Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I too have the dreaded Scour Redirect ....


  • This topic is locked This topic is locked
29 replies to this topic

#1 OneSource

OneSource

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 20 September 2012 - 09:02 PM

For the past several weeks I have been getting the Scour redirect, I have tried a handful of different things to no avail. My redirect is random but my PC performance is terribly pathetic and so I am desperately hoping that my Dell can be helped before I go completely insane.

I don't even know where to start ....

Thanks -

BC AdBot (Login to Remove)

 


#2 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 20 September 2012 - 09:20 PM

I am in the process of downloading and running the requested downloads form the Preparation Guide ... and will post the log here shortly!


*** EDIT -- See Below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by OneSource at 19:22:13 on 2012-09-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.3640 [GMT -7:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\PrintCtrl.exe
C:\Windows\system32\PrintDisp.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FixCleaner\FixCleaner.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\PrintDisp.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Intel\WiMAX\bin\wimaxcu.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Users\OneSource\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\iolo\System Mechanic Professional\DriveScrubber\DriveScrubber.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: LastPass Vault: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Face recognition web login for FastAccess: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\OneSource\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [AdobeBridge]
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [CrashDumps] rundll32.exe "C:\Users\OneSource\AppData\Local\Google\CrashDumps\rmbsvjwt.dll",DllRegisterServerW
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [FAStartup]
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
StartupFolder: C:\Users\ONESOU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\ONESOU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\OneSource\AppData\Roaming\Dropbox\bin

\Dropbox.exe
StartupFolder: C:\Users\ONESOU~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android

\PdaNetPC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://C:\Users\OneSource\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://C:\Users\OneSource\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher Special\InternetExplorer.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher Special\InternetExplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
LSP: C:\Windows\system32\iavlsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92}\5575741423 : DhcpNameServer = 192.168.1.1 184.16.33.54
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92}\64275646D45697562775966496 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92}\7516C6B65627 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92}\B4F64656272716D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{817900A6-1A5A-479F-916F-5EC6CD84FB92}\E4544574541425 : DhcpNameServer = 192.168.11.1
TCP: Interfaces\{F5B1EA9D-175C-4597-A2CD-6C5E2F9B3112} : DhcpNameServer = 75.75.75.75 75.75.76.76
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
LSA: Notification Packages = scecli FAPassSync
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO-X64: LastPass Vault - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX

\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Face recognition web login for FastAccess: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO-X64: SSOIEAddonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [FAStartup]
mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun-x64: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher Special\InternetExplorer.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\OneSource\AppData\Roaming\Mozilla\Firefox\Profiles\mt5a3zt2.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Users\OneSource\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - d24d0001-4227-4865-a223-dd4bc850c1b5
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2012-7-9

89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMP;Active Malware Protection Minifilter Driver;\??\C:\Windows\system32\Drivers\amp.sys --> C:\Windows\system32\Drivers\amp.sys [?]
R2 AMPSE;Active Malware Protection Support Driver;\??\C:\Windows\system32\Drivers\ampse.sys --> C:\Windows\system32\Drivers\ampse.sys [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-9-15 403456]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2010-1-11 155648]
R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-8-7 1027792]
R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R2 Printer Control;Printer Control;C:\Windows\system32\PrintCtrl.exe --> C:\Windows\system32\PrintCtrl.exe [?]
R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimspe64.sys --> C:\Windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\Windows\system32\DRIVERS\risdpe64.sys --> C:\Windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\Windows\system32\DRIVERS\rixdpe64.sys --> C:\Windows\system32\DRIVERS\rixdpe64.sys [?]
R2 vseamps;vseamps;C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-5-25 121184]
R2 vsedsps;vsedsps;C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-5-25 119136]
R2 vseqrts;vseqrts;C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-5-25 180576]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-9-15 907264]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;bpmp;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows

\system32\DRIVERS\NETw5s64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pneteth;PdaNet Broadband;C:\Windows\system32\DRIVERS\pneteth.sys --> C:\Windows\system32\DRIVERS\pneteth.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
RUnknown asdws;asdws; [x]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/09 02:31:31;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-4-26 232944]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18

138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-18 250288]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service

\AL6Licensing.exe [2012-7-9 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service

\CTAELicensing.exe [2012-7-9 79360]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-9 114144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2009-9-21 315664]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service

\XMBLicensing.exe [2012-7-9 79360]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2012-2-14 2451440]
SUnknown asdrm;asdrm; [x]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE "%1"
regfile=NOTEPAD.EXE "%1"
scrfile=NOTEPAD.EXE "%1"
VBEFile=NOTEPAD.EXE "%1"
VBSFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2012-09-20 16:35:33 -------- d--h--w- C:\ProgramData\Common Files
2012-09-20 16:35:30 -------- d-----w- C:\Users\OneSource\AppData\Roaming\FixCleaner
2012-09-20 16:35:26 -------- d-----w- C:\Program Files (x86)\FixCleaner
2012-09-19 03:14:39 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 03:06:50 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 03:06:50 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-19 01:47:00 -------- d-----w- C:\Program Files (x86)\Common Files\SourceTec
2012-09-19 01:46:53 -------- d-----w- C:\Program Files (x86)\SourceTec
2012-09-18 07:15:37 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7A56CC4C-7F2D-4372-A36D-

0EDFE15D08F5}\mpengine.dll
2012-09-17 20:26:52 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9128.tmp
2012-09-17 20:26:52 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\9127.tmp
2012-09-16 00:37:26 -------- d-----w- C:\Users\OneSource\AppData\Roaming\Anvisoft
2012-09-16 00:37:14 -------- d-----w- C:\ProgramData\Anvisoft
2012-09-16 00:37:07 -------- d-----w- C:\Program Files (x86)\Anvisoft
2012-09-12 15:26:14 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 15:26:13 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 15:26:12 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 15:26:12 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 15:26:10 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 15:26:10 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 15:26:10 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-09 23:49:29 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-08 04:06:30 3982240 ----a-w- C:\Windows\SysWow64\Flash10d.ocx
2012-09-08 04:06:28 -------- d-----w- C:\Program Files (x86)\StreamTransport
2012-09-06 01:50:02 905216 ----a-w- C:\Windows\SysWow64\SaveTo.dll
2012-09-05 18:34:15 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-09-05 18:34:15 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-09-05 18:34:06 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-08-28 02:17:34 -------- d-----r- C:\Users\OneSource\Dropbox
2012-08-28 02:09:43 -------- d-----w- C:\Users\OneSource\AppData\Roaming\Dropbox
2012-08-25 17:14:24 -------- d-----w- C:\Program Files (x86)\VideoLAN
2012-08-25 02:39:31 -------- d-----w- C:\Program Files (x86)\CoffeeCup Software
2012-08-25 02:32:19 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-24 22:36:30 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-08-24 22:36:30 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
2012-08-24 22:36:28 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
.
==================== Find3M ====================
.
2012-09-20 22:03:51 60304 ----a-w- C:\Users\OneSource\g2mdlhlpx.exe
2012-09-19 03:14:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-19 03:14:11 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-07 19:36:53 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-02 19:45:44 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-08-02 19:45:34 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-08-02 18:27:36 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-08-02 18:27:34 2096360 ----a-w- C:\Windows\SysWow64\Incinerator32.dll
2012-08-02 18:21:22 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-16 04:59:41 175616 ----a-w- C:\Windows\System32\msclmd.dll
2012-07-16 04:59:41 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-07-11 21:52:14 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 09:35:11 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll
2012-07-09 09:29:33 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2012-07-09 09:22:36 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-09 09:10:07 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-07-09 09:10:07 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-07-09 09:10:07 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-07-09 09:10:07 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-07-09 08:45:39 103784 ----a-w- C:\Users\OneSource\GoToAssistDownloadHelper.exe
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:23:42.25 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2012 1:26:02 AM
System Uptime: 9/20/2012 4:46:45 PM (3 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz | U2E1 |

928/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 267.53 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
RP58: 9/3/2012 11:14:59 PM - Windows Update
RP59: 9/5/2012 11:33:07 AM - Installed Java 7 Update 7 (64-bit)
RP60: 9/7/2012 9:06:38 AM - Windows Update
RP61: 9/7/2012 5:19:43 PM - Windows Update
RP62: 9/11/2012 9:11:42 AM - Windows Update
RP63: 9/13/2012 8:58:12 AM - Windows Update
RP64: 9/18/2012 12:13:51 AM - Windows Update
RP65: 9/18/2012 11:07:27 AM - Removed Java™ 7 Update 5
RP66: 9/18/2012 8:12:03 PM - Installed Java 7 Update 7
RP67: 9/18/2012 8:31:58 PM - Removed JavaFX 2.1.1
RP68: 9/20/2012 5:17:05 PM - Removed FixCleaner
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Creative Suite 6 Master Collection
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Help Manager
Adobe Reader X (10.1.4)
Adobe Widget Browser
Apple Application Support
Apple Software Update
Audacity 2.0
bl
Camtasia Studio 8
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CleverPrint
CoffeeCup Web Form Builder Lite
CyberLink PowerDVD 9.5
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit

Edition
Dell Dock
DirectXInstallService
Document Manager
Dropbox
EditPlus 3
EMC 10 Content
FileZilla Client 3.5.3
FotoSketcher - Version 1.9
Google Chrome
GoToMeeting 5.3.0.1010
IDT Audio
iolo technologies' System Mechanic Professional
Java 7 Update 7
JavaFX 2.1.1
Jing
LAME v3.99.3 (for Windows)
LastPass (uninstall only)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Standard 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mobilizer
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PdaNet for Android 3.50
PDF Settings CS6
ph
Places Scout
QuickTime
RICOH Media Driver ver.2.07.01.02
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy CD and DVD Burning
Roxio Express Labeler 3
Roxio Update Manager
S3 Ripper 1.3
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile

(KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit

Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit

Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.10
Sonic CinePlayer Decoder Pack
Sothink Flash Downloader for Browser
Sothink SWF Catcher Special
Sound Blaster X-Fi MB
StreamTransport version: 1.0.2.2171
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-

Bit Edition
VLC media player 2.0.3
.
==== Event Viewer Messages From Past Week ========
.
9/20/2012 4:47:24 PM, Error: Service Control Manager [7026] - The

following boot-start or system-start driver(s) failed to load:

FileDisk RxFilter
9/20/2012 4:46:54 PM, Error: Application Popup [1060] -

\SystemRoot\SysWow64\Drivers\FileDisk.SYS has been blocked from

loading due to incompatibility with this system. Please contact your

software vendor for a compatible version of the driver.
9/20/2012 12:13:15 PM, Error: BTHUSB [17] - The local Bluetooth

adapter has failed in an undetermined manner and will not be used.

The driver has been unloaded.
9/20/2012 1:05:40 PM, Error: Schannel [36888] - The following fatal

alert was generated: 10. The internal error state is 10.
9/18/2012 9:03:26 AM, Error: Service Control Manager [7009] - A

timeout was reached (30000 milliseconds) while waiting for the iolo

System Service service to connect.
9/18/2012 9:03:26 AM, Error: Service Control Manager [7000] - The

iolo System Service service failed to start due to the following

error: The service did not respond to the start or control request

in a timely fashion.
9/17/2012 1:27:00 PM, Error: atapi [11] - The driver detected a

controller error on \Device\Ide\IdePort0.
9/15/2012 5:04:52 PM, Error: ACPI [13] - : The embedded controller

(EC) did not respond within the specified timeout period. This may

indicate that there is an error in the EC hardware or firmware or

that the BIOS is accessing the EC incorrectly. You should check with

your computer manufacturer for an upgraded BIOS. In some situations,

this error may cause the computer to function incorrectly.
9/15/2012 12:28:19 AM, Error: Disk [11] - The driver detected a

controller error on \Device\Harddisk1\DR5.
9/13/2012 7:23:58 PM, Error: Service Control Manager [7009] - A

timeout was reached (30000 milliseconds) while waiting for the

Windows Error Reporting Service service to connect.
.
==== End Of File ===========================

Edited by OneSource, 20 September 2012 - 09:31 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 21 September 2012 - 01:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 01:45 AM

Thanks so much for the help, I will post the contents as soon as the security check is completed ....

#5 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 01:50 AM

Here is the contents of the "black Box - 317 Security Check"


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
System Shield
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Common Files Authentium AntiVirus5 vsedsps.exe
Common Files Authentium AntiVirus5 vseqrts.exe
Common Files Authentium AntiVirus5 vseamps.exe
iolo Common Lib ioloServiceManager.exe
iolo System Mechanic Professional System Shield ioloSSTray.exe
iolo System Mechanic Professional DriveScrubber DriveScrubber.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 01:55 AM

I am now doing the following 2 items that is being requested, so I will get back to you after I log back into the browsers ...

#7 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 02:06 AM

Here is the txt contents from the AdwCleaner below and then I will do the next step in the process and run the RogueKiller next

AdwCleaner:


# AdwCleaner v2.002 - Logfile created 09/20/2012 at 23:58:48
# Updated 16/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : OneSource - ONESOURCE-PC
# Boot Mode : Normal
# Running from : C:\Users\OneSource\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\ONESOU~1\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\ONESOU~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\OneSource\AppData\Roaming\Mozilla\Firefox

\Profiles\mt5a3zt2.default\extensions\plugin@yontoo.com

***** [Registry] *****

Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext

\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-

908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-

F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-

A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-

02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-

AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-

B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext

\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\SweetIm
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-

6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-

B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-

8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-

8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-

832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-

55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-

9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-

6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3

-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085

-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395

-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6

-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions

\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-

8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-

A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-

A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-

A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion

\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer

\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\OneSource\AppData\Roaming\Mozilla\Firefox\Profiles

\mt5a3zt2.default\prefs.js

C:\Users\OneSource\AppData\Roaming\Mozilla\Firefox\Profiles

\mt5a3zt2.default\user.js ... Deleted !

Deleted : user_pref("browser.search.selectedEngine", "AVG Secure

Search");

-\\ Google Chrome v21.0.1180.89

File : C:\Users\OneSource\AppData\Local\Google\Chrome\User Data

\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5206 octets] - [20/09/2012 23:58:48]

########## EOF - C:\AdwCleaner[S1].txt - [5266 octets] ##########

#8 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 02:19 AM

Sorry for the delay, as during my inital run of the RogueKiller the computer crashed, so I rebooted and started the process again. Please find the contents of the RogueKiller below:


RogueKiller:



RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits

version
Started in : Normal mode
User : OneSource [Admin rights]
Mode : Remove -- Date : 09/21/2012 00:16:41

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe :

-> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLIST DLL] HKCU\[...]\Run : CrashDumps (rundll32.exe "C:

\Users\OneSource\AppData\Local\Google\CrashDumps

\rmbsvjwt.dll",DllRegisterServerW) -> DELETED
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows

\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry)

-> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-

5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-

08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY ATA Device +++++
--- User ---
[MBR] bd5537a5d51effeb49beb5e6acb2bfca
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size:

133 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size:

13764 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 |

Size: 463036 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1a2f33767ed5ca6b362047fc98a135c3
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size:

133 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size:

13764 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 |

Size: 463036 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#9 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 02:54 AM

Sorry, once again my computer crashed so I rebooted and then noticed that it looks as if there were 2 text files from the Rogue Killer, so I will post both text files below:

**** RogueKiller - text 1:


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OneSource [Admin rights]
Mode : Scan -- Date : 09/21/2012 00:14:40

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc]

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][BLACKLIST DLL] HKCU\[...]\Run : CrashDumps (rundll32.exe "C:\Users\OneSource\AppData\Local\Google\CrashDumps\rmbsvjwt.dll",DllRegisterServerW) -> FOUND
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> FOUND
[RUN][BLACKLIST DLL] HKUS\S-1-5-21-2110893426-1427874431-910128169-1000[...]\Run : CrashDumps (rundll32.exe "C:\Users\OneSource\AppData\Local\Google\CrashDumps\rmbsvjwt.dll",DllRegisterServerW) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY ATA Device +++++
--- User ---
[MBR] bd5537a5d51effeb49beb5e6acb2bfca
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size: 13764 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 | Size: 463036 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1a2f33767ed5ca6b362047fc98a135c3
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size: 13764 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 | Size: 463036 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt



**** RogueKiller - text 2:


RogueKiller V8.0.4 [09/19/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : OneSource [Admin rights]
Mode : Remove -- Date : 09/21/2012 00:16:41

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][BLACKLIST DLL] HKCU\[...]\Run : CrashDumps (rundll32.exe "C:\Users\OneSource\AppData\Local\Google\CrashDumps\rmbsvjwt.dll",DllRegisterServerW) -> DELETED
[RUN][BLACKLIST DLL] HKLM\[...]\Run : RunDLLEntry (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5061GSY ATA Device +++++
--- User ---
[MBR] bd5537a5d51effeb49beb5e6acb2bfca
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size: 13764 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 | Size: 463036 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1a2f33767ed5ca6b362047fc98a135c3
[BSP] 65392c6b522ee3015665563a17e69a8f : Windows 7 MBR Code
Partition table:
1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 133 Mo
2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 278528 | Size: 13764 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28467200 | Size: 463036 Mo

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#10 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 21 September 2012 - 03:23 AM

it's almost 1:30am my time and I have to get up at 6:00am to get the kids up and going for school - I will check back in first thing in the morning.

Thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 22 September 2012 - 07:09 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 22 September 2012 - 05:51 PM

I have 3 log file created from the tdsskill so I will list those three out separately below, I also see that the tdsskiller also created a QUARANTINE file also located in the C drive -

tdsskiller Log File #1:

15:21:58.0352 4820 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:22:00.0352 4820 ============================================================
15:22:00.0352 4820 Current date / time: 2012/09/22 15:22:00.0352
15:22:00.0352 4820 SystemInfo:
15:22:00.0352 4820
15:22:00.0352 4820 OS Version: 6.1.7601 ServicePack: 1.0
15:22:00.0352 4820 Product type: Workstation
15:22:00.0352 4820 ComputerName: ONESOURCE-PC
15:22:00.0352 4820 UserName: OneSource
15:22:00.0352 4820 Windows directory: C:\Windows
15:22:00.0352 4820 System windows directory: C:\Windows
15:22:00.0352 4820 Running under WOW64
15:22:00.0352 4820 Processor architecture: Intel x64
15:22:00.0352 4820 Number of processors: 8
15:22:00.0352 4820 Page size: 0x1000
15:22:00.0352 4820 Boot type: Normal boot
15:22:00.0352 4820 ============================================================
15:22:03.0582 4820 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040


tdsskiller Log File #2:

15:39:08.0571 3008 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:39:10.0571 3008 ============================================================
15:39:10.0571 3008 Current date / time: 2012/09/22 15:39:10.0571
15:39:10.0571 3008 SystemInfo:
15:39:10.0571 3008
15:39:10.0571 3008 OS Version: 6.1.7601 ServicePack: 1.0
15:39:10.0571 3008 Product type: Workstation
15:39:10.0571 3008 ComputerName: ONESOURCE-PC
15:39:10.0571 3008 UserName: OneSource
15:39:10.0571 3008 Windows directory: C:\Windows
15:39:10.0571 3008 System windows directory: C:\Windows
15:39:10.0571 3008 Running under WOW64
15:39:10.0571 3008 Processor architecture: Intel x64
15:39:10.0571 3008 Number of processors: 8
15:39:10.0571 3008 Page size: 0x1000
15:39:10.0571 3008 Boot type: Normal boot
15:39:10.0571 3008 ============================================================
15:39:12.0691 3008 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:12.0711 3008 Drive \Device\Harddisk1\DR1 - Size: 0x200CE0000 (8.01 Gb), SectorSize: 0x200, Cylinders: 0x415, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:39:12.0711 3008 Drive \Device\Harddisk2\DR2 - Size: 0x3BA200000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:39:12.0721 3008 ============================================================
15:39:12.0721 3008 \Device\Harddisk0\DR0:
15:39:12.0721 3008 MBR partitions:
15:39:12.0721 3008 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x44000, BlocksNum 0x1AE2000
15:39:12.0721 3008 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B26000, BlocksNum 0x3885E000
15:39:12.0721 3008 \Device\Harddisk1\DR1:
15:39:12.0721 3008 MBR partitions:
15:39:12.0721 3008 \Device\Harddisk2\DR2:
15:39:12.0721 3008 MBR partitions:
15:39:12.0721 3008 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1DD0800
15:39:12.0721 3008 ============================================================
15:39:12.0811 3008 C: <-> \Device\Harddisk0\DR0\Partition2
15:39:12.0811 3008 ============================================================
15:39:12.0811 3008 Initialize success
15:39:12.0811 3008 ============================================================
15:39:16.0681 5260 ============================================================
15:39:16.0681 5260 Scan started
15:39:16.0681 5260 Mode: Manual;
15:39:16.0681 5260 ============================================================
15:39:19.0001 5260 ================ Scan system memory ========================
15:39:19.0001 5260 System memory - ok
15:39:19.0001 5260 ================ Scan services =============================
15:39:19.0491 5260 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:39:19.0501 5260 1394ohci - ok
15:39:19.0591 5260 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:39:19.0591 5260 ACPI - ok
15:39:19.0681 5260 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:39:19.0691 5260 AcpiPmi - ok
15:39:19.0881 5260 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:39:19.0881 5260 AdobeARMservice - ok
15:39:20.0251 5260 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:39:20.0301 5260 AdobeFlashPlayerUpdateSvc - ok
15:39:20.0411 5260 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:39:20.0641 5260 adp94xx - ok
15:39:20.0711 5260 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:39:20.0911 5260 adpahci - ok
15:39:21.0011 5260 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:39:21.0021 5260 adpu320 - ok
15:39:21.0081 5260 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:39:21.0081 5260 AeLookupSvc - ok
15:39:21.0271 5260 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
15:39:21.0271 5260 AESTFilters - ok
15:39:21.0361 5260 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:39:21.0381 5260 AFD - ok
15:39:21.0431 5260 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:39:21.0441 5260 agp440 - ok
15:39:21.0491 5260 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:39:21.0501 5260 ALG - ok
15:39:21.0571 5260 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:39:21.0581 5260 aliide - ok
15:39:21.0651 5260 [ 3D90CF67DB75823A8480E56BBCD2E028 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
15:39:21.0661 5260 AMD External Events Utility - ok
15:39:21.0681 5260 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:39:21.0681 5260 amdide - ok
15:39:21.0741 5260 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:39:21.0751 5260 AmdK8 - ok
15:39:22.0111 5260 [ 52679612D742BF74CA1BA6AB86DDF431 ] amdkmdag C:\Windows\system32\DRIVERS\atipmdag.sys
15:39:22.0381 5260 amdkmdag - ok
15:39:22.0451 5260 [ 414E0788920A8C856032BE2CBF29F984 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
15:39:22.0461 5260 amdkmdap - ok
15:39:22.0501 5260 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:39:22.0511 5260 AmdPPM - ok
15:39:22.0561 5260 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:39:22.0571 5260 amdsata - ok
15:39:22.0611 5260 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:39:22.0621 5260 amdsbs - ok
15:39:22.0631 5260 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:39:22.0641 5260 amdxata - ok
15:39:22.0691 5260 [ 7FF52FD7CB32FBEBA5960E8F9621D734 ] AMP C:\Windows\system32\Drivers\amp.sys
15:39:22.0711 5260 AMP - ok
15:39:23.0151 5260 [ 6221E6DE43BBBD96C122F0EDD0139809 ] AMPSE C:\Windows\system32\Drivers\ampse.sys
15:39:23.0181 5260 AMPSE - ok
15:39:23.0261 5260 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:39:23.0271 5260 AppID - ok
15:39:23.0301 5260 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:39:23.0311 5260 AppIDSvc - ok
15:39:23.0351 5260 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:39:23.0351 5260 Appinfo - ok
15:39:23.0401 5260 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:39:23.0411 5260 arc - ok
15:39:23.0411 5260 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:39:23.0421 5260 arcsas - ok
15:39:23.0651 5260 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:39:23.0751 5260 aspnet_state - ok
15:39:23.0811 5260 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:39:23.0811 5260 AsyncMac - ok
15:39:23.0861 5260 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:39:23.0861 5260 atapi - ok
15:39:23.0921 5260 [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
15:39:23.0931 5260 AtiHdmiService - ok
15:39:24.0001 5260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:39:24.0011 5260 AudioEndpointBuilder - ok
15:39:24.0031 5260 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:39:24.0041 5260 AudioSrv - ok
15:39:24.0131 5260 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:39:24.0141 5260 AxInstSV - ok
15:39:24.0251 5260 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:39:24.0271 5260 b06bdrv - ok
15:39:24.0331 5260 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:39:24.0341 5260 b57nd60a - ok
15:39:24.0411 5260 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:39:24.0421 5260 BDESVC - ok
15:39:24.0441 5260 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:39:24.0451 5260 Beep - ok
15:39:24.0521 5260 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:39:24.0531 5260 BFE - ok
15:39:24.0701 5260 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
15:39:24.0721 5260 BITS - ok
15:39:24.0791 5260 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:39:24.0801 5260 blbdrive - ok
15:39:24.0841 5260 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:39:24.0851 5260 bowser - ok
15:39:24.0901 5260 [ A91B4392B326F6AED0052CB2592E979D ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
15:39:24.0911 5260 bpenum - ok
15:39:24.0941 5260 [ 7057339774618E38CFEFE0B5D1FDD58E ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
15:39:24.0951 5260 bpmp - ok
15:39:24.0981 5260 [ 2636C9619120A6B16DCB51886C46AC20 ] bpusb C:\Windows\system32\Drivers\bpusb.sys
15:39:24.0991 5260 bpusb - ok
15:39:25.0031 5260 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:39:25.0041 5260 BrFiltLo - ok
15:39:25.0051 5260 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:39:25.0061 5260 BrFiltUp - ok
15:39:25.0121 5260 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:39:25.0121 5260 Browser - ok
15:39:25.0131 5260 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:39:25.0151 5260 Brserid - ok
15:39:25.0161 5260 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:39:25.0171 5260 BrSerWdm - ok
15:39:25.0171 5260 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:39:25.0181 5260 BrUsbMdm - ok
15:39:25.0191 5260 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:39:25.0191 5260 BrUsbSer - ok
15:39:25.0261 5260 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
15:39:25.0271 5260 BthEnum - ok
15:39:25.0291 5260 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:39:25.0301 5260 BTHMODEM - ok
15:39:25.0321 5260 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
15:39:25.0321 5260 BthPan - ok
15:39:25.0411 5260 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
15:39:25.0431 5260 BTHPORT - ok
15:39:25.0481 5260 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:39:25.0491 5260 bthserv - ok
15:39:25.0571 5260 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
15:39:25.0571 5260 BTHUSB - ok
15:39:25.0681 5260 [ 6BCFDC2B5B7F66D484486D4BD4B39A6B ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
15:39:25.0681 5260 btwaudio - ok
15:39:25.0731 5260 [ 82DC8B7C626E526681C1BEBED2BC3FF9 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
15:39:25.0741 5260 btwavdt - ok
15:39:25.0901 5260 [ 6DDE1E97BE4D50253DFB9090A6A62524 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:39:25.0911 5260 btwdins - ok
15:39:25.0941 5260 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
15:39:25.0951 5260 btwl2cap - ok
15:39:25.0991 5260 [ 28E105AD3B79F440BF94780F507BF66A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
15:39:26.0001 5260 btwrchid - ok
15:39:26.0041 5260 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:39:26.0041 5260 cdfs - ok
15:39:26.0111 5260 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:39:26.0121 5260 cdrom - ok
15:39:26.0191 5260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:39:26.0191 5260 CertPropSvc - ok
15:39:26.0211 5260 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:39:26.0221 5260 circlass - ok
15:39:26.0301 5260 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:39:26.0311 5260 CLFS - ok
15:39:26.0521 5260 [ FDFF50AF8A708A23B7DE1D69C285A2AE ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
15:39:27.0191 5260 CLKMSVC10_9EC60124 - ok
15:39:27.0361 5260 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:39:27.0391 5260 clr_optimization_v2.0.50727_32 - ok
15:39:27.0431 5260 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:39:27.0441 5260 clr_optimization_v2.0.50727_64 - ok
15:39:27.0581 5260 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:39:27.0701 5260 clr_optimization_v4.0.30319_32 - ok
15:39:27.0721 5260 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:39:27.0741 5260 clr_optimization_v4.0.30319_64 - ok
15:39:27.0781 5260 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:39:27.0781 5260 CmBatt - ok
15:39:27.0821 5260 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:39:27.0821 5260 cmdide - ok
15:39:27.0891 5260 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:39:27.0901 5260 CNG - ok
15:39:27.0961 5260 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:39:27.0971 5260 Compbatt - ok
15:39:28.0031 5260 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:39:28.0041 5260 CompositeBus - ok
15:39:28.0071 5260 COMSysApp - ok
15:39:28.0091 5260 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:39:28.0101 5260 crcdisk - ok
15:39:28.0231 5260 [ C8BD651E13895B93ED9EC5B4F1DF42BC ] Creative ALchemy AL6 Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
15:39:28.0261 5260 Creative ALchemy AL6 Licensing Service - ok
15:39:28.0331 5260 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:39:28.0361 5260 Creative Audio Engine Licensing Service - ok
15:39:28.0411 5260 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:39:28.0411 5260 CryptSvc - ok
15:39:28.0511 5260 [ 07BA6D17E66879018B30B6C3F976EBED ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:39:28.0521 5260 CTAudSvcService - ok
15:39:28.0601 5260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:39:28.0601 5260 DcomLaunch - ok
15:39:28.0651 5260 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:39:28.0671 5260 defragsvc - ok
15:39:28.0741 5260 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:39:28.0751 5260 DfsC - ok
15:39:28.0801 5260 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:39:28.0801 5260 Dhcp - ok
15:39:28.0841 5260 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:39:28.0851 5260 discache - ok
15:39:28.0931 5260 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:39:29.0001 5260 Disk - ok
15:39:29.0181 5260 [ E56778551BF535500D6B02E68E5BFB47 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
15:39:29.0191 5260 DMAgent - ok
15:39:29.0271 5260 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:39:29.0271 5260 Dnscache - ok
15:39:29.0471 5260 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
15:39:29.0471 5260 DockLoginService - ok
15:39:29.0521 5260 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:39:29.0531 5260 dot3svc - ok
15:39:29.0571 5260 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:39:29.0571 5260 DPS - ok
15:39:29.0621 5260 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:39:29.0631 5260 drmkaud - ok
15:39:29.0691 5260 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:39:29.0711 5260 DXGKrnl - ok
15:39:29.0771 5260 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:39:29.0781 5260 EapHost - ok
15:39:29.0941 5260 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:39:30.0021 5260 ebdrv - ok
15:39:30.0101 5260 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:39:30.0111 5260 EFS - ok
15:39:30.0361 5260 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:39:30.0381 5260 ehRecvr - ok
15:39:30.0421 5260 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:39:30.0431 5260 ehSched - ok
15:39:30.0481 5260 [ D38A883309E04B9FBFFE1ACA60EA3BBF ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
15:39:30.0491 5260 ElRawDisk - ok
15:39:30.0551 5260 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:39:30.0571 5260 elxstor - ok
15:39:30.0601 5260 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:39:30.0601 5260 ErrDev - ok
15:39:30.0671 5260 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:39:30.0671 5260 EventSystem - ok
15:39:30.0821 5260 [ 51643EE2712D9212E1E53CA7E8D8EB4A ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:39:30.0841 5260 EvtEng - ok
15:39:30.0901 5260 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:39:30.0911 5260 exfat - ok
15:39:30.0961 5260 [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP C:\Windows\system32\DRIVERS\facap.sys
15:39:30.0971 5260 FACAP - ok
15:39:31.0201 5260 [ D3A9A39880298495788CDBB4BCD1C324 ] FAService C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
15:39:31.0501 5260 FAService - ok
15:39:31.0521 5260 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:39:31.0531 5260 fastfat - ok
15:39:31.0631 5260 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:39:31.0641 5260 Fax - ok
15:39:31.0681 5260 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:39:31.0681 5260 fdc - ok
15:39:31.0721 5260 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:39:31.0721 5260 fdPHost - ok
15:39:31.0741 5260 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:39:31.0741 5260 FDResPub - ok
15:39:31.0761 5260 FileDisk - ok
15:39:31.0791 5260 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:39:31.0801 5260 FileInfo - ok
15:39:31.0821 5260 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:39:31.0831 5260 Filetrace - ok
15:39:31.0841 5260 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:39:31.0851 5260 flpydisk - ok
15:39:31.0891 5260 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:39:31.0901 5260 FltMgr - ok
15:39:31.0981 5260 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:39:31.0991 5260 FontCache - ok
15:39:32.0091 5260 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:39:32.0101 5260 FontCache3.0.0.0 - ok
15:39:32.0121 5260 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:39:32.0131 5260 FsDepends - ok
15:39:32.0181 5260 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:39:32.0191 5260 Fs_Rec - ok
15:39:32.0231 5260 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:39:32.0241 5260 fvevol - ok
15:39:32.0281 5260 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:39:32.0291 5260 gagp30kx - ok
15:39:32.0441 5260 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:39:32.0451 5260 gpsvc - ok
15:39:32.0531 5260 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:39:32.0531 5260 hcw85cir - ok
15:39:32.0631 5260 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:39:32.0651 5260 HdAudAddService - ok
15:39:32.0721 5260 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:39:32.0721 5260 HDAudBus - ok
15:39:32.0741 5260 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:39:32.0751 5260 HidBatt - ok
15:39:32.0771 5260 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:39:32.0771 5260 HidBth - ok
15:39:32.0851 5260 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:39:32.0851 5260 HidIr - ok
15:39:32.0881 5260 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
15:39:32.0891 5260 hidserv - ok
15:39:32.0971 5260 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:39:32.0971 5260 HidUsb - ok
15:39:33.0031 5260 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:39:33.0031 5260 hkmsvc - ok
15:39:33.0121 5260 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:39:33.0121 5260 HomeGroupListener - ok
15:39:33.0221 5260 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:39:33.0221 5260 HomeGroupProvider - ok
15:39:33.0311 5260 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:39:33.0321 5260 HpSAMD - ok
15:39:33.0451 5260 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:39:33.0481 5260 HTTP - ok
15:39:33.0531 5260 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:39:33.0531 5260 hwpolicy - ok
15:39:33.0581 5260 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:39:33.0591 5260 i8042prt - ok
15:39:33.0641 5260 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:39:33.0661 5260 iaStorV - ok
15:39:33.0721 5260 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:39:33.0761 5260 idsvc - ok
15:39:33.0781 5260 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:39:33.0791 5260 iirsp - ok
15:39:33.0861 5260 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:39:33.0881 5260 IKEEXT - ok
15:39:33.0921 5260 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:39:33.0931 5260 intelide - ok
15:39:34.0001 5260 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:39:34.0011 5260 intelppm - ok
15:39:34.0101 5260 [ B5A662956977407C6B9B88A846FEF9BD ] ioloSystemService C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
15:39:34.0111 5260 ioloSystemService - ok
15:39:34.0181 5260 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:39:34.0191 5260 IPBusEnum - ok
15:39:34.0241 5260 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:39:34.0251 5260 IpFilterDriver - ok
15:39:34.0391 5260 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:39:34.0401 5260 iphlpsvc - ok
15:39:34.0461 5260 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:39:34.0471 5260 IPMIDRV - ok
15:39:34.0521 5260 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:39:34.0531 5260 IPNAT - ok
15:39:34.0581 5260 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:39:34.0581 5260 IRENUM - ok
15:39:34.0631 5260 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:39:34.0631 5260 isapnp - ok
15:39:34.0671 5260 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:39:34.0681 5260 iScsiPrt - ok
15:39:34.0711 5260 [ 8D990A44B4F2B68E2C56A3724EC3EB84 ] itecir C:\Windows\system32\DRIVERS\itecir.sys
15:39:34.0721 5260 itecir - ok
15:39:34.0771 5260 [ 7DBAFE10C1B777305C80BEA42FBDA710 ] k57nd60a C:\Windows\system32\DRIVERS\k57nd60a.sys
15:39:34.0781 5260 k57nd60a - ok
15:39:34.0831 5260 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
15:39:34.0841 5260 kbdclass - ok
15:39:34.0891 5260 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
15:39:34.0891 5260 kbdhid - ok
15:39:34.0931 5260 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:39:34.0941 5260 KeyIso - ok
15:39:35.0041 5260 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:39:35.0051 5260 KSecDD - ok
15:39:35.0101 5260 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:39:35.0111 5260 KSecPkg - ok
15:39:35.0221 5260 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:39:35.0221 5260 ksthunk - ok
15:39:35.0261 5260 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:39:35.0271 5260 KtmRm - ok
15:39:35.0331 5260 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
15:39:35.0341 5260 LanmanServer - ok
15:39:35.0371 5260 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:39:35.0381 5260 LanmanWorkstation - ok
15:39:35.0441 5260 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:39:35.0441 5260 lltdio - ok
15:39:35.0481 5260 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:39:35.0531 5260 lltdsvc - ok
15:39:35.0561 5260 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:39:35.0571 5260 lmhosts - ok
15:39:35.0621 5260 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:39:35.0631 5260 LSI_FC - ok
15:39:35.0661 5260 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:39:35.0661 5260 LSI_SAS - ok
15:39:35.0691 5260 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:39:35.0701 5260 LSI_SAS2 - ok
15:39:35.0721 5260 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:39:35.0731 5260 LSI_SCSI - ok
15:39:35.0761 5260 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:39:35.0771 5260 luafv - ok
15:39:35.0831 5260 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:39:35.0841 5260 Mcx2Svc - ok
15:39:35.0871 5260 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:39:35.0881 5260 megasas - ok
15:39:35.0911 5260 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:39:36.0271 5260 MegaSR - ok
15:39:36.0311 5260 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:39:36.0311 5260 MMCSS - ok
15:39:36.0381 5260 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:39:36.0391 5260 Modem - ok
15:39:36.0451 5260 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:39:36.0451 5260 monitor - ok
15:39:36.0511 5260 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
15:39:36.0521 5260 mouclass - ok
15:39:36.0581 5260 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:39:36.0591 5260 mouhid - ok
15:39:36.0641 5260 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:39:36.0651 5260 mountmgr - ok
15:39:36.0731 5260 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:39:36.0791 5260 MozillaMaintenance - ok
15:39:36.0921 5260 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:39:36.0931 5260 mpio - ok
15:39:36.0981 5260 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:39:36.0991 5260 mpsdrv - ok
15:39:37.0111 5260 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:39:37.0121 5260 MpsSvc - ok
15:39:37.0161 5260 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:39:37.0171 5260 MRxDAV - ok
15:39:37.0211 5260 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:39:37.0221 5260 mrxsmb - ok
15:39:37.0251 5260 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:39:37.0261 5260 mrxsmb10 - ok
15:39:37.0301 5260 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:39:37.0311 5260 mrxsmb20 - ok
15:39:37.0361 5260 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:39:37.0371 5260 msahci - ok
15:39:37.0391 5260 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:39:37.0401 5260 msdsm - ok
15:39:37.0421 5260 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:39:37.0431 5260 MSDTC - ok
15:39:37.0471 5260 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:39:37.0471 5260 Msfs - ok
15:39:37.0511 5260 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:39:37.0521 5260 mshidkmdf - ok
15:39:37.0561 5260 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:39:37.0571 5260 msisadrv - ok
15:39:37.0591 5260 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:39:37.0601 5260 MSiSCSI - ok
15:39:37.0611 5260 msiserver - ok
15:39:37.0651 5260 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:39:37.0651 5260 MSKSSRV - ok
15:39:37.0681 5260 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:39:37.0681 5260 MSPCLOCK - ok
15:39:37.0691 5260 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:39:37.0691 5260 MSPQM - ok
15:39:37.0741 5260 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:39:37.0751 5260 MsRPC - ok
15:39:37.0791 5260 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:39:37.0791 5260 mssmbios - ok
15:39:37.0851 5260 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:39:37.0851 5260 MSTEE - ok
15:39:37.0861 5260 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:39:37.0871 5260 MTConfig - ok
15:39:37.0911 5260 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:39:37.0911 5260 Mup - ok
15:39:37.0961 5260 [ D285D0539016BE299A55FF997B44DA33 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:39:37.0971 5260 MyWiFiDHCPDNS - ok
15:39:38.0051 5260 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:39:38.0061 5260 napagent - ok
15:39:38.0121 5260 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:39:38.0141 5260 NativeWifiP - ok
15:39:38.0291 5260 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:39:38.0301 5260 NDIS - ok
15:39:38.0471 5260 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:39:38.0481 5260 NdisCap - ok
15:39:38.0511 5260 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:39:38.0521 5260 NdisTapi - ok
15:39:38.0551 5260 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:39:38.0561 5260 Ndisuio - ok
15:39:38.0611 5260 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:39:38.0621 5260 NdisWan - ok
15:39:38.0651 5260 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:39:38.0661 5260 NDProxy - ok
15:39:38.0711 5260 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:39:38.0711 5260 NetBIOS - ok
15:39:38.0751 5260 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:39:38.0761 5260 NetBT - ok
15:39:38.0801 5260 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:39:38.0801 5260 Netlogon - ok
15:39:38.0851 5260 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:39:38.0861 5260 Netman - ok
15:39:38.0921 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:39:38.0961 5260 NetMsmqActivator - ok
15:39:38.0961 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:39:38.0971 5260 NetPipeActivator - ok
15:39:39.0001 5260 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:39:39.0011 5260 netprofm - ok
15:39:39.0011 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:39:39.0021 5260 NetTcpActivator - ok
15:39:39.0021 5260 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:39:39.0031 5260 NetTcpPortSharing - ok
15:39:39.0511 5260 [ 4D85A450EDEF10C38882182753A49AAE ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
15:39:39.0711 5260 NETw5s64 - ok
15:39:39.0761 5260 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:39:39.0771 5260 nfrd960 - ok
15:39:39.0861 5260 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:39:39.0861 5260 NlaSvc - ok
15:39:39.0881 5260 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:39:39.0891 5260 Npfs - ok
15:39:39.0921 5260 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:39:39.0921 5260 nsi - ok
15:39:39.0941 5260 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:39:39.0941 5260 nsiproxy - ok
15:39:40.0151 5260 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:39:40.0191 5260 Ntfs - ok
15:39:40.0231 5260 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:39:40.0231 5260 Null - ok
15:39:40.0281 5260 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:39:40.0291 5260 nvraid - ok
15:39:40.0361 5260 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:39:40.0371 5260 nvstor - ok
15:39:40.0421 5260 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:39:40.0431 5260 nv_agp - ok
15:39:40.0481 5260 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:39:40.0491 5260 ohci1394 - ok
15:39:40.0571 5260 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:39:40.0601 5260 ose - ok
15:39:41.0401 5260 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:39:41.0491 5260 osppsvc - ok
15:39:41.0631 5260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:39:41.0631 5260 p2pimsvc - ok
15:39:41.0701 5260 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:39:41.0701 5260 p2psvc - ok
15:39:41.0781 5260 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:39:41.0791 5260 Parport - ok
15:39:41.0821 5260 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:39:41.0831 5260 partmgr - ok
15:39:41.0861 5260 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:39:41.0871 5260 PcaSvc - ok
15:39:41.0911 5260 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:39:41.0921 5260 pci - ok
15:39:41.0971 5260 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:39:41.0981 5260 pciide - ok
15:39:42.0011 5260 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:39:42.0021 5260 pcmcia - ok
15:39:42.0051 5260 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:39:42.0061 5260 pcw - ok
15:39:42.0121 5260 [ 8570C04D9DBFDDD2CCF655DEB4D84715 ] PDFsFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
15:39:42.0131 5260 PDFsFilter - ok
15:39:42.0161 5260 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:39:42.0181 5260 PEAUTH - ok
15:39:42.0311 5260 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:39:42.0331 5260 PerfHost - ok
15:39:42.0441 5260 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:39:42.0481 5260 pla - ok
15:39:42.0551 5260 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:39:42.0561 5260 PlugPlay - ok
15:39:42.0611 5260 [ A010F13D27C1033A8BE09D5FA9BF348B ] pneteth C:\Windows\system32\DRIVERS\pneteth.sys
15:39:42.0621 5260 pneteth - ok
15:39:42.0631 5260 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:39:42.0641 5260 PNRPAutoReg - ok
15:39:42.0671 5260 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:39:42.0671 5260 PNRPsvc - ok
15:39:42.0751 5260 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:39:42.0771 5260 PolicyAgent - ok
15:39:42.0801 5260 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:39:42.0801 5260 Power - ok
15:39:42.0851 5260 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:39:42.0861 5260 PptpMiniport - ok
15:39:42.0911 5260 [ 4792EF6A10258014AB52EABA8CC43B3F ] Printer Control C:\Windows\system32\PrintCtrl.exe
15:39:43.0041 5260 Printer Control - ok
15:39:43.0101 5260 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:39:43.0111 5260 Processor - ok
15:39:43.0161 5260 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:39:43.0161 5260 ProfSvc - ok
15:39:43.0191 5260 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:39:43.0191 5260 ProtectedStorage - ok
15:39:43.0261 5260 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:39:43.0271 5260 Psched - ok
15:39:43.0321 5260 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
15:39:43.0331 5260 PxHlpa64 - ok
15:39:43.0401 5260 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:39:43.0441 5260 ql2300 - ok
15:39:43.0491 5260 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:39:43.0531 5260 ql40xx - ok
15:39:43.0581 5260 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:39:43.0601 5260 QWAVE - ok
15:39:43.0631 5260 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:39:43.0641 5260 QWAVEdrv - ok
15:39:43.0671 5260 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:39:43.0681 5260 RasAcd - ok
15:39:43.0721 5260 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:39:43.0741 5260 RasAgileVpn - ok
15:39:43.0781 5260 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:39:43.0791 5260 RasAuto - ok
15:39:43.0831 5260 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:39:43.0841 5260 Rasl2tp - ok
15:39:43.0951 5260 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:39:43.0981 5260 RasMan - ok
15:39:44.0021 5260 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:39:44.0031 5260 RasPppoe - ok
15:39:44.0071 5260 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:39:44.0081 5260 RasSstp - ok
15:39:44.0151 5260 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:39:44.0161 5260 rdbss - ok
15:39:44.0191 5260 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:39:44.0201 5260 rdpbus - ok
15:39:44.0261 5260 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:39:44.0271 5260 RDPCDD - ok
15:39:44.0311 5260 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:39:44.0321 5260 RDPENCDD - ok
15:39:44.0351 5260 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:39:44.0361 5260 RDPREFMP - ok
15:39:44.0431 5260 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:39:44.0441 5260 RDPWD - ok
15:39:44.0471 5260 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:39:44.0621 5260 rdyboost - ok
15:39:44.0741 5260 [ 3B71B5B91E7DCA93585D5A86C897ADC4 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:39:44.0751 5260 RegSrvc - ok
15:39:44.0821 5260 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:39:44.0831 5260 RemoteAccess - ok
15:39:44.0861 5260 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:39:44.0871 5260 RemoteRegistry - ok
15:39:44.0931 5260 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
15:39:44.0941 5260 RFCOMM - ok
15:39:44.0971 5260 [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci C:\Windows\system32\DRIVERS\rimspe64.sys
15:39:44.0981 5260 rimspci - ok
15:39:45.0001 5260 [ A6DA2B0C8F5BB3F9F5423CFF8D6A02D9 ] risdpcie C:\Windows\system32\DRIVERS\risdpe64.sys
15:39:45.0011 5260 risdpcie - ok
15:39:45.0021 5260 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\Windows\system32\DRIVERS\rixdpe64.sys
15:39:45.0031 5260 rixdpcie - ok
15:39:45.0211 5260 [ 05FC44D32A144925EAE45570029FD6E1 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
15:39:45.0341 5260 RoxMediaDB10 - ok
15:39:45.0401 5260 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:39:45.0411 5260 RpcEptMapper - ok
15:39:45.0471 5260 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:39:45.0471 5260 RpcLocator - ok
15:39:45.0521 5260 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:39:45.0531 5260 RpcSs - ok
15:39:45.0591 5260 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:39:45.0601 5260 rspndr - ok
15:39:45.0601 5260 RxFilter - ok
15:39:45.0641 5260 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:39:45.0641 5260 SamSs - ok
15:39:45.0671 5260 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:39:45.0681 5260 sbp2port - ok
15:39:45.0711 5260 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:39:45.0721 5260 SCardSvr - ok
15:39:45.0761 5260 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:39:45.0771 5260 scfilter - ok
15:39:45.0811 5260 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:39:45.0831 5260 Schedule - ok
15:39:45.0861 5260 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:39:45.0861 5260 SCPolicySvc - ok
15:39:45.0941 5260 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
15:39:45.0951 5260 sdbus - ok
15:39:46.0021 5260 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:39:46.0031 5260 SDRSVC - ok
15:39:46.0121 5260 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:39:46.0121 5260 secdrv - ok
15:39:46.0201 5260 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:39:46.0211 5260 seclogon - ok
15:39:46.0281 5260 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
15:39:46.0291 5260 SENS - ok
15:39:46.0301 5260 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:39:46.0311 5260 SensrSvc - ok
15:39:46.0331 5260 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:39:46.0341 5260 Serenum - ok
15:39:46.0371 5260 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:39:46.0381 5260 Serial - ok
15:39:46.0431 5260 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:39:46.0441 5260 sermouse - ok
15:39:46.0501 5260 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:39:46.0501 5260 SessionEnv - ok
15:39:46.0541 5260 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:39:46.0551 5260 sffdisk - ok
15:39:46.0571 5260 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:39:46.0581 5260 sffp_mmc - ok
15:39:46.0601 5260 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:39:46.0611 5260 sffp_sd - ok
15:39:46.0641 5260 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:39:46.0651 5260 sfloppy - ok
15:39:46.0701 5260 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:39:46.0721 5260 SharedAccess - ok
15:39:46.0791 5260 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:39:46.0801 5260 ShellHWDetection - ok
15:39:46.0831 5260 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:39:46.0841 5260 SiSRaid2 - ok
15:39:46.0861 5260 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:39:46.0871 5260 SiSRaid4 - ok
15:39:46.0931 5260 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
15:39:53.0211 5260 SkypeUpdate - ok
15:39:53.0271 5260 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:39:53.0281 5260 Smb - ok
15:39:53.0341 5260 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:39:53.0351 5260 SNMPTRAP - ok
15:39:53.0431 5260 [ 9B24DCA429F819DB314F30EE4C6C80FD ] Sound Blaster X-Fi MB Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
15:39:53.0461 5260 Sound Blaster X-Fi MB Licensing Service - ok
15:39:53.0491 5260 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:39:53.0501 5260 spldr - ok
15:39:53.0581 5260 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:39:53.0601 5260 Spooler - ok
15:39:53.0921 5260 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:39:53.0961 5260 sppsvc - ok
15:39:54.0031 5260 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:39:54.0041 5260 sppuinotify - ok
15:39:54.0121 5260 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:39:54.0141 5260 srv - ok
15:39:54.0251 5260 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:39:54.0281 5260 srv2 - ok
15:39:54.0311 5260 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:39:54.0321 5260 srvnet - ok
15:39:54.0391 5260 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:39:54.0411 5260 SSDPSRV - ok
15:39:54.0431 5260 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:39:54.0441 5260 SstpSvc - ok
15:39:54.0591 5260 [ DA7702025DFD169B909C4DA3126762CC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
15:39:54.0591 5260 STacSV - ok
15:39:54.0621 5260 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:39:54.0631 5260 stexstor - ok
15:39:54.0661 5260 [ CAF5A9708671B14B9670260735B22C4E ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
15:39:54.0691 5260 STHDA - ok
15:39:54.0751 5260 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:39:54.0771 5260 stisvc - ok
15:39:54.0841 5260 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:39:54.0861 5260 stllssvr - ok
15:39:54.0901 5260 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:39:54.0901 5260 swenum - ok
15:39:55.0041 5260 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:39:55.0041 5260 SwitchBoard - ok
15:39:55.0131 5260 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:39:55.0161 5260 swprv - ok
15:39:55.0231 5260 [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
15:39:55.0241 5260 SynTP - ok
15:39:55.0401 5260 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:39:55.0421 5260 SysMain - ok
15:39:55.0481 5260 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:39:55.0491 5260 TabletInputService - ok
15:39:55.0541 5260 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:39:55.0561 5260 TapiSrv - ok
15:39:55.0591 5260 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:39:55.0601 5260 TBS - ok
15:39:55.0711 5260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:39:55.0751 5260 Tcpip - ok
15:39:55.0821 5260 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:39:55.0841 5260 TCPIP6 - ok
15:39:55.0881 5260 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:39:55.0881 5260 tcpipreg - ok
15:39:55.0921 5260 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:39:55.0931 5260 TDPIPE - ok
15:39:55.0961 5260 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:39:55.0971 5260 TDTCP - ok
15:39:56.0011 5260 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:39:56.0021 5260 tdx - ok
15:39:56.0071 5260 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:39:56.0081 5260 TermDD - ok
15:39:56.0131 5260 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:39:56.0141 5260 TermService - ok
15:39:56.0171 5260 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:39:56.0171 5260 Themes - ok
15:39:56.0201 5260 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:39:56.0201 5260 THREADORDER - ok
15:39:56.0231 5260 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:39:56.0231 5260 TrkWks - ok
15:39:56.0311 5260 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:39:56.0321 5260 TrustedInstaller - ok
15:39:56.0361 5260 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:39:56.0531 5260 tssecsrv - ok
15:39:56.0621 5260 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:39:56.0621 5260 TsUsbFlt - ok
15:39:56.0751 5260 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:39:56.0761 5260 tunnel - ok
15:39:56.0791 5260 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:39:56.0801 5260 uagp35 - ok
15:39:56.0851 5260 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:39:56.0861 5260 udfs - ok
15:39:56.0911 5260 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:39:56.0921 5260 UI0Detect - ok
15:39:56.0991 5260 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:39:57.0001 5260 uliagpkx - ok
15:39:57.0041 5260 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:39:57.0051 5260 umbus - ok
15:39:57.0101 5260 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:39:57.0101 5260 UmPass - ok
15:39:57.0131 5260 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:39:57.0141 5260 upnphost - ok
15:39:57.0201 5260 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:39:57.0211 5260 usbaudio - ok
15:39:57.0241 5260 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:39:57.0251 5260 usbccgp - ok
15:39:57.0271 5260 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
15:39:57.0281 5260 usbcir - ok
15:39:57.0301 5260 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:39:57.0361 5260 usbehci - ok
15:39:57.0401 5260 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:39:57.0421 5260 usbhub - ok
15:39:57.0441 5260 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:39:57.0451 5260 usbohci - ok
15:39:57.0471 5260 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:39:57.0481 5260 usbprint - ok
15:39:57.0511 5260 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:39:57.0521 5260 USBSTOR - ok
15:39:57.0571 5260 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:39:57.0581 5260 usbuhci - ok
15:39:57.0631 5260 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
15:39:57.0651 5260 usbvideo - ok
15:39:57.0681 5260 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:39:57.0681 5260 UxSms - ok
15:39:57.0691 5260 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:39:57.0701 5260 VaultSvc - ok
15:39:57.0741 5260 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:39:57.0751 5260 vdrvroot - ok
15:39:57.0811 5260 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:39:57.0841 5260 vds - ok
15:39:57.0861 5260 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:39:57.0871 5260 vga - ok
15:39:57.0891 5260 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:39:57.0891 5260 VgaSave - ok
15:39:57.0941 5260 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:39:57.0951 5260 vhdmp - ok
15:39:57.0991 5260 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:39:57.0991 5260 viaide - ok
15:39:58.0031 5260 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:39:58.0041 5260 volmgr - ok
15:39:58.0131 5260 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:39:58.0151 5260 volmgrx - ok
15:39:58.0181 5260 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:39:58.0191 5260 volsnap - ok
15:39:58.0231 5260 [ 1DE8494EB32A68D2140FD120BAB2DE43 ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
15:39:58.0231 5260 vseamps - ok
15:39:58.0281 5260 [ 53604F5091EB1100B930B7E34F593660 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
15:39:58.0291 5260 vsedsps - ok
15:39:58.0311 5260 [ 54F18665937F657842BC195BD2CB489C ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
15:39:58.0311 5260 vseqrts - ok
15:39:58.0381 5260 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:39:58.0391 5260 vsmraid - ok
15:39:58.0471 5260 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:39:58.0521 5260 VSS - ok
15:39:58.0541 5260 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:39:58.0541 5260 vwifibus - ok
15:39:58.0561 5260 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:39:58.0571 5260 vwififlt - ok
15:39:58.0611 5260 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:39:58.0621 5260 vwifimp - ok
15:39:58.0681 5260 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:39:58.0691 5260 W32Time - ok
15:39:58.0721 5260 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:39:58.0731 5260 WacomPen - ok
15:39:58.0781 5260 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:39:58.0791 5260 WANARP - ok
15:39:58.0801 5260 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:39:58.0801 5260 Wanarpv6 - ok
15:39:58.0891 5260 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:39:58.0931 5260 WatAdminSvc - ok
15:39:59.0041 5260 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:39:59.0091 5260 wbengine - ok
15:39:59.0141 5260 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:39:59.0151 5260 WbioSrvc - ok
15:39:59.0191 5260 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:39:59.0211 5260 wcncsvc - ok
15:39:59.0231 5260 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:39:59.0231 5260 WcsPlugInService - ok
15:39:59.0261 5260 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:39:59.0271 5260 Wd - ok
15:39:59.0301 5260 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:39:59.0321 5260 Wdf01000 - ok
15:39:59.0351 5260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:39:59.0361 5260 WdiServiceHost - ok
15:39:59.0371 5260 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:39:59.0371 5260 WdiSystemHost - ok
15:39:59.0421 5260 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:39:59.0441 5260 WebClient - ok
15:39:59.0481 5260 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:39:59.0491 5260 Wecsvc - ok
15:39:59.0511 5260 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:39:59.0521 5260 wercplsupport - ok
15:39:59.0561 5260 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:39:59.0571 5260 WerSvc - ok
15:39:59.0581 5260 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:39:59.0591 5260 WfpLwf - ok
15:39:59.0681 5260 [ 971423A6B38DDC1501BF1752987DCFD6 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
15:39:59.0691 5260 WiMAXAppSrv - ok
15:39:59.0741 5260 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:39:59.0751 5260 WIMMount - ok
15:39:59.0781 5260 WinDefend - ok
15:39:59.0791 5260 WinHttpAutoProxySvc - ok
15:39:59.0861 5260 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:39:59.0871 5260 Winmgmt - ok
15:39:59.0991 5260 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:40:00.0041 5260 WinRM - ok
15:40:00.0151 5260 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
15:40:00.0151 5260 WinUSB - ok
15:40:00.0251 5260 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:40:00.0261 5260 Wlansvc - ok
15:40:00.0301 5260 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:40:00.0301 5260 WmiAcpi - ok
15:40:00.0361 5260 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:40:00.0371 5260 wmiApSrv - ok
15:40:00.0421 5260 WMPNetworkSvc - ok
15:40:00.0491 5260 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:40:00.0501 5260 WPCSvc - ok
15:40:00.0541 5260 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:40:00.0551 5260 WPDBusEnum - ok
15:40:00.0571 5260 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:40:00.0581 5260 ws2ifsl - ok
15:40:00.0601 5260 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
15:40:00.0611 5260 wscsvc - ok
15:40:00.0611 5260 WSearch - ok
15:40:00.0831 5260 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:40:00.0861 5260 wuauserv - ok
15:40:00.0901 5260 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:40:00.0911 5260 WudfPf - ok
15:40:00.0961 5260 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:00.0971 5260 WUDFRd - ok
15:40:01.0021 5260 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:40:01.0031 5260 wudfsvc - ok
15:40:01.0071 5260 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:40:01.0081 5260 WwanSvc - ok
15:40:01.0131 5260 ================ Scan global ===============================
15:40:01.0171 5260 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:40:01.0211 5260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:40:01.0221 5260 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:40:01.0271 5260 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:40:01.0321 5260 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:40:01.0341 5260 [Global] - ok
15:40:01.0341 5260 ================ Scan MBR ==================================
15:40:01.0351 5260 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:40:01.0351 5260 Suspicious mbr (Forged): \Device\Harddisk0\DR0
15:40:01.0411 5260 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
15:40:01.0411 5260 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
15:40:01.0421 5260 [ F1DECB1EE4A9C00EC8F602265444D1AC ] \Device\Harddisk1\DR1
15:40:04.0311 5260 \Device\Harddisk1\DR1 - ok
15:40:04.0331 5260 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
15:40:04.0341 5260 \Device\Harddisk2\DR2 - ok
15:40:04.0341 5260 ================ Scan VBR ==================================
15:40:04.0381 5260 [ 623B197B4BC25466C95548782710B48A ] \Device\Harddisk0\DR0\Partition1
15:40:04.0391 5260 \Device\Harddisk0\DR0\Partition1 - ok
15:40:04.0411 5260 [ 104CB99F7A42D302C8E9D6793AACB431 ] \Device\Harddisk0\DR0\Partition2
15:40:04.0421 5260 \Device\Harddisk0\DR0\Partition2 - ok
15:40:04.0421 5260 [ 92CCAA4E60FA058580F190BF53964857 ] \Device\Harddisk2\DR2\Partition1
15:40:04.0421 5260 \Device\Harddisk2\DR2\Partition1 - ok
15:40:04.0431 5260 ============================================================
15:40:04.0431 5260 Scan finished
15:40:04.0431 5260 ============================================================
15:40:04.0451 1664 Detected object count: 1
15:40:04.0451 1664 Actual detected object count: 1
15:42:40.0010 1664 \Device\Harddisk0\DR0\# - copied to quarantine
15:42:40.0016 1664 \Device\Harddisk0\DR0 - copied to quarantine
15:42:40.0589 1664 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
15:42:40.0595 1664 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
15:42:40.0605 1664 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
15:42:40.0615 1664 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
15:42:40.0638 1664 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
15:42:40.0654 1664 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
15:42:40.0660 1664 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
15:42:40.0667 1664 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
15:42:40.0674 1664 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
15:42:40.0684 1664 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
15:42:40.0693 1664 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
15:42:40.0701 1664 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
15:42:40.0708 1664 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
15:42:40.0744 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
15:42:40.0747 1664 \Device\Harddisk0\DR0 - ok
15:42:40.0784 1664 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
15:42:53.0810 1828 Deinitialize success



tdsskiller Log File #3:

15:44:44.0283 3376 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:44:44.0548 3376 ============================================================
15:44:44.0548 3376 Current date / time: 2012/09/22 15:44:44.0548
15:44:44.0548 3376 SystemInfo:
15:44:44.0548 3376
15:44:44.0548 3376 OS Version: 6.1.7601 ServicePack: 1.0
15:44:44.0548 3376 Product type: Workstation
15:44:44.0548 3376 ComputerName: ONESOURCE-PC
15:44:44.0548 3376 UserName: OneSource
15:44:44.0548 3376 Windows directory: C:\Windows
15:44:44.0548 3376 System windows directory: C:\Windows
15:44:44.0548 3376 Running under WOW64
15:44:44.0548 3376 Processor architecture: Intel x64
15:44:44.0548 3376 Number of processors: 8
15:44:44.0548 3376 Page size: 0x1000
15:44:44.0548 3376 Boot type: Normal boot
15:44:44.0548 3376 ============================================================
15:44:50.0711 3376 BG loaded
15:44:52.0989 3376 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:44:53.0004 3376 Drive \Device\Harddisk1\DR1 - Size: 0x200CE0000 (8.01 Gb), SectorSize: 0x200, Cylinders: 0x415, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:44:53.0004 3376 Drive \Device\Harddisk2\DR2 - Size: 0x3BA200000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x79A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:44:53.0004 3376 ============================================================
15:44:53.0004 3376 \Device\Harddisk0\DR0:
15:44:53.0004 3376 MBR partitions:
15:44:53.0004 3376 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x44000, BlocksNum 0x1AE2000
15:44:53.0004 3376 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B26000, BlocksNum 0x3885E000
15:44:53.0004 3376 \Device\Harddisk1\DR1:
15:44:53.0004 3376 MBR partitions:
15:44:53.0004 3376 \Device\Harddisk2\DR2:
15:44:53.0004 3376 MBR partitions:
15:44:53.0004 3376 \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x800, BlocksNum 0x1DD0800
15:44:53.0004 3376 ============================================================
15:44:53.0036 3376 C: <-> \Device\Harddisk0\DR0\Partition2
15:44:53.0036 3376 ============================================================
15:44:53.0036 3376 Initialize success
15:44:53.0036 3376 ============================================================
15:45:05.0795 3240 Deinitialize success





*** aswMBR File Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-22 15:55:21
-----------------------------
15:55:21.565 OS Version: Windows x64 6.1.7601 Service Pack 1
15:55:21.565 Number of processors: 8 586 0x1E05
15:55:21.565 ComputerName: ONESOURCE-PC UserName: OneSource
15:55:22.785 Initialize success
16:12:15.296 AVAST engine defs: 12092201
16:13:24.092 The log file has been saved successfully to "C:\Users\OneSource\Desktop\System Mechanic Pro\aswMBR.txt"

Edited by OneSource, 22 September 2012 - 06:15 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 22 September 2012 - 09:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 OneSource

OneSource
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:32 AM

Posted 24 September 2012 - 12:04 AM

Gringo, Thank you for your help on this - for several weeks it was so frustration, I am looking forward to seeing how the PC acts from here on out. I will play around with it for the next little while and into the day tomorrow and I will come back and edit this post and let you know how everything is running -

*** QUETION - am I able to delete all the previous uploads used to sort out this problem and delete the logs as well?

And then I am using Systems Mechanics Pro, should I also use another form or protection as well?

And then last question ... on another computer that I have, can I run the Avast and a Malware protection at the same time?....


Looking forward to your reply regarding the above questions -


*** ComboFix Log File:

ComboFix 12-09-23.03 - OneSource 09/23/2012 21:41:39.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6132.4513 [GMT -7:00]
Running from: c:\users\OneSource\Downloads\ComboFix.exe
AV: System Shield *Disabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: System Shield *Disabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\OneSource\g2mdlhlpx.exe
c:\users\OneSource\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-24 to 2012-09-24 )))))))))))))))))))))))))))))))
.
.
2012-09-24 04:51 . 2012-09-24 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 22:42 . 2012-09-22 22:42 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-22 22:21 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2D2F169D-AD04-4C03-8CA7-D9F22E503D41}\mpengine.dll
2012-09-22 22:20 . 2012-09-22 22:21 -------- d-----w- C:\Cleaner -
2012-09-20 22:03 . 2012-09-20 22:03 -------- d-----w- c:\windows\Sun
2012-09-20 16:35 . 2012-09-20 16:35 -------- d--h--w- c:\programdata\Common Files
2012-09-20 16:35 . 2012-09-20 16:38 -------- d-----w- c:\users\OneSource\AppData\Roaming\FixCleaner
2012-09-20 16:35 . 2012-09-21 00:21 -------- d-----w- c:\program files (x86)\FixCleaner
2012-09-19 03:14 . 2012-09-19 03:14 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-19 03:06 . 2012-09-19 03:06 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-19 03:06 . 2012-09-19 03:06 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-19 01:47 . 2012-09-19 01:50 -------- d-----w- c:\program files (x86)\Common Files\SourceTec
2012-09-19 01:46 . 2012-09-19 01:50 -------- d-----w- c:\program files (x86)\SourceTec
2012-09-17 20:26 . 2012-09-17 20:26 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9128.tmp
2012-09-17 20:26 . 2012-09-17 20:26 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\9127.tmp
2012-09-16 00:37 . 2012-09-21 00:16 -------- d-----w- c:\users\OneSource\AppData\Roaming\Anvisoft
2012-09-16 00:37 . 2012-09-16 00:37 -------- d-----w- c:\programdata\Anvisoft
2012-09-16 00:37 . 2012-09-21 00:16 -------- d-----w- c:\program files (x86)\Anvisoft
2012-09-12 15:26 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 15:26 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 15:26 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 15:26 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 15:26 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 15:26 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 15:26 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-09 23:49 . 2012-09-09 23:49 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-08 04:06 . 2009-10-28 02:31 3982240 ----a-w- c:\windows\SysWow64\Flash10d.ocx
2012-09-08 04:06 . 2012-09-08 04:06 -------- d-----w- c:\program files (x86)\StreamTransport
2012-09-06 01:50 . 2011-08-27 17:19 905216 ----a-w- c:\windows\SysWow64\SaveTo.dll
2012-09-05 18:34 . 2012-09-05 18:33 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-05 18:34 . 2012-09-05 18:33 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-05 18:34 . 2012-09-05 18:33 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-05 18:34 . 2012-09-05 18:33 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-05 18:34 . 2012-09-05 18:33 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-05 18:34 . 2012-09-05 18:33 188904 ----a-w- c:\windows\system32\java.exe
2012-09-05 18:33 . 2012-09-05 18:33 -------- d-----w- c:\program files\Java
2012-08-28 02:17 . 2012-09-22 22:46 -------- d-----r- c:\users\OneSource\Dropbox
2012-08-28 02:09 . 2012-09-22 22:46 -------- d-----w- c:\users\OneSource\AppData\Roaming\Dropbox
2012-08-25 17:19 . 2012-09-22 23:11 -------- d-----w- c:\users\OneSource\AppData\Roaming\vlc
2012-08-25 17:14 . 2012-08-25 17:14 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 03:14 . 2012-07-09 10:06 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-19 03:14 . 2012-07-09 10:06 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-13 16:00 . 2012-07-16 05:03 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-07 19:36 . 2012-08-07 19:36 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2012-08-02 19:45 . 2012-07-09 09:36 56472 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-08-02 19:45 . 2012-07-09 09:36 25072 ----a-w- c:\windows\system32\smrgdf.exe
2012-08-02 18:27 . 2012-08-07 19:39 2154576 ----a-w- c:\windows\system32\Incinerator64.dll
2012-08-02 18:27 . 2012-07-09 09:44 2096360 ----a-w- c:\windows\SysWow64\Incinerator32.dll
2012-08-02 18:21 . 2012-08-07 19:38 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2012-07-18 18:15 . 2012-08-16 00:22 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-16 04:59 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-07-16 04:59 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-07-14 15:41 . 2012-07-14 15:41 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-14 15:41 . 2012-07-14 15:41 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-07-14 15:41 . 2012-07-14 15:41 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-14 15:41 . 2012-07-14 15:41 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-07-14 15:41 . 2012-07-14 15:41 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-07-14 15:41 . 2012-07-14 15:41 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-07-14 15:41 . 2012-07-14 15:41 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-07-14 15:41 . 2012-07-14 15:41 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-07-14 15:41 . 2012-07-14 15:41 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-07-14 15:41 . 2012-07-14 15:41 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-07-14 15:41 . 2012-07-14 15:41 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-07-14 15:41 . 2012-07-14 15:41 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-07-14 15:41 . 2012-07-14 15:41 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-07-14 15:41 . 2012-07-14 15:41 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-07-14 15:41 . 2012-07-14 15:41 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-07-14 15:41 . 2012-07-14 15:41 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-07-14 15:41 . 2012-07-14 15:41 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-14 15:41 . 2012-07-14 15:41 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-14 15:41 . 2012-07-14 15:41 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-07-14 15:41 . 2012-07-14 15:41 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-07-14 15:41 . 2012-07-14 15:41 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-07-14 15:41 . 2012-07-14 15:41 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-07-14 15:41 . 2012-07-14 15:41 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-14 15:41 . 2012-07-14 15:41 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-07-14 15:41 . 2012-07-14 15:41 448512 ----a-w- c:\windows\system32\html.iec
2012-07-14 15:41 . 2012-07-14 15:41 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-07-14 15:41 . 2012-07-14 15:41 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-07-14 15:41 . 2012-07-14 15:41 222208 ----a-w- c:\windows\system32\msls31.dll
2012-07-14 15:41 . 2012-07-14 15:41 197120 ----a-w- c:\windows\system32\msrating.dll
2012-07-14 15:41 . 2012-07-14 15:41 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-07-14 15:41 . 2012-07-14 15:41 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-07-14 15:41 . 2012-07-14 15:41 149504 ----a-w- c:\windows\system32\occache.dll
2012-07-14 15:41 . 2012-07-14 15:41 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-07-14 15:41 . 2012-07-14 15:41 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-14 15:41 . 2012-07-14 15:41 12288 ----a-w- c:\windows\system32\mshta.exe
2012-07-14 15:41 . 2012-07-14 15:41 114176 ----a-w- c:\windows\system32\admparse.dll
2012-07-14 15:41 . 2012-07-14 15:41 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-14 15:41 . 2012-07-14 15:41 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-07-14 15:41 . 2012-07-14 15:41 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-07-14 15:41 . 2012-07-14 15:41 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-07-14 15:41 . 2012-07-14 15:41 82432 ----a-w- c:\windows\system32\icardie.dll
2012-07-14 15:41 . 2012-07-14 15:41 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-07-14 15:41 . 2012-07-14 15:41 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-07-14 15:41 . 2012-07-14 15:41 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-07-14 15:41 . 2012-07-14 15:41 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-07-14 15:41 . 2012-07-14 15:41 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-07-14 15:41 . 2012-07-14 15:41 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-07-14 15:41 . 2012-07-14 15:41 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-14 15:41 . 2012-07-14 15:41 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-07-14 15:41 . 2012-07-14 15:41 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-07-14 15:41 . 2012-07-14 15:41 160256 ----a-w- c:\windows\system32\wextract.exe
2012-07-14 15:41 . 2012-07-14 15:41 103936 ----a-w- c:\windows\system32\inseng.dll
2012-07-11 21:52 . 2012-07-11 21:52 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-09 09:35 . 2012-07-09 09:35 74703 ----a-w- c:\windows\SysWow64\mfc45.dll
2012-07-09 09:29 . 2012-07-09 09:30 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-07-09 09:10 . 2012-07-09 09:10 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-07-09 09:10 . 2012-07-09 09:10 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-07-09 09:10 . 2012-07-09 09:10 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-07-09 09:10 . 2012-07-09 09:10 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-07-06 20:07 . 2012-08-16 16:11 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-07-04 22:16 . 2012-08-16 00:22 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-16 00:22 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-16 00:22 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-16 00:22 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-16 16:05 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-16 16:05 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-16 16:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-16 16:06 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-16 16:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-16 16:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-16 16:06 237056 ----a-w- c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-16 16:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-16 16:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-16 16:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-16 16:06 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-16 16:06 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-16 16:06 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-16 16:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-16 16:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-16 16:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-16 16:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-16 16:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-16 16:06 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 44544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-07-09 75048]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2012-02-14 96240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
.
c:\users\OneSource\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
Dropbox.lnk - c:\users\OneSource\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-8-24 484976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2012-02-14 23:26 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/09 02:31;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-04-27 232944]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 250288]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-07-09 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-07-09 79360]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 114144]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2009-09-21 315664]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-07-09 79360]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-13 1255736]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2012-02-14 2451440]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-11-12 23464]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-22 202752]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2012-05-25 173408]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2012-05-25 1496416]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-09-16 403456]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2010-01-11 155648]
S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-08-02 1027792]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-08-02 82160]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [2010-05-07 78848]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-02 80896]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-05-25 121184]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-05-25 119136]
S2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-05-25 180576]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-09-16 907264]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-01-22 6233088]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-01-22 161280]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2009-09-16 71168]
S3 bpmp;bpmp;c:\windows\system32\DRIVERS\bpmp.sys [2009-09-16 174592]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2009-09-16 81920]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-07-13 69736]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-10 270848]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 28048116
*NewlyCreated* - 29220591
*NewlyCreated* - ASWMBR
*Deregistered* - 28048116
*Deregistered* - 29220591
*Deregistered* - aswMBR
*Deregistered* - CLKMDRV10_9EC60124
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 03:06]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2110893426-1427874431-910128169-1000Core.job
- c:\users\OneSource\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 10:45]
.
2012-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2110893426-1427874431-910128169-1000UA.job
- c:\users\OneSource\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-09 10:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\OneSource\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-09-16 1437696]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2009-09-21 1926928]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-08-07 3179088]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-08-08 828416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: LastPass - file://c:\users\OneSource\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\OneSource\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Sothink Flash Downloader For IE - c:\program files (x86)\Common Files\SourceTec\SWF Catcher Special\InternetExplorer.htm
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\OneSource\AppData\Roaming\Mozilla\Firefox\Profiles\mt5a3zt2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE "%1"
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-FAStartup - (no file)
SafeBoot-28048116.sys
SafeBoot-AMP
SafeBoot-AMPSE
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-23 21:56:26
ComboFix-quarantined-files.txt 2012-09-24 04:56
.
Pre-Run: 313,782,071,296 bytes free
Post-Run: 313,705,517,056 bytes free
.
- - End Of File - - C7A3825323934E98ECE7DE787B148D8D

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:32 PM

Posted 24 September 2012 - 12:08 AM

Greetings

we will remove everything later

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users