17.0806 3552 PptpMiniport - ok
20:12:17.0822 3552 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:12:17.0838 3552 Processor - ok
20:12:17.0869 3552 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:12:17.0869 3552 ProfSvc - ok
20:12:17.0884 3552 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:17.0884 3552 ProtectedStorage - ok
20:12:17.0931 3552 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:12:17.0931 3552 Psched - ok
20:12:17.0962 3552 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:12:17.0962 3552 PxHlpa64 - ok
20:12:18.0072 3552 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:12:18.0087 3552 ql2300 - ok
20:12:18.0212 3552 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:12:18.0212 3552 ql40xx - ok
20:12:18.0259 3552 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:12:18.0259 3552 QWAVE - ok
20:12:18.0274 3552 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:12:18.0290 3552 QWAVEdrv - ok
20:12:18.0337 3552 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
20:12:18.0352 3552 RapiMgr - ok
20:12:18.0368 3552 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:12:18.0368 3552 RasAcd - ok
20:12:18.0384 3552 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:12:18.0384 3552 RasAgileVpn - ok
20:12:18.0430 3552 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:12:18.0430 3552 RasAuto - ok
20:12:18.0462 3552 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:12:18.0462 3552 Rasl2tp - ok
20:12:18.0524 3552 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:12:18.0524 3552 RasMan - ok
20:12:18.0555 3552 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:12:18.0555 3552 RasPppoe - ok
20:12:18.0555 3552 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:12:18.0571 3552 RasSstp - ok
20:12:18.0602 3552 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:12:18.0602 3552 rdbss - ok
20:12:18.0618 3552 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:12:18.0618 3552 rdpbus - ok
20:12:18.0633 3552 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:12:18.0633 3552 RDPCDD - ok
20:12:18.0649 3552 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:12:18.0649 3552 RDPENCDD - ok
20:12:18.0664 3552 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:12:18.0664 3552 RDPREFMP - ok
20:12:18.0696 3552 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:12:18.0696 3552 RDPWD - ok
20:12:18.0742 3552 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:12:18.0742 3552 rdyboost - ok
20:12:18.0852 3552 RegSrvc (0aa473966357c4a41b5eb19649eb6e5e) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
20:12:18.0867 3552 RegSrvc - ok
20:12:18.0914 3552 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:12:18.0914 3552 RemoteAccess - ok
20:12:18.0945 3552 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:12:18.0945 3552 RemoteRegistry - ok
20:12:18.0992 3552 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:12:19.0008 3552 RFCOMM - ok
20:12:19.0164 3552 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
20:12:19.0179 3552 RoxMediaDB12OEM - ok
20:12:19.0210 3552 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
20:12:19.0210 3552 RoxWatch12 - ok
20:12:19.0320 3552 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:12:19.0320 3552 RpcEptMapper - ok
20:12:19.0335 3552 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:12:19.0335 3552 RpcLocator - ok
20:12:19.0398 3552 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:12:19.0413 3552 RpcSs - ok
20:12:19.0476 3552 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:12:19.0491 3552 rspndr - ok
20:12:19.0522 3552 RSUSBSTOR (22d6b47d004a6568c500680be2972854) C:\Windows\system32\Drivers\RtsUStor.sys
20:12:19.0538 3552 RSUSBSTOR - ok
20:12:19.0554 3552 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:19.0554 3552 SamSs - ok
20:12:19.0585 3552 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:12:19.0585 3552 sbp2port - ok
20:12:19.0632 3552 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:12:19.0632 3552 SCardSvr - ok
20:12:19.0663 3552 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:12:19.0663 3552 scfilter - ok
20:12:19.0756 3552 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:12:19.0772 3552 Schedule - ok
20:12:19.0788 3552 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:12:19.0803 3552 SCPolicySvc - ok
20:12:19.0819 3552 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:12:19.0834 3552 SDRSVC - ok
20:12:19.0866 3552 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:12:19.0866 3552 secdrv - ok
20:12:19.0897 3552 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:12:19.0897 3552 seclogon - ok
20:12:19.0928 3552 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
20:12:19.0944 3552 SENS - ok
20:12:19.0959 3552 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:12:19.0959 3552 SensrSvc - ok
20:12:19.0975 3552 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:12:19.0975 3552 Serenum - ok
20:12:20.0006 3552 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:12:20.0006 3552 Serial - ok
20:12:20.0022 3552 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:12:20.0037 3552 sermouse - ok
20:12:20.0068 3552 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:12:20.0084 3552 SessionEnv - ok
20:12:20.0115 3552 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:12:20.0115 3552 sffdisk - ok
20:12:20.0131 3552 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:12:20.0131 3552 sffp_mmc - ok
20:12:20.0146 3552 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:12:20.0146 3552 sffp_sd - ok
20:12:20.0162 3552 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:12:20.0162 3552 sfloppy - ok
20:12:20.0256 3552 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
20:12:20.0271 3552 SftService - ok
20:12:20.0318 3552 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
20:12:20.0318 3552 SharedAccess - ok
20:12:20.0365 3552 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:12:20.0365 3552 ShellHWDetection - ok
20:12:20.0412 3552 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:12:20.0412 3552 SiSRaid2 - ok
20:12:20.0443 3552 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:12:20.0443 3552 SiSRaid4 - ok
20:12:20.0505 3552 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
20:12:20.0521 3552 SkypeUpdate - ok
20:12:20.0552 3552 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:12:20.0552 3552 Smb - ok
20:12:20.0583 3552 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:12:20.0583 3552 SNMPTRAP - ok
20:12:20.0599 3552 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:12:20.0599 3552 spldr - ok
20:12:20.0646 3552 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:12:20.0661 3552 Spooler - ok
20:12:20.0911 3552 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:12:20.0926 3552 sppsvc - ok
20:12:21.0036 3552 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:12:21.0036 3552 sppuinotify - ok
20:12:21.0098 3552 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:12:21.0098 3552 srv - ok
20:12:21.0145 3552 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:12:21.0145 3552 srv2 - ok
20:12:21.0160 3552 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:12:21.0176 3552 srvnet - ok
20:12:21.0207 3552 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:12:21.0207 3552 SSDPSRV - ok
20:12:21.0238 3552 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:12:21.0238 3552 SstpSvc - ok
20:12:21.0270 3552 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:12:21.0270 3552 stexstor - ok
20:12:21.0332 3552 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:12:21.0332 3552 stisvc - ok
20:12:21.0410 3552 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:12:21.0410 3552 stllssvr - ok
20:12:21.0441 3552 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:12:21.0441 3552 swenum - ok
20:12:21.0488 3552 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:12:21.0504 3552 swprv - ok
20:12:21.0535 3552 SynTP (c25866bdf0e818e02bb8e76845d26e54) C:\Windows\system32\DRIVERS\SynTP.sys
20:12:21.0550 3552 SynTP - ok
20:12:21.0675 3552 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:12:21.0691 3552 SysMain - ok
20:12:21.0800 3552 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:12:21.0800 3552 TabletInputService - ok
20:12:21.0831 3552 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:12:21.0831 3552 TapiSrv - ok
20:12:21.0862 3552 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:12:21.0862 3552 TBS - ok
20:12:21.0987 3552 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:12:22.0018 3552 Tcpip - ok
20:12:22.0190 3552 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:12:22.0206 3552 TCPIP6 - ok
20:12:22.0299 3552 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:12:22.0299 3552 tcpipreg - ok
20:12:22.0330 3552 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:12:22.0330 3552 TDPIPE - ok
20:12:22.0362 3552 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:12:22.0362 3552 TDTCP - ok
20:12:22.0408 3552 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:12:22.0408 3552 tdx - ok
20:12:22.0440 3552 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:12:22.0440 3552 TermDD - ok
20:12:22.0486 3552 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:12:22.0502 3552 TermService - ok
20:12:22.0533 3552 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:12:22.0533 3552 Themes - ok
20:12:22.0564 3552 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:12:22.0564 3552 THREADORDER - ok
20:12:22.0596 3552 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:12:22.0596 3552 TrkWks - ok
20:12:22.0642 3552 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:12:22.0642 3552 TrustedInstaller - ok
20:12:22.0674 3552 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:12:22.0674 3552 tssecsrv - ok
20:12:22.0720 3552 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:12:22.0720 3552 TsUsbFlt - ok
20:12:22.0752 3552 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:12:22.0752 3552 tunnel - ok
20:12:22.0767 3552 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:12:22.0767 3552 uagp35 - ok
20:12:22.0814 3552 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:12:22.0830 3552 udfs - ok
20:12:22.0861 3552 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:12:22.0861 3552 UI0Detect - ok
20:12:22.0892 3552 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:12:22.0892 3552 uliagpkx - ok
20:12:22.0923 3552 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
20:12:22.0923 3552 umbus - ok
20:12:22.0954 3552 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:12:22.0954 3552 UmPass - ok
20:12:23.0188 3552 UNS (cbdee152d73200ee49031a26310b9d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
20:12:23.0204 3552 UNS - ok
20:12:23.0313 3552 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:12:23.0329 3552 upnphost - ok
20:12:23.0360 3552 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:12:23.0360 3552 usbaudio - ok
20:12:23.0391 3552 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:12:23.0391 3552 usbccgp - ok
20:12:23.0422 3552 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:12:23.0422 3552 usbcir - ok
20:12:23.0454 3552 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
20:12:23.0454 3552 usbehci - ok
20:12:23.0485 3552 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:12:23.0485 3552 usbhub - ok
20:12:23.0500 3552 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
20:12:23.0500 3552 usbohci - ok
20:12:23.0532 3552 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:12:23.0532 3552 usbprint - ok
20:12:23.0547 3552 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:12:23.0547 3552 usbscan - ok
20:12:23.0578 3552 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:12:23.0578 3552 USBSTOR - ok
20:12:23.0594 3552 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:12:23.0594 3552 usbuhci - ok
20:12:23.0625 3552 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:12:23.0625 3552 usbvideo - ok
20:12:23.0641 3552 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
20:12:23.0641 3552 usb_rndisx - ok
20:12:23.0672 3552 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:12:23.0672 3552 UxSms - ok
20:12:23.0703 3552 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:12:23.0703 3552 VaultSvc - ok
20:12:23.0734 3552 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:12:23.0734 3552 vdrvroot - ok
20:12:23.0781 3552 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:12:23.0797 3552 vds - ok
20:12:23.0828 3552 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:12:23.0828 3552 vga - ok
20:12:23.0844 3552 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:12:23.0844 3552 VgaSave - ok
20:12:23.0875 3552 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:12:23.0875 3552 vhdmp - ok
20:12:23.0906 3552 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:12:23.0906 3552 viaide - ok
20:12:23.0922 3552 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:12:23.0922 3552 volmgr - ok
20:12:23.0968 3552 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:12:23.0968 3552 volmgrx - ok
20:12:24.0000 3552 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:12:24.0015 3552 volsnap - ok
20:12:24.0046 3552 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:12:24.0046 3552 vsmraid - ok
20:12:24.0171 3552 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:12:24.0171 3552 VSS - ok
20:12:24.0280 3552 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:12:24.0280 3552 vwifibus - ok
20:12:24.0296 3552 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:12:24.0296 3552 vwififlt - ok
20:12:24.0327 3552 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
20:12:24.0327 3552 vwifimp - ok
20:12:24.0374 3552 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:12:24.0374 3552 W32Time - ok
20:12:24.0405 3552 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:12:24.0405 3552 WacomPen - ok
20:12:24.0436 3552 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:24.0436 3552 WANARP - ok
20:12:24.0452 3552 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:12:24.0452 3552 Wanarpv6 - ok
20:12:24.0577 3552 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:12:24.0592 3552 WatAdminSvc - ok
20:12:24.0686 3552 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:12:24.0717 3552 wbengine - ok
20:12:24.0826 3552 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:12:24.0826 3552 WbioSrvc - ok
20:12:24.0889 3552 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
20:12:24.0889 3552 WcesComm - ok
20:12:24.0936 3552 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:12:24.0951 3552 wcncsvc - ok
20:12:24.0967 3552 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:12:24.0967 3552 WcsPlugInService - ok
20:12:25.0014 3552 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:12:25.0014 3552 Wd - ok
20:12:25.0060 3552 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:12:25.0060 3552 Wdf01000 - ok
20:12:25.0092 3552 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:12:25.0092 3552 WdiServiceHost - ok
20:12:25.0092 3552 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:12:25.0107 3552 WdiSystemHost - ok
20:12:25.0123 3552 wdkmd (fe31110e39a0b11abae1ba43a2dc94f9) C:\Windows\system32\DRIVERS\WDKMD.sys
20:12:25.0123 3552 wdkmd - ok
20:12:25.0170 3552 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:12:25.0170 3552 WebClient - ok
20:12:25.0216 3552 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:12:25.0216 3552 Wecsvc - ok
20:12:25.0248 3552 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:12:25.0248 3552 wercplsupport - ok
20:12:25.0279 3552 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:12:25.0279 3552 WerSvc - ok
20:12:25.0310 3552 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:12:25.0310 3552 WfpLwf - ok
20:12:25.0341 3552 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
20:12:25.0341 3552 WimFltr - ok
20:12:25.0357 3552 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:12:25.0372 3552 WIMMount - ok
20:12:25.0388 3552 WinDefend - ok
20:12:25.0404 3552 WinHttpAutoProxySvc - ok
20:12:25.0466 3552 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:12:25.0482 3552 Winmgmt - ok
20:12:25.0622 3552 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:12:25.0653 3552 WinRM - ok
20:12:25.0778 3552 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:12:25.0778 3552 WinUsb - ok
20:12:25.0856 3552 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:12:25.0872 3552 Wlansvc - ok
20:12:25.0965 3552 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:12:25.0965 3552 wlcrasvc - ok
20:12:26.0152 3552 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:12:26.0152 3552 wlidsvc - ok
20:12:26.0277 3552 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:12:26.0277 3552 WmiAcpi - ok
20:12:26.0340 3552 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:12:26.0340 3552 wmiApSrv - ok
20:12:26.0371 3552 WMPNetworkSvc - ok
20:12:26.0402 3552 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:12:26.0402 3552 WPCSvc - ok
20:12:26.0449 3552 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:12:26.0449 3552 WPDBusEnum - ok
20:12:26.0480 3552 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:12:26.0480 3552 ws2ifsl - ok
20:12:26.0496 3552 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
20:12:26.0496 3552 wscsvc - ok
20:12:26.0511 3552 WSearch - ok
20:12:26.0667 3552 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
20:12:26.0698 3552 wuauserv - ok
20:12:26.0808 3552 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:12:26.0808 3552 WudfPf - ok
20:12:26.0839 3552 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:12:26.0839 3552 WUDFRd - ok
20:12:26.0870 3552 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:12:26.0870 3552 wudfsvc - ok
20:12:26.0917 3552 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:12:26.0917 3552 WwanSvc - ok
20:12:26.0995 3552 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
20:12:27.0307 3552 \Device\Harddisk0\DR0 - ok
20:12:27.0307 3552 Boot (0x1200) (8b423c5132c11b954cd90b5897810be9) \Device\Harddisk0\DR0\Partition0
20:12:27.0307 3552 \Device\Harddisk0\DR0\Partition0 - ok
20:12:27.0338 3552 Boot (0x1200) (2045157cf01f29be08e643d7819c1d82) \Device\Harddisk0\DR0\Partition1
20:12:27.0338 3552 \Device\Harddisk0\DR0\Partition1 - ok
20:12:27.0338 3552 ============================================================
20:12:27.0338 3552 Scan finished
20:12:27.0338 3552 ============================================================
20:12:27.0338 2052 Detected object count: 0
20:12:27.0338 2052 Actual detected object count: 0



Is it fixed? :) If it is I'm really grateful! :D And impressed! ^^

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-12 20:14:13
-----------------------------
20:14:13.218 OS Version: Windows x64 6.1.7601 Service Pack 1
20:14:13.218 Number of processors: 2 586 0x2505
20:14:13.218 ComputerName: BETHANY-PC UserName: Bethany
20:14:14.560 Initialize success
20:15:18.261 AVAST engine defs: 12081200
20:15:22.098 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:15:22.114 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
20:15:22.129 Disk 0 MBR read successfully
20:15:22.129 Disk 0 MBR scan
20:15:22.145 Disk 0 Windows VISTA default MBR code
20:15:22.145 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
20:15:22.161 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
20:15:22.176 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928896
20:15:22.207 Disk 0 scanning C:\Windows\system32\drivers
20:15:40.335 Service scanning
20:16:06.480 Modules scanning
20:16:06.480 Disk 0 trace - called modules:
20:16:06.496 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
20:16:06.512 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800444f230]
20:16:06.512 3 CLASSPNP.SYS[fffff88001b6143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80048fa050]
20:16:08.134 AVAST engine scan C:\Windows
20:16:12.892 AVAST engine scan C:\Windows\system32
20:20:03.008 AVAST engine scan C:\Windows\system32\drivers
20:20:19.170 AVAST engine scan C:\Users\Bethany
20:24:10.424 AVAST engine scan C:\ProgramData
20:27:14.349 Scan finished successfully
20:27:37.094 Disk 0 MBR has been saved successfully to "C:\Users\Bethany\Desktop\Virus Details\MBR.dat"
20:27:37.094 The log file has been saved successfully to "C:\Users\Bethany\Desktop\Virus Details\aswMBR.txt"

Should I have done a full scan or quickscan with the second scan?

Also I uninstalled my antivirus when I found it wasn't working and realised I had a virus. I was using Microsoft Security Essentials. Do you recommend any particular antivirus? :)

Edited by StuckDragonfly, 12 August 2012 - 02:37 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 02:40 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 StuckDragonfly

StuckDragonfly
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:06 PM

Posted 12 August 2012 - 02:55 PM

ComboFix 12-08-10.02 - Bethany 12/08/2012 20:47:38.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3893.2271 [GMT 1:00]
Running from: c:\users\Bethany\Desktop\ComboFix.exe
Command switches used :: c:\users\Bethany\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-12 to 2012-08-12 )))))))))))))))))))))))))))))))
.
.
2012-08-12 19:52 . 2012-08-12 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-12 19:47 . 2012-08-12 19:47 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C195EA8-7254-4317-A5D8-3533160C69D3}\offreg.dll
2012-08-12 19:15 . 2012-07-16 01:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C195EA8-7254-4317-A5D8-3533160C69D3}\mpengine.dll
2012-08-12 17:04 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-12 17:03 . 2012-08-12 17:11 -------- d-----w- c:\programdata\AVAST Software
2012-08-12 17:03 . 2012-08-12 17:03 -------- d-----w- c:\program files\AVAST Software
2012-08-12 16:25 . 2012-08-12 16:25 -------- d-----w- c:\users\Bethany\AppData\Local\ElevatedDiagnostics
2012-08-12 16:03 . 2012-08-12 16:46 -------- d-----w- c:\users\Bethany\AppData\Roaming\CheckPoint
2012-08-12 15:58 . 2012-08-12 15:58 126 ----a-w- C:\user.js
2012-08-12 15:58 . 2012-08-12 15:58 -------- d-----w- c:\programdata\CheckPoint
2012-08-11 21:59 . 2012-08-11 22:01 -------- d-----w- c:\program files\ESET
2012-08-11 19:21 . 2012-08-11 19:23 -------- d-----w- C:\FRST
2012-08-11 17:55 . 2012-08-11 17:55 328704 ----a-w- c:\windows\system32\services.exe.D80990AE1303698A
2012-08-11 17:47 . 2012-08-11 17:47 -------- d-----w- c:\users\Bethany\AppData\Roaming\Malwarebytes
2012-08-11 17:46 . 2012-08-11 17:46 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 17:14 . 2012-08-11 17:14 328704 ----a-w- c:\windows\system32\services.exe.8C59D09F16B09653
2012-08-11 17:08 . 2012-08-11 17:08 328704 ----a-w- c:\windows\system32\services.exe.0E6597D679960A22
2012-08-11 10:26 . 2012-08-11 10:26 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-11 10:24 . 2012-08-11 11:36 -------- d-----w- c:\programdata\MFAData
2012-08-11 10:24 . 2012-08-11 10:24 -------- d--h--w- c:\programdata\Common Files
2012-08-11 09:40 . 2012-08-11 09:40 328704 ----a-w- c:\windows\system32\services.exe.DD13055FB3D46C40
2012-08-11 09:29 . 2012-08-11 09:29 328704 ----a-w- c:\windows\system32\services.exe.28955D1542FA7C4A
2012-08-10 17:56 . 2012-08-10 17:56 328704 ----a-w- c:\windows\system32\services.exe.66EC58DB49070EC9
2012-08-10 09:20 . 2012-08-10 09:20 -------- d--h--w- c:\windows\AxInstSV
2012-08-10 06:41 . 2012-08-10 06:41 328704 ----a-w- c:\windows\system32\services.exe.6AA1C8156C214009
2012-08-10 06:14 . 2012-08-10 06:14 -------- d-----w- c:\users\Bethany\AppData\Local\Macromedia
2012-08-09 19:30 . 2012-08-10 05:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 19:30 . 2012-08-09 19:30 -------- d-----w- c:\windows\system32\Macromed
2012-08-09 19:24 . 2012-08-09 19:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-08-09 16:49 . 2012-08-09 16:49 -------- d--h--r- c:\users\Bethany\AppData\Roaming\SecuROM
2012-08-09 16:28 . 2012-08-09 16:28 -------- d-----w- c:\programdata\EA Core
2012-08-07 02:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 05:55 . 2011-08-06 20:34 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-07 02:01 . 2011-08-11 18:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 06:55 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 06:55 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 06:55 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 06:55 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 06:55 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 06:55 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 06:55 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 14:19 . 2012-06-21 06:55 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 14:15 . 2012-06-21 06:55 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 04:01 . 2012-06-13 19:23 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:59 . 2012-06-13 19:23 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:03 . 2012-06-13 19:23 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-03-19 23:24 . 2012-03-19 23:24 3993600 ----a-w- c:\program files (x86)\GUTC4CB.tmp
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-12_18.43.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-08-12 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-12 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-12 18:42 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 18:59 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-12 18:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 18:59 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-12 02:56 . 2012-08-12 19:00 52304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-12 19:00 42464 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-06 17:28 . 2012-08-12 19:00 15124 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2680311957-1608801264-3090932800-1001_UserData.bin
+ 2011-08-06 17:32 . 2012-08-12 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-06 17:32 . 2012-08-12 18:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-06 17:32 . 2012-08-12 19:00 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-06 17:32 . 2012-08-12 18:48 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-06 17:32 . 2012-08-12 19:00 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-06 17:32 . 2012-08-12 18:48 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-06 17:32 . 2012-08-12 18:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-06 17:32 . 2012-08-12 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-06 17:32 . 2012-08-12 19:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-08-06 17:32 . 2012-08-12 18:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-12 18:42 . 2012-08-12 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 18:58 . 2012-08-12 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-12 18:58 . 2012-08-12 18:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-12 18:42 . 2012-08-12 18:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-08-12 17:52 664780 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-12 18:48 664780 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-12 18:48 125484 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-12 17:52 125484 c:\windows\system32\perfc009.dat
+ 2011-08-06 17:06 . 2012-08-12 18:59 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-06 17:06 . 2012-08-12 18:43 229376 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-08-12 18:58 333764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-12 18:42 333764 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-06 17:06 . 2012-08-12 18:59 2752512 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-06 17:06 . 2012-08-12 18:43 2752512 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-12 18:43 1097728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-12 18:59 1097728 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-20 487562]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-09-05 2232752]
.
c:\users\Bethany\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
SkypeMate.lnk - c:\program files (x86)\SkypeMate\SkypeMate.exe [2011-7-11 670720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-07 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-08-11 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-31 53800]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-31 35104]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29337962
*NewlyCreated* - ASWMBR
*Deregistered* - 29337962
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-09 05:55]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 10:28]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 10:28]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001Core.job
- c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 19:14]
.
2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2680311957-1608801264-3090932800-1001UA.job
- c:\users\Bethany\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-10 19:14]
.
2012-08-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
2012-08-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Bethany\AppData\Roaming\Mozilla\Firefox\Profiles\d928ww13.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxps://www.google.co.uk/
FF - user.js: general.useragent.extra.brc -
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114250670732058-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=b4b799a80000000000008ca98241083d&q=
FF - user.js: extensions.zonealarm.id - b4b799a80000000000008ca98241083d
FF - user.js: extensions.zonealarm.instlDay - 15564
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.416:58
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114250670732058-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - true
FF - user.js: extensions.zonealarm.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2680311957-1608801264-3090932800-1001\Software\SecuROM\License information*]
"datasecu"=hex:55,2f,97,a7,1b,fa,c2,5a,d2,d2,d9,8e,0d,dd,4b,be,04,a3,a3,2a,f4,
00,da,aa,0b,26,0a,a3,15,0a,50,cd,56,09,48,74,c2,08,65,a7,75,b3,86,db,f0,c0,\
"rkeysecu"=hex:1a,fb,98,b2,88,c9,28,54,e6,25,f6,84,ca,58,f9,e9
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-12 20:54:03
ComboFix-quarantined-files.txt 2012-08-12 19:54
ComboFix2.txt 2012-08-12 18:48
.
Pre-Run: 434,898,141,184 bytes free
Post-Run: 434,999,066,624 bytes free
.
- - End Of File - - 85B8641C2B4E37A661E46F868ECD9C15

It seems to be working all right. ^^ Can you tell that the virus has gone now? :)

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:06 PM

Posted 12 August 2012 - 03:52 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 22
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users