Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FBI Moneypak infection...did I get it all?


  • This topic is locked This topic is locked
16 replies to this topic

#1 ricoval

ricoval

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 05 October 2012 - 03:54 PM

Howdy -

About 2 weeks ago I got the FBI Moneypak virus and an especially virulent version I think. Hit both user accounts on the laptop and wouldn't allow even allow me to boot into safe mode without freezing on its landing page. I finally got in by booting into safe w/ command line and was able to launch emsisoft. That unfroze everything and then I was able to run MBAM and SBSD. Coming up clean now and seems to be running fine, but given how nasty this thing was, I want to double check with the experts. Below is my DDS information. I'm 64bit so I didn't do GMER. Thanks in advance!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russ at 16:38:21 on 2012-10-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.1454 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_278_ActiveX.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Russ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &??????? ? Microsoft Excel - C:\PROGRA~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{21B4392B-E228-4FFE-8303-A1DF505BC76F} : DhcpNameServer = 172.18.10.11 172.18.10.10 172.16.2.11 172.16.2.10
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15} : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\47F6E6375767 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\6594050234573747F6D65627027596D26496 : DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\77962756C6563737 : DhcpNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\C696E6B6379737 : DhcpNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russ\AppData\Roaming\Mozilla\Firefox\Profiles\r2twt1k8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\windows\system32\drivers\McPvDrv.sys --> C:\windows\system32\drivers\McPvDrv.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 MOBKFilter;MOBKFilter;C:\windows\system32\DRIVERS\MOBK.sys --> C:\windows\system32\DRIVERS\MOBK.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-16 89600]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-16 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-6-7 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-6-7 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\windows\system32\mfevtps.exe" --> C:\windows\system32\mfevtps.exe [?]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-17 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-16 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S2 0150731349003995mcinstcleanup;McAfee Application Installer Cleanup (0150731349003995);C:\windows\TEMP\015073~1.EXE -cleanup -nolog --> C:\windows\TEMP\015073~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-31 250288]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\system32\drivers\HipShieldK.sys --> C:\windows\system32\drivers\HipShieldK.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 114144]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-30 14:02:22 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-30 14:02:17 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 13:04:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 12:24:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-30 12:24:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-30 03:02:26 -------- d-----w- C:\Users\Russ\AppData\Roaming\Malwarebytes
2012-09-30 03:02:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-30 03:02:16 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-30 03:02:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 22:38:59 73096 ----a-w- C:\windows\System32\drivers\McPvDrv.sys
2012-09-29 22:38:31 196440 ----a-w- C:\windows\System32\drivers\HipShieldK.sys
2012-09-29 20:47:21 -------- d-sh--w- C:\found.000
2012-09-27 22:56:46 -------- d-----w- C:\Users\Russ\AppData\Roaming\Roaming
2012-09-26 05:55:03 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-22 07:01:01 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-22 07:01:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-09-22 07:01:00 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-09-22 07:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-09-22 07:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-09-22 07:01:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-09-22 07:01:00 140936 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-09-17 17:59:17 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-17 17:58:30 -------- d-----w- C:\Program Files\iPod
2012-09-17 17:58:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 17:58:13 -------- d-----w- C:\Program Files\iTunes
2012-09-12 09:33:27 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-09-12 09:33:27 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys
2012-09-12 09:33:24 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-09-12 09:33:24 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-09-12 09:33:21 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-09-12 09:33:21 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 09:33:21 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-09-11 11:55:51 212240 ----a-w- C:\windows\SysWow64\RICHTX32.OCX
2012-09-11 11:55:50 -------- d-----w- C:\Program Files (x86)\Kernel Outlook PST Viewer
2012-09-08 11:40:26 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-06 20:17:31 -------- d-----w- C:\Users\Russ\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2012-09-30 14:02:11 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-09-20 20:21:14 73136 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-20 20:21:14 696240 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-21 17:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-09 17:42:56 4547984 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-07-09 17:42:54 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
.
============= FINISH: 16:39:14.35 ===============

BC AdBot (Login to Remove)

 


#2 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 06 October 2012 - 12:03 PM

Hello Ricoval and welcome to BleepingComputer forums.

Please follow my guidance. If you have questions, please stop and ask.

Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode

On the left hand side, slect Tools
Then click on the Resident icon in the list
Uncheck Resident TeaTimer and OK any prompts.
Now Logoff & Restart your computer fresh.

NEXT:
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.

Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.
Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4
Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Step 5
  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program. Posted Image

Then copy/paste the following into your post (in order):
  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;
Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.
Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Edited by Maurice Naggar, 06 October 2012 - 12:06 PM.
disable Tea Timer

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#3 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 06 October 2012 - 02:12 PM

Thanks for the rapid reply! Here is everything as requested.

# AdwCleaner v2.003 - Logfile created 10/06/2012 at 15:03:27
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Russ - RUSS-PC
# Boot Mode : Normal
# Running from : C:\Users\Russ\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\Russ\AppData\Roaming\Mozilla\Firefox\Profiles\r2twt1k8.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [690 octets] - [06/10/2012 15:03:27]



15:04:35.0530 1092 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
15:04:35.0811 1092 ============================================================
15:04:35.0811 1092 Current date / time: 2012/10/06 15:04:35.0811
15:04:35.0811 1092 SystemInfo:
15:04:35.0811 1092
15:04:35.0811 1092 OS Version: 6.1.7601 ServicePack: 1.0
15:04:35.0811 1092 Product type: Workstation
15:04:35.0811 1092 ComputerName: RUSS-PC
15:04:35.0811 1092 UserName: Russ
15:04:35.0811 1092 Windows directory: C:\windows
15:04:35.0811 1092 System windows directory: C:\windows
15:04:35.0811 1092 Running under WOW64
15:04:35.0811 1092 Processor architecture: Intel x64
15:04:35.0811 1092 Number of processors: 4
15:04:35.0811 1092 Page size: 0x1000
15:04:35.0811 1092 Boot type: Normal boot
15:04:35.0811 1092 ============================================================
15:04:36.0310 1092 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:36.0310 1092 ============================================================
15:04:36.0310 1092 \Device\Harddisk0\DR0:
15:04:36.0310 1092 MBR partitions:
15:04:36.0310 1092 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:04:36.0310 1092 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
15:04:36.0310 1092 ============================================================
15:04:36.0341 1092 C: <-> \Device\Harddisk0\DR0\Partition2
15:04:36.0341 1092 ============================================================
15:04:36.0341 1092 Initialize success
15:04:36.0341 1092 ============================================================
15:05:16.0979 7676 ============================================================
15:05:16.0979 7676 Scan started
15:05:16.0979 7676 Mode: Manual;
15:05:16.0979 7676 ============================================================
15:05:17.0135 7676 ================ Scan system memory ========================
15:05:17.0416 7676 System memory - ok
15:05:17.0416 7676 ================ Scan services =============================
15:05:17.0572 7676 0150731349003995mcinstcleanup - ok
15:05:17.0697 7676 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
15:05:17.0697 7676 1394ohci - ok
15:05:17.0868 7676 A2DDA - ok
15:05:17.0915 7676 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
15:05:17.0915 7676 ACPI - ok
15:05:17.0931 7676 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
15:05:17.0931 7676 AcpiPmi - ok
15:05:18.0040 7676 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:05:18.0040 7676 AdobeARMservice - ok
15:05:18.0165 7676 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:05:18.0165 7676 AdobeFlashPlayerUpdateSvc - ok
15:05:18.0196 7676 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
15:05:18.0212 7676 adp94xx - ok
15:05:18.0258 7676 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
15:05:18.0258 7676 adpahci - ok
15:05:18.0258 7676 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
15:05:18.0258 7676 adpu320 - ok
15:05:18.0290 7676 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:05:18.0290 7676 AeLookupSvc - ok
15:05:18.0399 7676 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
15:05:18.0399 7676 AESTFilters - ok
15:05:18.0430 7676 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:05:18.0446 7676 AFD - ok
15:05:18.0461 7676 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
15:05:18.0461 7676 agp440 - ok
15:05:18.0477 7676 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:05:18.0492 7676 ALG - ok
15:05:18.0492 7676 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
15:05:18.0492 7676 aliide - ok
15:05:18.0492 7676 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
15:05:18.0492 7676 amdide - ok
15:05:18.0492 7676 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
15:05:18.0508 7676 AmdK8 - ok
15:05:18.0508 7676 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
15:05:18.0508 7676 AmdPPM - ok
15:05:18.0524 7676 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:05:18.0524 7676 amdsata - ok
15:05:18.0555 7676 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
15:05:18.0555 7676 amdsbs - ok
15:05:18.0570 7676 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:05:18.0570 7676 amdxata - ok
15:05:18.0617 7676 [ 6690E42CED5D067233ABAD42DA141213 ] ApfiltrService C:\windows\system32\DRIVERS\Apfiltr.sys
15:05:18.0617 7676 ApfiltrService - ok
15:05:18.0648 7676 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:05:18.0648 7676 AppID - ok
15:05:18.0664 7676 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:05:18.0664 7676 AppIDSvc - ok
15:05:18.0680 7676 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:05:18.0680 7676 Appinfo - ok
15:05:18.0726 7676 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:05:18.0726 7676 Apple Mobile Device - ok
15:05:18.0742 7676 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
15:05:18.0758 7676 arc - ok
15:05:18.0758 7676 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
15:05:18.0758 7676 arcsas - ok
15:05:18.0836 7676 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:05:18.0882 7676 aspnet_state - ok
15:05:18.0914 7676 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:05:18.0914 7676 AsyncMac - ok
15:05:18.0945 7676 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
15:05:18.0945 7676 atapi - ok
15:05:19.0007 7676 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:05:19.0007 7676 AudioEndpointBuilder - ok
15:05:19.0023 7676 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:05:19.0023 7676 AudioSrv - ok
15:05:19.0101 7676 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:05:19.0101 7676 AxInstSV - ok
15:05:19.0148 7676 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
15:05:19.0163 7676 b06bdrv - ok
15:05:19.0210 7676 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:05:19.0226 7676 b57nd60a - ok
15:05:19.0366 7676 [ 783F1C7ED6B39454A8D1028D4F30768D ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
15:05:19.0460 7676 BCM43XX - ok
15:05:19.0522 7676 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:05:19.0522 7676 BDESVC - ok
15:05:19.0538 7676 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:05:19.0538 7676 Beep - ok
15:05:19.0584 7676 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:05:19.0584 7676 BFE - ok
15:05:19.0631 7676 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
15:05:19.0631 7676 BITS - ok
15:05:19.0662 7676 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:05:19.0662 7676 blbdrive - ok
15:05:19.0709 7676 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
15:05:19.0709 7676 Bonjour Service - ok
15:05:19.0740 7676 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:05:19.0740 7676 bowser - ok
15:05:19.0772 7676 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
15:05:19.0772 7676 BrFiltLo - ok
15:05:19.0787 7676 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
15:05:19.0787 7676 BrFiltUp - ok
15:05:19.0818 7676 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:05:19.0818 7676 Browser - ok
15:05:19.0834 7676 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:05:19.0834 7676 Brserid - ok
15:05:19.0834 7676 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:05:19.0850 7676 BrSerWdm - ok
15:05:19.0850 7676 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:05:19.0850 7676 BrUsbMdm - ok
15:05:19.0850 7676 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:05:19.0850 7676 BrUsbSer - ok
15:05:19.0896 7676 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
15:05:19.0896 7676 BthEnum - ok
15:05:19.0912 7676 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
15:05:19.0912 7676 BTHMODEM - ok
15:05:19.0943 7676 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
15:05:19.0943 7676 BthPan - ok
15:05:19.0990 7676 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
15:05:19.0990 7676 BTHPORT - ok
15:05:20.0037 7676 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:05:20.0037 7676 bthserv - ok
15:05:20.0068 7676 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
15:05:20.0068 7676 BTHUSB - ok
15:05:20.0130 7676 [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL C:\windows\system32\DRIVERS\btwampfl.sys
15:05:20.0130 7676 BTWAMPFL - ok
15:05:20.0177 7676 [ F6135859A582A7294BA7A3336E08BAA1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
15:05:20.0177 7676 btwaudio - ok
15:05:20.0193 7676 [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
15:05:20.0193 7676 btwavdt - ok
15:05:20.0255 7676 [ B7DEA77EE893806859072274EE8EC8FC ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
15:05:20.0271 7676 btwdins - ok
15:05:20.0286 7676 [ 9AD0FA253ED531D39FB2D74FE12A5FA9 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
15:05:20.0286 7676 btwl2cap - ok
15:05:20.0302 7676 [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
15:05:20.0302 7676 btwrchid - ok
15:05:20.0505 7676 [ E919BAE431B9749274E64286E24BE1E5 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
15:05:20.0567 7676 CarboniteService - ok
15:05:20.0583 7676 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:05:20.0598 7676 cdfs - ok
15:05:20.0630 7676 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:05:20.0630 7676 cdrom - ok
15:05:20.0661 7676 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:05:20.0676 7676 CertPropSvc - ok
15:05:20.0708 7676 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\windows\system32\drivers\cfwids.sys
15:05:20.0708 7676 cfwids - ok
15:05:20.0739 7676 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
15:05:20.0739 7676 circlass - ok
15:05:20.0770 7676 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:05:20.0770 7676 CLFS - ok
15:05:20.0848 7676 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:05:20.0848 7676 clr_optimization_v2.0.50727_32 - ok
15:05:20.0895 7676 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:05:20.0895 7676 clr_optimization_v2.0.50727_64 - ok
15:05:20.0973 7676 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:05:21.0020 7676 clr_optimization_v4.0.30319_32 - ok
15:05:21.0051 7676 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:05:21.0082 7676 clr_optimization_v4.0.30319_64 - ok
15:05:21.0098 7676 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:05:21.0098 7676 CmBatt - ok
15:05:21.0129 7676 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
15:05:21.0129 7676 cmdide - ok
15:05:21.0191 7676 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:05:21.0191 7676 CNG - ok
15:05:21.0238 7676 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
15:05:21.0238 7676 Compbatt - ok
15:05:21.0269 7676 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:05:21.0269 7676 CompositeBus - ok
15:05:21.0285 7676 COMSysApp - ok
15:05:21.0332 7676 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
15:05:21.0332 7676 crcdisk - ok
15:05:21.0363 7676 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
15:05:21.0378 7676 CryptSvc - ok
15:05:21.0425 7676 [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt C:\windows\system32\DRIVERS\CtClsFlt.sys
15:05:21.0441 7676 CtClsFlt - ok
15:05:21.0472 7676 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:05:21.0472 7676 DcomLaunch - ok
15:05:21.0503 7676 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:05:21.0503 7676 defragsvc - ok
15:05:21.0566 7676 [ 88D5FE2109F1A52CF69BA410082A833A ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
15:05:21.0566 7676 DellDigitalDelivery - ok
15:05:21.0597 7676 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:05:21.0597 7676 DfsC - ok
15:05:21.0628 7676 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:05:21.0644 7676 Dhcp - ok
15:05:21.0659 7676 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:05:21.0659 7676 discache - ok
15:05:21.0706 7676 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
15:05:21.0706 7676 Disk - ok
15:05:21.0722 7676 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:05:21.0722 7676 Dnscache - ok
15:05:21.0753 7676 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:05:21.0753 7676 dot3svc - ok
15:05:21.0768 7676 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:05:21.0768 7676 DPS - ok
15:05:21.0815 7676 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:05:21.0815 7676 drmkaud - ok
15:05:21.0846 7676 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:05:21.0862 7676 DXGKrnl - ok
15:05:21.0878 7676 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:05:21.0878 7676 EapHost - ok
15:05:21.0956 7676 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
15:05:22.0018 7676 ebdrv - ok
15:05:22.0049 7676 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:05:22.0049 7676 EFS - ok
15:05:22.0096 7676 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:05:22.0112 7676 ehRecvr - ok
15:05:22.0127 7676 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:05:22.0127 7676 ehSched - ok
15:05:22.0158 7676 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
15:05:22.0158 7676 elxstor - ok
15:05:22.0174 7676 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
15:05:22.0174 7676 ErrDev - ok
15:05:22.0205 7676 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:05:22.0205 7676 EventSystem - ok
15:05:22.0221 7676 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:05:22.0221 7676 exfat - ok
15:05:22.0236 7676 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:05:22.0236 7676 fastfat - ok
15:05:22.0283 7676 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:05:22.0283 7676 Fax - ok
15:05:22.0283 7676 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
15:05:22.0283 7676 fdc - ok
15:05:22.0314 7676 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:05:22.0314 7676 fdPHost - ok
15:05:22.0330 7676 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:05:22.0330 7676 FDResPub - ok
15:05:22.0346 7676 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:05:22.0346 7676 FileInfo - ok
15:05:22.0361 7676 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:05:22.0361 7676 Filetrace - ok
15:05:22.0377 7676 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
15:05:22.0377 7676 flpydisk - ok
15:05:22.0392 7676 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:05:22.0392 7676 FltMgr - ok
15:05:22.0424 7676 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:05:22.0455 7676 FontCache - ok
15:05:22.0502 7676 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:05:22.0502 7676 FontCache3.0.0.0 - ok
15:05:22.0502 7676 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:05:22.0502 7676 FsDepends - ok
15:05:22.0517 7676 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:05:22.0517 7676 Fs_Rec - ok
15:05:22.0548 7676 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:05:22.0548 7676 fvevol - ok
15:05:22.0580 7676 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
15:05:22.0580 7676 gagp30kx - ok
15:05:22.0611 7676 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:05:22.0611 7676 GEARAspiWDM - ok
15:05:22.0658 7676 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:05:22.0658 7676 gpsvc - ok
15:05:22.0689 7676 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:05:22.0689 7676 hcw85cir - ok
15:05:22.0720 7676 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:05:22.0720 7676 HdAudAddService - ok
15:05:22.0751 7676 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:05:22.0751 7676 HDAudBus - ok
15:05:22.0751 7676 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
15:05:22.0751 7676 HidBatt - ok
15:05:22.0767 7676 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
15:05:22.0767 7676 HidBth - ok
15:05:22.0782 7676 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
15:05:22.0782 7676 HidIr - ok
15:05:22.0798 7676 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:05:22.0798 7676 hidserv - ok
15:05:22.0814 7676 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:05:22.0814 7676 HidUsb - ok
15:05:22.0860 7676 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
15:05:22.0860 7676 HipShieldK - ok
15:05:22.0892 7676 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:05:22.0892 7676 hkmsvc - ok
15:05:22.0907 7676 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:05:22.0907 7676 HomeGroupListener - ok
15:05:22.0938 7676 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:05:22.0938 7676 HomeGroupProvider - ok
15:05:22.0954 7676 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
15:05:22.0954 7676 HpSAMD - ok
15:05:23.0001 7676 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:05:23.0016 7676 HTTP - ok
15:05:23.0032 7676 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:05:23.0032 7676 hwpolicy - ok
15:05:23.0079 7676 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:05:23.0079 7676 i8042prt - ok
15:05:23.0126 7676 [ D469B77687E12FE43E344806740B624D ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:05:23.0126 7676 iaStor - ok
15:05:23.0188 7676 [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:05:23.0188 7676 IAStorDataMgrSvc - ok
15:05:23.0235 7676 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:05:23.0235 7676 iaStorV - ok
15:05:23.0313 7676 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:05:23.0328 7676 idsvc - ok
15:05:23.0594 7676 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:05:23.0812 7676 igfx - ok
15:05:23.0828 7676 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
15:05:23.0843 7676 iirsp - ok
15:05:23.0874 7676 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:05:23.0874 7676 IKEEXT - ok
15:05:23.0921 7676 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:05:23.0937 7676 IntcDAud - ok
15:05:23.0937 7676 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
15:05:23.0937 7676 intelide - ok
15:05:23.0968 7676 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:05:23.0968 7676 intelppm - ok
15:05:23.0968 7676 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:05:23.0984 7676 IPBusEnum - ok
15:05:23.0984 7676 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:05:23.0984 7676 IpFilterDriver - ok
15:05:23.0999 7676 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:05:24.0015 7676 iphlpsvc - ok
15:05:24.0030 7676 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
15:05:24.0030 7676 IPMIDRV - ok
15:05:24.0030 7676 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:05:24.0030 7676 IPNAT - ok
15:05:24.0093 7676 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
15:05:24.0093 7676 iPod Service - ok
15:05:24.0108 7676 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:05:24.0124 7676 IRENUM - ok
15:05:24.0124 7676 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
15:05:24.0124 7676 isapnp - ok
15:05:24.0140 7676 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
15:05:24.0155 7676 iScsiPrt - ok
15:05:24.0171 7676 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:05:24.0186 7676 kbdclass - ok
15:05:24.0186 7676 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
15:05:24.0186 7676 kbdhid - ok
15:05:24.0202 7676 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:05:24.0202 7676 KeyIso - ok
15:05:24.0233 7676 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:05:24.0249 7676 KSecDD - ok
15:05:24.0280 7676 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:05:24.0280 7676 KSecPkg - ok
15:05:24.0296 7676 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:05:24.0296 7676 ksthunk - ok
15:05:24.0327 7676 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:05:24.0327 7676 KtmRm - ok
15:05:24.0374 7676 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:05:24.0389 7676 LanmanServer - ok
15:05:24.0420 7676 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:05:24.0420 7676 LanmanWorkstation - ok
15:05:24.0452 7676 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:05:24.0452 7676 lltdio - ok
15:05:24.0483 7676 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:05:24.0498 7676 lltdsvc - ok
15:05:24.0514 7676 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:05:24.0530 7676 lmhosts - ok
15:05:24.0670 7676 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:05:24.0686 7676 LMS - ok
15:05:24.0717 7676 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
15:05:24.0717 7676 LSI_FC - ok
15:05:24.0732 7676 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
15:05:24.0732 7676 LSI_SAS - ok
15:05:24.0748 7676 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
15:05:24.0748 7676 LSI_SAS2 - ok
15:05:24.0748 7676 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
15:05:24.0748 7676 LSI_SCSI - ok
15:05:24.0779 7676 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:05:24.0779 7676 luafv - ok
15:05:24.0873 7676 [ C121367D21599367F2ADB9C11B7BABAA ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:05:24.0873 7676 McAfee SiteAdvisor Service - ok
15:05:24.0888 7676 [ C121367D21599367F2ADB9C11B7BABAA ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:05:24.0888 7676 McMPFSvc - ok
15:05:24.0904 7676 [ C121367D21599367F2ADB9C11B7BABAA ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:05:24.0904 7676 mcmscsvc - ok
15:05:24.0904 7676 [ C121367D21599367F2ADB9C11B7BABAA ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:05:24.0904 7676 McNaiAnn - ok
15:05:24.0935 7676 [ C121367D21599367F2ADB9C11B7BABAA ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:05:24.0935 7676 McNASvc - ok
15:05:24.0998 7676 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
15:05:25.0013 7676 McODS - ok
15:05:25.0029 7676 [ C121367D21599367F2ADB9C11B7BABAA ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
15:05:25.0029 7676 McProxy - ok
15:05:25.0060 7676 [ 07ADF390306FC00297EE9B2247C0678E ] McPvDrv C:\windows\system32\drivers\McPvDrv.sys
15:05:25.0060 7676 McPvDrv - ok
15:05:25.0091 7676 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
15:05:25.0091 7676 McShield - ok
15:05:25.0122 7676 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:05:25.0138 7676 Mcx2Svc - ok
15:05:25.0216 7676 [ E416E967E3FB6FB1E9AE12B9C7DAB526 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
15:05:25.0216 7676 MDM - ok
15:05:25.0247 7676 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
15:05:25.0247 7676 megasas - ok
15:05:25.0278 7676 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
15:05:25.0278 7676 MegaSR - ok
15:05:25.0310 7676 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:05:25.0310 7676 MEIx64 - ok
15:05:25.0341 7676 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
15:05:25.0356 7676 mfeapfk - ok
15:05:25.0388 7676 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
15:05:25.0403 7676 mfeavfk - ok
15:05:25.0419 7676 mfeavfk01 - ok
15:05:25.0466 7676 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
15:05:25.0466 7676 mfefire - ok
15:05:25.0481 7676 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
15:05:25.0481 7676 mfefirek - ok
15:05:25.0528 7676 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\windows\system32\drivers\mfehidk.sys
15:05:25.0528 7676 mfehidk - ok
15:05:25.0544 7676 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
15:05:25.0544 7676 mferkdet - ok
15:05:25.0590 7676 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\windows\system32\mfevtps.exe
15:05:25.0590 7676 mfevtp - ok
15:05:25.0622 7676 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
15:05:25.0622 7676 mfewfpk - ok
15:05:25.0637 7676 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:05:25.0637 7676 MMCSS - ok
15:05:25.0715 7676 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
15:05:25.0715 7676 MOBKbackup - ok
15:05:25.0731 7676 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
15:05:25.0731 7676 MOBKFilter - ok
15:05:25.0746 7676 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:05:25.0746 7676 Modem - ok
15:05:25.0793 7676 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:05:25.0793 7676 monitor - ok
15:05:25.0824 7676 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:05:25.0824 7676 mouclass - ok
15:05:25.0840 7676 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\drivers\mouhid.sys
15:05:25.0840 7676 mouhid - ok
15:05:25.0871 7676 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:05:25.0871 7676 mountmgr - ok
15:05:25.0934 7676 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:05:25.0934 7676 MozillaMaintenance - ok
15:05:25.0949 7676 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
15:05:25.0949 7676 mpio - ok
15:05:25.0965 7676 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:05:25.0965 7676 mpsdrv - ok
15:05:26.0012 7676 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:05:26.0027 7676 MpsSvc - ok
15:05:26.0043 7676 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:05:26.0043 7676 MRxDAV - ok
15:05:26.0058 7676 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:05:26.0074 7676 mrxsmb - ok
15:05:26.0090 7676 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:05:26.0090 7676 mrxsmb10 - ok
15:05:26.0105 7676 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:05:26.0105 7676 mrxsmb20 - ok
15:05:26.0121 7676 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
15:05:26.0121 7676 msahci - ok
15:05:26.0152 7676 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
15:05:26.0152 7676 msdsm - ok
15:05:26.0168 7676 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:05:26.0168 7676 MSDTC - ok
15:05:26.0183 7676 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:05:26.0183 7676 Msfs - ok
15:05:26.0214 7676 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:05:26.0214 7676 mshidkmdf - ok
15:05:26.0230 7676 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
15:05:26.0230 7676 msisadrv - ok
15:05:26.0261 7676 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:05:26.0261 7676 MSiSCSI - ok
15:05:26.0261 7676 msiserver - ok
15:05:26.0292 7676 [ C121367D21599367F2ADB9C11B7BABAA ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
15:05:26.0292 7676 MSK80Service - ok
15:05:26.0308 7676 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:05:26.0308 7676 MSKSSRV - ok
15:05:26.0308 7676 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:05:26.0308 7676 MSPCLOCK - ok
15:05:26.0324 7676 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:05:26.0324 7676 MSPQM - ok
15:05:26.0339 7676 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:05:26.0355 7676 MsRPC - ok
15:05:26.0355 7676 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:05:26.0355 7676 mssmbios - ok
15:05:26.0370 7676 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:05:26.0370 7676 MSTEE - ok
15:05:26.0386 7676 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
15:05:26.0386 7676 MTConfig - ok
15:05:26.0402 7676 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:05:26.0402 7676 Mup - ok
15:05:26.0433 7676 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:05:26.0433 7676 napagent - ok
15:05:26.0480 7676 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:05:26.0480 7676 NativeWifiP - ok
15:05:26.0542 7676 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:05:26.0542 7676 NDIS - ok
15:05:26.0573 7676 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:05:26.0573 7676 NdisCap - ok
15:05:26.0589 7676 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:05:26.0589 7676 NdisTapi - ok
15:05:26.0604 7676 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:05:26.0604 7676 Ndisuio - ok
15:05:26.0620 7676 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:05:26.0620 7676 NdisWan - ok
15:05:26.0620 7676 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:05:26.0620 7676 NDProxy - ok
15:05:26.0636 7676 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:05:26.0636 7676 NetBIOS - ok
15:05:26.0651 7676 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:05:26.0651 7676 NetBT - ok
15:05:26.0667 7676 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:05:26.0667 7676 Netlogon - ok
15:05:26.0714 7676 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:05:26.0714 7676 Netman - ok
15:05:26.0760 7676 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:05:26.0776 7676 NetMsmqActivator - ok
15:05:26.0792 7676 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:05:26.0792 7676 NetPipeActivator - ok
15:05:26.0823 7676 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:05:26.0823 7676 netprofm - ok
15:05:26.0838 7676 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:05:26.0838 7676 NetTcpActivator - ok
15:05:26.0838 7676 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:05:26.0838 7676 NetTcpPortSharing - ok
15:05:26.0854 7676 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
15:05:26.0854 7676 nfrd960 - ok
15:05:26.0885 7676 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
15:05:26.0885 7676 NlaSvc - ok
15:05:26.0994 7676 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:05:27.0010 7676 NOBU - ok
15:05:27.0057 7676 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:05:27.0057 7676 Npfs - ok
15:05:27.0088 7676 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:05:27.0088 7676 nsi - ok
15:05:27.0088 7676 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:05:27.0088 7676 nsiproxy - ok
15:05:27.0135 7676 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:05:27.0166 7676 Ntfs - ok
15:05:27.0182 7676 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:05:27.0182 7676 Null - ok
15:05:27.0213 7676 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:05:27.0213 7676 nvraid - ok
15:05:27.0228 7676 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:05:27.0228 7676 nvstor - ok
15:05:27.0228 7676 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
15:05:27.0228 7676 nv_agp - ok
15:05:27.0244 7676 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
15:05:27.0244 7676 ohci1394 - ok
15:05:27.0275 7676 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:05:27.0291 7676 ose - ok
15:05:27.0431 7676 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:05:27.0525 7676 osppsvc - ok
15:05:27.0556 7676 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:05:27.0556 7676 p2pimsvc - ok
15:05:27.0587 7676 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:05:27.0587 7676 p2psvc - ok
15:05:27.0603 7676 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
15:05:27.0603 7676 Parport - ok
15:05:27.0634 7676 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:05:27.0634 7676 partmgr - ok
15:05:27.0665 7676 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:05:27.0665 7676 PcaSvc - ok
15:05:27.0681 7676 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
15:05:27.0681 7676 pci - ok
15:05:27.0681 7676 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
15:05:27.0696 7676 pciide - ok
15:05:27.0712 7676 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
15:05:27.0712 7676 pcmcia - ok
15:05:27.0728 7676 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:05:27.0728 7676 pcw - ok
15:05:27.0759 7676 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:05:27.0759 7676 PEAUTH - ok
15:05:27.0852 7676 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:05:27.0868 7676 PerfHost - ok
15:05:27.0915 7676 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:05:27.0946 7676 pla - ok
15:05:27.0977 7676 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:05:27.0993 7676 PlugPlay - ok
15:05:27.0993 7676 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:05:27.0993 7676 PNRPAutoReg - ok
15:05:28.0024 7676 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:05:28.0024 7676 PNRPsvc - ok
15:05:28.0055 7676 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:05:28.0055 7676 PolicyAgent - ok
15:05:28.0071 7676 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
15:05:28.0087 7676 Power - ok
15:05:28.0118 7676 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:05:28.0118 7676 PptpMiniport - ok
15:05:28.0133 7676 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
15:05:28.0133 7676 Processor - ok
15:05:28.0180 7676 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:05:28.0180 7676 ProfSvc - ok
15:05:28.0196 7676 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:05:28.0196 7676 ProtectedStorage - ok
15:05:28.0227 7676 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:05:28.0227 7676 Psched - ok
15:05:28.0274 7676 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
15:05:28.0274 7676 PxHlpa64 - ok
15:05:28.0321 7676 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
15:05:28.0383 7676 ql2300 - ok
15:05:28.0383 7676 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
15:05:28.0383 7676 ql40xx - ok
15:05:28.0430 7676 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:05:28.0430 7676 QWAVE - ok
15:05:28.0445 7676 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:05:28.0445 7676 QWAVEdrv - ok
15:05:28.0461 7676 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:05:28.0461 7676 RasAcd - ok
15:05:28.0492 7676 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:05:28.0492 7676 RasAgileVpn - ok
15:05:28.0492 7676 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:05:28.0508 7676 RasAuto - ok
15:05:28.0523 7676 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:05:28.0523 7676 Rasl2tp - ok
15:05:28.0539 7676 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:05:28.0539 7676 RasMan - ok
15:05:28.0555 7676 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:05:28.0555 7676 RasPppoe - ok
15:05:28.0570 7676 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:05:28.0570 7676 RasSstp - ok
15:05:28.0601 7676 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:05:28.0601 7676 rdbss - ok
15:05:28.0617 7676 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
15:05:28.0617 7676 rdpbus - ok
15:05:28.0648 7676 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:05:28.0648 7676 RDPCDD - ok
15:05:28.0664 7676 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:05:28.0664 7676 RDPENCDD - ok
15:05:28.0679 7676 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:05:28.0679 7676 RDPREFMP - ok
15:05:28.0711 7676 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:05:28.0711 7676 RDPWD - ok
15:05:28.0726 7676 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:05:28.0726 7676 rdyboost - ok
15:05:28.0757 7676 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:05:28.0773 7676 RemoteAccess - ok
15:05:28.0789 7676 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:05:28.0804 7676 RemoteRegistry - ok
15:05:28.0820 7676 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
15:05:28.0820 7676 RFCOMM - ok
15:05:28.0867 7676 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
15:05:28.0867 7676 RimUsb - ok
15:05:28.0960 7676 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:05:28.0991 7676 RoxMediaDB12OEM - ok
15:05:29.0038 7676 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:05:29.0054 7676 RoxWatch12 - ok
15:05:29.0069 7676 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:05:29.0069 7676 RpcEptMapper - ok
15:05:29.0101 7676 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:05:29.0101 7676 RpcLocator - ok
15:05:29.0116 7676 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:05:29.0132 7676 RpcSs - ok
15:05:29.0163 7676 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:05:29.0163 7676 rspndr - ok
15:05:29.0210 7676 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
15:05:29.0210 7676 RSUSBSTOR - ok
15:05:29.0241 7676 [ E50CFB92986DCAB49DE93788FD695813 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:05:29.0241 7676 RTL8167 - ok
15:05:29.0257 7676 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:05:29.0257 7676 SamSs - ok
15:05:29.0288 7676 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
15:05:29.0288 7676 sbp2port - ok
15:05:29.0319 7676 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:05:29.0335 7676 SCardSvr - ok
15:05:29.0350 7676 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:05:29.0350 7676 scfilter - ok
15:05:29.0381 7676 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:05:29.0413 7676 Schedule - ok
15:05:29.0428 7676 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:05:29.0428 7676 SCPolicySvc - ok
15:05:29.0459 7676 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:05:29.0459 7676 SDRSVC - ok
15:05:29.0475 7676 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:05:29.0475 7676 secdrv - ok
15:05:29.0506 7676 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:05:29.0506 7676 seclogon - ok
15:05:29.0522 7676 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:05:29.0522 7676 SENS - ok
15:05:29.0522 7676 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:05:29.0522 7676 SensrSvc - ok
15:05:29.0553 7676 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
15:05:29.0553 7676 Serenum - ok
15:05:29.0569 7676 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
15:05:29.0569 7676 Serial - ok
15:05:29.0584 7676 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
15:05:29.0584 7676 sermouse - ok
15:05:29.0615 7676 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:05:29.0615 7676 SessionEnv - ok
15:05:29.0615 7676 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
15:05:29.0615 7676 sffdisk - ok
15:05:29.0615 7676 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
15:05:29.0631 7676 sffp_mmc - ok
15:05:29.0631 7676 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
15:05:29.0631 7676 sffp_sd - ok
15:05:29.0631 7676 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
15:05:29.0631 7676 sfloppy - ok
15:05:29.0709 7676 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:05:29.0725 7676 SftService - ok
15:05:29.0756 7676 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:05:29.0756 7676 SharedAccess - ok
15:05:29.0771 7676 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:05:29.0787 7676 ShellHWDetection - ok
15:05:29.0787 7676 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
15:05:29.0787 7676 SiSRaid2 - ok
15:05:29.0803 7676 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
15:05:29.0803 7676 SiSRaid4 - ok
15:05:29.0818 7676 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:05:29.0818 7676 Smb - ok
15:05:29.0865 7676 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:05:29.0865 7676 SNMPTRAP - ok
15:05:29.0881 7676 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:05:29.0881 7676 spldr - ok
15:05:29.0912 7676 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:05:29.0927 7676 Spooler - ok
15:05:30.0005 7676 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:05:30.0021 7676 sppsvc - ok
15:05:30.0037 7676 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:05:30.0052 7676 sppuinotify - ok
15:05:30.0068 7676 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:05:30.0068 7676 srv - ok
15:05:30.0099 7676 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:05:30.0099 7676 srv2 - ok
15:05:30.0115 7676 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:05:30.0115 7676 srvnet - ok
15:05:30.0146 7676 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:05:30.0161 7676 SSDPSRV - ok
15:05:30.0161 7676 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:05:30.0161 7676 SstpSvc - ok
15:05:30.0208 7676 [ A6B2EC3A2B6AD7C3F7B2F3495CADE4C0 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
15:05:30.0208 7676 STacSV - ok
15:05:30.0224 7676 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
15:05:30.0224 7676 stexstor - ok
15:05:30.0271 7676 [ EBA98394A7D58F7552C52192BD8FA7E6 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
15:05:30.0286 7676 STHDA - ok
15:05:30.0302 7676 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:05:30.0317 7676 stisvc - ok
15:05:30.0364 7676 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:05:30.0364 7676 stllssvr - ok
15:05:30.0364 7676 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:05:30.0380 7676 swenum - ok
15:05:30.0395 7676 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:05:30.0395 7676 swprv - ok
15:05:30.0442 7676 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:05:30.0489 7676 SysMain - ok
15:05:30.0505 7676 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:05:30.0505 7676 TabletInputService - ok
15:05:30.0520 7676 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:05:30.0536 7676 TapiSrv - ok
15:05:30.0551 7676 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:05:30.0551 7676 TBS - ok
15:05:30.0629 7676 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:05:30.0676 7676 Tcpip - ok
15:05:30.0723 7676 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:05:30.0739 7676 TCPIP6 - ok
15:05:30.0770 7676 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:05:30.0770 7676 tcpipreg - ok
15:05:30.0785 7676 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:05:30.0785 7676 TDPIPE - ok
15:05:30.0817 7676 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:05:30.0817 7676 TDTCP - ok
15:05:30.0832 7676 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:05:30.0832 7676 tdx - ok
15:05:30.0848 7676 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:05:30.0848 7676 TermDD - ok
15:05:30.0895 7676 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:05:30.0895 7676 TermService - ok
15:05:30.0910 7676 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:05:30.0926 7676 Themes - ok
15:05:30.0941 7676 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:05:30.0941 7676 THREADORDER - ok
15:05:30.0957 7676 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:05:30.0957 7676 TrkWks - ok
15:05:31.0004 7676 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:05:31.0004 7676 TrustedInstaller - ok
15:05:31.0019 7676 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:05:31.0019 7676 tssecsrv - ok
15:05:31.0051 7676 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
15:05:31.0051 7676 TsUsbFlt - ok
15:05:31.0066 7676 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
15:05:31.0066 7676 TsUsbGD - ok
15:05:31.0097 7676 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:05:31.0113 7676 tunnel - ok
15:05:31.0113 7676 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
15:05:31.0113 7676 uagp35 - ok
15:05:31.0144 7676 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:05:31.0144 7676 udfs - ok
15:05:31.0175 7676 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:05:31.0175 7676 UI0Detect - ok
15:05:31.0191 7676 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
15:05:31.0191 7676 uliagpkx - ok
15:05:31.0222 7676 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:05:31.0222 7676 umbus - ok
15:05:31.0222 7676 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
15:05:31.0222 7676 UmPass - ok
15:05:31.0363 7676 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:05:31.0378 7676 UNS - ok
15:05:31.0409 7676 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:05:31.0409 7676 upnphost - ok
15:05:31.0456 7676 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
15:05:31.0456 7676 USBAAPL64 - ok
15:05:31.0487 7676 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:05:31.0487 7676 usbccgp - ok
15:05:31.0503 7676 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
15:05:31.0503 7676 usbcir - ok
15:05:31.0519 7676 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
15:05:31.0519 7676 usbehci - ok
15:05:31.0565 7676 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:05:31.0565 7676 usbhub - ok
15:05:31.0597 7676 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:05:31.0597 7676 usbohci - ok
15:05:31.0597 7676 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:05:31.0597 7676 usbprint - ok
15:05:31.0628 7676 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:05:31.0628 7676 usbscan - ok
15:05:31.0643 7676 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:05:31.0643 7676 USBSTOR - ok
15:05:31.0643 7676 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:05:31.0643 7676 usbuhci - ok
15:05:31.0675 7676 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
15:05:31.0675 7676 usbvideo - ok
15:05:31.0721 7676 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:05:31.0721 7676 UxSms - ok
15:05:31.0721 7676 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:05:31.0737 7676 VaultSvc - ok
15:05:31.0753 7676 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
15:05:31.0768 7676 vdrvroot - ok
15:05:31.0784 7676 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:05:31.0784 7676 vds - ok
15:05:31.0815 7676 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:05:31.0831 7676 vga - ok
15:05:31.0846 7676 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:05:31.0846 7676 VgaSave - ok
15:05:31.0846 7676 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
15:05:31.0846 7676 vhdmp - ok
15:05:31.0862 7676 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
15:05:31.0862 7676 viaide - ok
15:05:31.0893 7676 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
15:05:31.0893 7676 volmgr - ok
15:05:31.0924 7676 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:05:31.0924 7676 volmgrx - ok
15:05:31.0940 7676 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
15:05:31.0940 7676 volsnap - ok
15:05:31.0971 7676 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
15:05:31.0971 7676 vsmraid - ok
15:05:32.0018 7676 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:05:32.0033 7676 VSS - ok
15:05:32.0033 7676 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:05:32.0033 7676 vwifibus - ok
15:05:32.0065 7676 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:05:32.0065 7676 vwififlt - ok
15:05:32.0111 7676 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:05:32.0111 7676 W32Time - ok
15:05:32.0127 7676 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
15:05:32.0127 7676 WacomPen - ok
15:05:32.0158 7676 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:05:32.0158 7676 WANARP - ok
15:05:32.0158 7676 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:05:32.0158 7676 Wanarpv6 - ok
15:05:32.0221 7676 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
15:05:32.0252 7676 WatAdminSvc - ok
15:05:32.0299 7676 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:05:32.0330 7676 wbengine - ok
15:05:32.0345 7676 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:05:32.0345 7676 WbioSrvc - ok
15:05:32.0377 7676 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:05:32.0377 7676 wcncsvc - ok
15:05:32.0392 7676 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:05:32.0392 7676 WcsPlugInService - ok
15:05:32.0423 7676 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
15:05:32.0423 7676 Wd - ok
15:05:32.0455 7676 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\windows\system32\DRIVERS\wdcsam64.sys
15:05:32.0455 7676 WDC_SAM - ok
15:05:32.0486 7676 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:05:32.0501 7676 Wdf01000 - ok
15:05:32.0517 7676 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:05:32.0517 7676 WdiServiceHost - ok
15:05:32.0517 7676 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:05:32.0533 7676 WdiSystemHost - ok
15:05:32.0548 7676 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:05:32.0548 7676 WebClient - ok
15:05:32.0548 7676 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:05:32.0564 7676 Wecsvc - ok
15:05:32.0579 7676 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:05:32.0579 7676 wercplsupport - ok
15:05:32.0595 7676 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:05:32.0611 7676 WerSvc - ok
15:05:32.0626 7676 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:05:32.0626 7676 WfpLwf - ok
15:05:32.0673 7676 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
15:05:32.0673 7676 WimFltr - ok
15:05:32.0689 7676 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:05:32.0689 7676 WIMMount - ok
15:05:32.0704 7676 WinDefend - ok
15:05:32.0720 7676 WinHttpAutoProxySvc - ok
15:05:32.0782 7676 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:05:32.0782 7676 Winmgmt - ok
15:05:32.0829 7676 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:05:32.0876 7676 WinRM - ok
15:05:32.0938 7676 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
15:05:32.0938 7676 WinUsb - ok
15:05:32.0985 7676 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:05:32.0985 7676 Wlansvc - ok
15:05:33.0063 7676 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:05:33.0063 7676 wlcrasvc - ok
15:05:33.0157 7676 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:33.0203 7676 wlidsvc - ok
15:05:33.0281 7676 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
15:05:33.0297 7676 WmiAcpi - ok
15:05:33.0328 7676 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:05:33.0328 7676 wmiApSrv - ok
15:05:33.0359 7676 WMPNetworkSvc - ok
15:05:33.0375 7676 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:05:33.0391 7676 WPCSvc - ok
15:05:33.0406 7676 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:05:33.0406 7676 WPDBusEnum - ok
15:05:33.0422 7676 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:05:33.0422 7676 ws2ifsl - ok
15:05:33.0437 7676 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
15:05:33.0437 7676 wscsvc - ok
15:05:33.0437 7676 WSearch - ok
15:05:33.0515 7676 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:05:33.0562 7676 wuauserv - ok
15:05:33.0578 7676 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:05:33.0578 7676 WudfPf - ok
15:05:33.0609 7676 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:05:33.0609 7676 WUDFRd - ok
15:05:33.0625 7676 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:05:33.0625 7676 wudfsvc - ok
15:05:33.0640 7676 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:05:33.0656 7676 WwanSvc - ok
15:05:33.0671 7676 ================ Scan global ===============================
15:05:33.0687 7676 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:05:33.0734 7676 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:05:33.0734 7676 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
15:05:33.0765 7676 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:05:33.0781 7676 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:05:33.0796 7676 [Global] - ok
15:05:33.0796 7676 ================ Scan MBR ==================================
15:05:33.0812 7676 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:05:34.0108 7676 \Device\Harddisk0\DR0 - ok
15:05:34.0108 7676 ================ Scan VBR ==================================
15:05:34.0108 7676 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
15:05:34.0108 7676 \Device\Harddisk0\DR0\Partition1 - ok
15:05:34.0124 7676 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
15:05:34.0124 7676 \Device\Harddisk0\DR0\Partition2 - ok
15:05:34.0139 7676 ============================================================
15:05:34.0139 7676 Scan finished
15:05:34.0139 7676 ============================================================
15:05:34.0139 7644 Detected object count: 0
15:05:34.0139 7644 Actual detected object count: 0


RogueKiller V8.1.1 [10/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Russ [Admin rights]
Mode : Scan -- Date : 10/06/2012 15:11:25

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[TASK][SUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent $(Arg0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPVT-75HXZT3 +++++
--- User ---
[MBR] b916e2daa5ffe3315d1b89691d85f1df
[BSP] 7e04598e79859857d95c55f885951935 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#4 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 07 October 2012 - 01:16 PM

Please make sure you tell me (confirm) that you had run the Emsisoft utility before this , and, if it had found nothing leftover .

The last 3 utility reports are good.


You will want to print out or copy these instructions to Notepad for offline reference!
These steps are for member Ricoval only. If you are a casual viewer, do NOT try this on your system!
If you are not Ricoval and have a similar problem, do NOT post here; start your own topic


Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system


Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop Posted Image and select "Run as Administrator".
  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.


A file will be created at => C:\Combofix.txt.

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#5 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 07 October 2012 - 04:16 PM

Thanks, Maurice. Emsisoft did remove the virus and showed clean. Just trying to triple check. Below is my combo log.

ComboFix 12-10-04.02 - Russ 10/07/2012 14:32:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.1648 [GMT -4:00]
Running from: c:\users\Russ\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll
c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll
c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll
c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll
c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll
c:\users\01RUS\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1094800813-1507345715-34216366-1004\034522de07a06fff2c9edbfe4cf9c71e_627c335e-dd9f-4a30-bf26-6e5515bd3dc0
c:\users\Russ\AppData\Roaming\Roaming
c:\users\Russ\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#buhlerak.com\settings.sol
c:\users\Russ\AppData\Roaming\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
.
.
((((((((((((((((((((((((( Files Created from 2012-09-07 to 2012-10-07 )))))))))))))))))))))))))))))))
.
.
2012-10-07 18:44 . 2012-10-07 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-07 18:44 . 2012-10-07 18:44 -------- d-----w- c:\users\01RUS\AppData\Local\temp
2012-10-06 18:51 . 2012-10-06 18:51 -------- d-----w- c:\program files (x86)\ERUNT
2012-09-30 14:04 . 2012-09-30 14:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-30 14:02 . 2012-09-30 14:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-30 14:02 . 2012-09-30 14:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 14:02 . 2012-09-30 14:02 -------- d-----w- c:\program files (x86)\Java
2012-09-30 13:04 . 2012-09-30 13:04 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 12:24 . 2012-09-30 13:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-30 12:24 . 2012-09-30 12:34 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-09-30 03:02 . 2012-09-30 03:02 -------- d-----w- c:\users\Russ\AppData\Roaming\Malwarebytes
2012-09-30 03:02 . 2012-09-30 03:02 -------- d-----w- c:\programdata\Malwarebytes
2012-09-30 03:02 . 2012-09-30 03:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-30 03:02 . 2012-09-07 21:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-29 22:38 . 2012-09-14 20:26 73096 ----a-w- c:\windows\system32\drivers\McPvDrv.sys
2012-09-29 22:38 . 2012-04-20 20:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-29 20:47 . 2012-09-29 20:47 -------- d-----w- C:\found.000
2012-09-26 05:55 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 07:01 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-09-22 07:01 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 07:01 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-09-22 07:01 . 2012-08-24 11:23 174216 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-09-22 07:01 . 2012-08-24 10:17 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-09-22 07:01 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2012-09-22 07:01 . 2012-08-24 06:48 194048 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2012-09-22 07:01 . 2012-08-24 06:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-09-17 17:59 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-17 17:58 . 2012-09-17 17:58 -------- d-----w- c:\program files\iPod
2012-09-17 17:58 . 2012-09-17 17:59 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 17:58 . 2012-09-17 17:59 -------- d-----w- c:\program files\iTunes
2012-09-12 09:33 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 09:33 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 09:33 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 09:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 09:33 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 09:33 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 09:33 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-11 11:55 . 2004-03-09 04:00 212240 ----a-w- c:\windows\SysWow64\RICHTX32.OCX
2012-09-11 11:55 . 2012-09-11 11:55 -------- d-----w- c:\program files (x86)\Kernel Outlook PST Viewer
2012-09-08 11:40 . 2012-09-08 11:40 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-30 14:02 . 2012-02-17 03:35 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-20 20:21 . 2012-06-01 00:59 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 20:21 . 2012-02-17 03:34 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-13 07:01 . 2012-05-22 11:18 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 17:01 . 2012-05-22 12:09 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-05-22 12:09 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 10:43 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 14:03 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 14:03 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 14:03 1014344 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-30 885760]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-07-26 1061960]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\Russ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2011-3-14 2125472]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-1-13 1138464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Russ\AppData\Local\Temp\Rar$EXa0.969\Run\a2ddax64.sys [x]
R2 0150731349003995mcinstcleanup;McAfee Application Installer Cleanup (0150731349003995);c:\windows\TEMP\015073~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-20 250288]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-05-22 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys [2012-09-14 73096]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-08-02 173056]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-08-18 349736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-08-18 39464]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 42901657
*Deregistered* - 42901657
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-01 20:21]
.
2012-08-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-08-23 05:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-07-26 13:56 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-07-26 13:56 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-07-26 13:56 1284168 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-30 2055016]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &??????? ? Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.0.1.1
FF - ProfilePath - c:\users\Russ\AppData\Roaming\Mozilla\Firefox\Profiles\r2twt1k8.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-07 15:06:13
ComboFix-quarantined-files.txt 2012-10-07 19:06
.
Pre-Run: 353,583,902,720 bytes free
Post-Run: 353,221,275,648 bytes free
.
- - End Of File - - D1B007A32C8728EEFDE3F7A1D9F5DFC0

#6 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 08 October 2012 - 10:28 AM

Ok, next,

Download >> Farbar's Service Scanner utility << and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.
If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.


Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

When all done, Re-Enable your antivirus program.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#7 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 09 October 2012 - 04:22 AM

Logs as requested below. Continuing thanks...

Farbar Service Scanner Version: 07-10-2012
Ran by Russ (administrator) on 08-10-2012 at 19:59:59
Running from "C:\Users\Russ\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Flash Player 11.4.402.278
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````



QuickScan 32-bit v0.9.9.118
---------------------------
Scan date: Tue Oct 09 05:18:50 2012
Machine ID: 7C4E86D4



No infection found.
-------------------



Processes
---------
accuweather 4128 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
Adobe Acrobat Update Service 1516 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
Adobe® Flash® Player Installer/Uninstal 7676 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
Audible Download Manager 3168 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
Bluetooth Software 6488 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
Carbonite InfoCenter 6192 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
DataSafe Update Launcher 4144 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
Dell DataSafe Local Backup 3796 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
Dell Digital Delivery Windows Service 6832 C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
Dropbox 5656 C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
Garmin Lifetime Updater 2368 C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
IAStorDataSvc 2816 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
IAStorIcon 3788 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
Intel® Active Management Technology L 4836 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
Intel® Management and Security Applic 1496 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
iTunes 6212 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Microsoft Development Environment 1960 C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
Microsoft Outlook 3076 C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft® Windows® Operating System 2012 C:\Windows\SysWOW64\rundll32.exe
Microsoft® Windows® Operating System 6880 C:\Windows\SysWOW64\rundll32.exe
MobileDeviceService 1600 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Roxio Burn 4628 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
Service Scheduling 3868 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
SoftThinks Agent Service 2080 C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
Stage Remote Manager 1712 C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
Stage Remote Service 772 C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
TeaTimer.exe 4696 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Webcam Central 4884 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
Windows® Internet Explorer 5584 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 7400 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 128 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 8064 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 8288 C:\Program Files (x86)\Internet Explorer\iexplore.exe


Network activity
----------------
Process Dropbox.exe (5656) connected on port 443 (HTTP over SSL) --> 23.23.228.221
Process Dropbox.exe (5656) connected on port 80 (HTTP) --> 199.47.217.147
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 23.15.9.176
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 98.139.240.22
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 65.242.27.31
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.123
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.123
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 23.15.9.170
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 23.15.9.170
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.120.140.24
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.60
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.60
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 23.13.159.139
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 23.13.159.139
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 72.21.81.253
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.122
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.122
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 66.235.142.57
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.14
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.14
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.58
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 74.125.228.58
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 173.194.75.103
Process iexplore.exe (8064) connected on port 80 (HTTP) --> 173.194.75.103

Process StageRemoteService.exe (772) listens on ports: 10008, 10018


Autoruns and critical files
---------------------------
accuweather C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
stage_primary C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Adobe® Flash® Player Update Service C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Alps Pointing-device Driver C:\Program Files\DellTPad\Apoint.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Audible Download Manager C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
Carbonite InfoCenter C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
CommonSDK c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
Dell DataSafe Online C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
Dropbox C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
Garmin Lifetime Updater C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
IDT PC Audio C:\Program Files\IDT\WDM\sttray64.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
McAfee SecurityCenter C:\Program Files\McAfee.com\Agent\mcagent.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
PC-Doctor for Windows C:\Program Files\Dell Support Center\uaclauncher.exe
Roxio Burn C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
Stage Remote Manager C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
Webcam Central C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Java Deployment Toolkit 7.0.70.11 C:\windows\SysWOW64\npDeployJava1.dll
Java™ Platform SE 7 U7 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U7 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U7 c:\program files (x86)\java\jre7\bin\ssv.dll
McAfee SiteAdvisor c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
McAfee SiteAdvisor C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\urlredir.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\windows\system32\wshbth.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
npMcSnFFPl.dll c:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll
NPSWF32_11_4_402_287.dll C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll


Scan
----
MD5: 84cbd6f6aa7ee399fbdc265b8ea64474 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: 3c6fa2f4d58611579b21798e0568f548 C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
MD5: 85263ab2af13408de93ae9f0c51ed1ac C:\Program Files (x86)\Audible\Bin\AAXSDKWin.dll
MD5: 0d8d8717b6944f568ff2be06f86afdf2 C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 28406a359487238e704e458c7029172d C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
MD5: fe23d126327d5a46060466bea762a387 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
MD5: ba0ed7aa3c36a8da27ded1d6b3508158 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: b63e5c7807334a3a8f731062f15462cc C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: d19c4ee2ac7c47b8f5f84fff1a789d8a C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 8c22c6088057a00eae7d963600f26eeb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\AppleVersions.dll
MD5: 82cc8f77e9ec61c6b4d48dd4d5ca78e7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: ba02f01be7ed88e8974c798acb3075f5 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: af54247f97ccf3539de7505c09972ff9 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 5f3347eba403ee64780980a5baf10304 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 43a0a24cd12b110dc93462d6b035c961 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 09b7e7cd6f202247b3cf2306108589c2 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 9abb7cdac0914579c86990048771b1b4 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: d47913f993a0e3a0c9f1e88fd02e98c6 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: c3c8d359d1fcb72941f75f8a302bfbde C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 32d78dcabfb942275e01363d5232c77d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 62169bdd927a67c360a35f4526429b01 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8a1cbae63fc06edaedcce1b23e9c9267 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: d339d7f6e52aecca9c0898cb547b2902 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\YSCrashDump.DLL
MD5: 58b61578d5704e9fc8b8a9861a85069d C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: a5299d04ed225d64cf07a568a3e1bf8c C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 4e4edf9ca82e95bab2977dd9f21b00f6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: ab781c0e4c09e08f464081d17c0f6184 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 0e1b02c9cc352a1f61703b7d1a8a2c45 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MobileDevice.dll
MD5: 3dfb9b32f4c28d938551e76091b8eee6 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\OutlookChangeNotifierAddIn.dll
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: ae02e6dac99fa4dc642c71b10fee9971 C:\Program Files (x86)\Common Files\McAfee\MSC\LangSel.dll
MD5: 4be8d8fb641f43f4c4d6cf6ab5ade968 C:\Program Files (x86)\Common Files\McAfee\MSC\McRtMui.dll
MD5: 6d113e9c1210dfa7cba6f92a226c0748 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\1033\MSOINTL.DLL
MD5: e9901a7e569c4156fda69f5c9356b8ed C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
MD5: 34e81b725e25d9184657667654d421a5 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\mso.dll
MD5: a1cfdef143b1b4047e0fd3510f85de97 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSPTLS.DLL
MD5: 4c0da2b69f8de16e97fcec0e19312923 C:\Program Files (x86)\Common Files\Microsoft Shared\office14\riched20.dll
MD5: 6df2076a4ac5e3655529142917b579a4 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
MD5: 1d9c3d7a1f8838e6280fa3f7d1fe4ed8 C:\Program Files (x86)\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL
MD5: e416e967e3fb6fb1e9ae12b9c7dab526 C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
MD5: 53a9581eee82d76cb90cdb0202973504 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll
MD5: a660114928770700b00995e2117e587d C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\pdm.dll
MD5: 6bf01e200063d7274f3af06d226671f5 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 9d4a1690af93f233e15380398bec7431 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 1bc8a289bfde02df0da6c06689fa89c3 c:\program files (x86)\common files\roxio shared\dllshared\homepermitsconfig13.dll
MD5: 5bd85abb12e057257d9d93c0838abc0b c:\program files (x86)\common files\roxio shared\dllshared\rcsl.dll
MD5: 837115c004022c7c9317848645d714fd c:\program files (x86)\common files\roxio shared\dllshared\rsl.dll
MD5: e325d1db76b13b33692d6318f67dc4ec c:\program files (x86)\common files\roxio shared\dllshared\SonicHTTPClient13.dll
MD5: 8f17ca7cd61af4602fc88647baea9f54 c:\program files (x86)\common files\roxio shared\dllshared\SonicLicenseManager13.dll
MD5: 6046c98205a35c2cec330b15f88d4443 c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
MD5: 3c957189b31c34d3ad21967b12b6aed7 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
MD5: 2b73088cc2ca757a172b425c9398e5bc c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
MD5: a7749965a3923d024922a86baaecaff4 c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
MD5: 7731f46ec0d687a931cba063e8f90ef0 c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
MD5: dbea00b31017ab845fe97e2d118099d4 C:\Program Files (x86)\Common Files\System\MSMAPI\1033\MSMAPI32.DLL
MD5: edf87fd6f0d69c4156e45126330a71ca C:\Program Files (x86)\Common Files\System\MSMAPI\1033\MSNCONR.DLL
MD5: 15e672a41e652ce209990029dbfb5ed2 C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\MSNCON32.DLL
MD5: e2095c5cbe19cb17f8c6b07a5805b784 C:\Program Files (x86)\Common Files\System\Ole DB\oledb32.dll
MD5: 09890a2f032b138a74b5df2c1233fb1d C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
MD5: 47ac56bc5fa5d41f73940a02686627cb C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSCheduler.dll
MD5: cd4f7b90cb09831bcdede0a206ccdb35 C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MD5: f705a150ac0e691fa866fd0947229cb5 C:\Program Files (x86)\Dell DataSafe Local Backup\DsProtectionIndex.dll
MD5: e14ec69620f1924a3318c3d7ca9a02b6 C:\Program Files (x86)\Dell DataSafe Local Backup\SDSSmartRepairTools.dll
MD5: dd6f9a0b7e9c2172a9388050684524c9 C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MD5: 74ec60e20516aaa573be74f31175270f C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
MD5: 5e5baffb6e2ecec1be96acfaa099f42f C:\Program Files (x86)\Dell DataSafe Local Backup\STUICore.dll
MD5: ebdd3032297ef6832a1d6d3aa6dc3537 C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
MD5: 11149c17d3e225ffde5b39b328b9c114 C:\Program Files (x86)\Dell Digital Delivery\BackgroundCopyManager3_0.dll
MD5: aaa6add8f6c4e0073b00c169dd1d8448 C:\Program Files (x86)\Dell Digital Delivery\ClientContracts.dll
MD5: c53d6a6b9b53106597c9090d0f2806f3 C:\Program Files (x86)\Dell Digital Delivery\Core.dll
MD5: 88d5fe2109f1a52cf69ba410082a833a C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
MD5: 0089642973d76c27829933c65d86b871 C:\Program Files (x86)\Dell Digital Delivery\Fulfillment.dll
MD5: ebcb2716c869ce238f5aa510d7d6a23b C:\Program Files (x86)\Dell Digital Delivery\log4net.dll
MD5: d90bfa94b76c598f3706043d12ec4171 C:\Program Files (x86)\Dell Digital Delivery\NamedPipe.dll
MD5: 3cba9a6cc78f07ea29f02f11771de196 C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
MD5: 0771b5f987fdcf35b7b218c6ae7aa868 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MD5: ac6ee4b07b9a78b155dee7529acce355 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libmmd.dll
MD5: bb8e454bea6fc5de0b4723cfdc13aeee C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\libumajin.dll
MD5: 304aef86d74cc76ff803876c95890507 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MD5: 4c312a09e91a48c26317aaf6eff93310 C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MD5: 04dc919865a7cf29cf9f19f00d1eb646 C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
MD5: 544013c383833189a61c2f72b8814319 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CTLoadRs.dll
MD5: d6e46fe21cc8e662a7a88000fdd77daf C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\CtPinMgr.dll
MD5: e748d0b8f4060f4f7a7abb705e289890 C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\MFC42u.DLL
MD5: 2ef0b3c51971f51ed700c01cfbc5b82a C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
MD5: b9b72faaaa41d59b73b88fe3dd737ed1 C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
MD5: ebe1962dc5eefc13d20543013a891abc C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
MD5: c819aacfc675d2bca7c715822913b676 C:\Program Files (x86)\Dell\Stage Remote\ASDBTool.dll
MD5: 0c7315caff701909ac65c087752b7e3a C:\Program Files (x86)\Dell\Stage Remote\ASTransMgr.dll
MD5: 0fbe8505ff8e52130ef4e90e2bd8f4ca C:\Program Files (x86)\Dell\Stage Remote\ASXmlTool.dll
MD5: 8e757681a3245a407584a3d2ff3d65b8 C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MD5: 6299d41be07a4584147acd7d922454f8 C:\Program Files (x86)\Dell\Stage Remote\DHServerAgent.dll
MD5: c78b64296c72d5b3ea07019790a602b9 C:\Program Files (x86)\Dell\Stage Remote\DMSAdapter.dll
MD5: b6b8a7f49301f0ef589b8bc8c4b24e98 C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MD5: 791a7314ce8ee46fa9d4b8276d7de0c9 C:\Program Files (x86)\Dell\Stage Remote\EndPointCtrl.dll
MD5: 4de57667406bb17a77bd056b9bee7cf1 C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MD5: 5fe1636d3b4e8285aaba3d940147dc09 C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll
MD5: 77198b03a8e31a7d01947a7d9673b708 C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MD5: f07f47ee8f2d7785ceba2b0ca10c6e68 C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MD5: c9ca9cf174e87df735e3232755d18a5b C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MD5: f62e1670868e9ef413b7d7c3039af66a C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MD5: c046c2bf5248587f6db073e37d94c35c C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MD5: 339a5d2292110494b9594ab050aa55a6 C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MD5: 17932262563f8288d261e28f873fa6a9 C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MD5: 1136b11fb4b6a598051bd9648a798f7c C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MD5: c265bff559718f341d16c8355b4edaed C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MD5: 2bb97fdd3ff685138a292164e7de9a9d C:\Program Files (x86)\Dell\Stage Remote\UMediaManager.dll
MD5: a387d093b66727bf3edf517e2f4d87c5 C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
MD5: 98b16e756243bea9410e32025b19c06f C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
MD5: d480c9220bfe667de65a46cde80ea7e9 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\StatusStrings.dll
MD5: 7a78ed1088890114dfde2c4ab038d6b6 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
MD5: 122f89e0905fc656d56f65cd7a2e9b4d C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
MD5: 983fc69644ddf0486c8dfea262948d1a C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
MD5: 41d1214b86a06fd29423a797ebda17e4 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MD5: 5934096ed53a6af9579c472ab0d7c84c C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
MD5: 58299d95b1cd0f7ccce54460543b1512 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
MD5: cffd30379256a23678247c61060ec70c C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
MD5: 1e00ae49880d32903ef5e96581836b15 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MD5: 5e4ff36923c37c80b537dce6caa755f9 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 2dad4b6b659f7e5dfbcb6d2c634fa6f3 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 22cc6cdba678790046693654c3b212e4 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 7b845bfe314509d08ab5865cb141e332 C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 4affdcaadcb1dbbffaf06c7f82e7f6fc C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 9dee004269dadee715bd572410aa6076 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: a7146c0c90d7ba0f251ac073e655d4d2 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: c1680c34de8a405c8829ab93236576fd C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 87e063f1e676c99b6c1c047794deb115 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
MD5: 632f5b29e8c27631e7ac76e330fe2980 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
MD5: a8ea3f37f4f31e620383f40526e723fe c:\program files (x86)\java\jre7\bin\ssv.dll
MD5: 8cc001c65c31633171991fa72a551d43 C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
MD5: a44bffa5d6cc1e909e6a3c16d9bb009b c:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll
MD5: 5c4ba8ef8fba80397c33cc33f7f3922f c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll
MD5: f9f003ecab0ac26e2aba43e672f15bd9 c:\Program Files (x86)\McAfee\SiteAdvisor\McSACorePS.dll
MD5: c6fd288c265157410a17ae0531d3af4c C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
MD5: e84b3cb28ab4d95c07738ae9937c2734 c:\Program Files (x86)\McAfee\SiteAdvisor\sahook.dll
MD5: 76283c133e9429a5b8bfa81b4c6a0ac5 c:\Program Files (x86)\McAfee\SiteAdvisor\saplugin.dll
MD5: 30b7e077c11dcc394069b3332c4622f5 c:\Program Files (x86)\Microsoft Office\Office14\1033\MAPIR.DLL
MD5: 7534b4a05d68c2fd50508a3494042e4a C:\Program Files (x86)\Microsoft Office\Office14\1033\omsintl.dll
MD5: 1f138e3c54f19d2bb39d21289f00be20 C:\Program Files (x86)\Microsoft Office\Office14\1033\OUTLLIBR.DLL
MD5: 09e3c0afa3c095a938bef6957b8e75bd C:\Program Files (x86)\Microsoft Office\Office14\1033\UmOutlookStrings.dll
MD5: 572b3225fd8c1d6c741bee61e8edc5de C:\Program Files (x86)\Microsoft Office\Office14\1033\wwintl.dll
MD5: 782e26dc7630ac0619ac58128ede5180 C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\ColleagueImport.dll
MD5: c2686ff303bca00915e38ec10f63359e C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MD5: 0e596327b0916269015fda97643b09f9 c:\Program Files (x86)\Microsoft Office\Office14\CONTAB32.DLL
MD5: 80e0d27b9a1815619a45d3071906af42 c:\Program Files (x86)\Microsoft Office\Office14\EXSEC32.DLL
MD5: 140cce53806f79c2e45bd198e76dc79e C:\Program Files (x86)\Microsoft Office\Office14\gfx.dll
MD5: 47fc5a4a45e883a36aff884b3e6073b1 C:\Program Files (x86)\Microsoft Office\Office14\MSOHEV.DLL
MD5: 7a48223093a2b6fecb00e4360c71dcc2 C:\Program Files (x86)\Microsoft Office\Office14\msproof7.dll
MD5: 8c9cb3006847d742a4fa70ad4a2fd176 c:\Program Files (x86)\Microsoft Office\Office14\MSPST32.DLL
MD5: a0ae3739a2b9a256df984244c763577c C:\Program Files (x86)\Microsoft Office\Office14\oart.dll
MD5: 9c88af1e803b3dcbcd83df5f9ae921ba c:\Program Files (x86)\Microsoft Office\Office14\OLMAPI32.DLL
MD5: 0bf193b4000a73894b970a50ce509c88 C:\Program Files (x86)\Microsoft Office\Office14\OMSMAIN.DLL
MD5: 8a0c2996e5528619263abedd08115e8c c:\Program Files (x86)\Microsoft Office\Office14\OMSXP32.DLL
MD5: b0a84b6b79837bba2a7150fe07aeed3a C:\Program Files (x86)\Microsoft Office\Office14\ONBttnOL.dll
MD5: 52bac4dc039f5d00ad71d668d84c234a C:\Program Files (x86)\Microsoft Office\Office14\OUTLCTL.DLL
MD5: 5b97a4f154e1dbba1d47a6a26ff8d4b8 C:\Program Files (x86)\Microsoft Office\Office14\OUTLFLTR.DLL
MD5: 2873d3f9501a1406bcc8be6a0ee5a9d4 C:\Program Files (x86)\Microsoft Office\Office14\OUTLMIME.DLL
MD5: 391dda05d6299f09ff41b4339fb963ec C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
MD5: 7a046cfd5a8e150e42b8dcd9ad36f18c c:\Program Files (x86)\Microsoft Office\Office14\OUTLPH.DLL
MD5: 4e66a61484a136641a0339374976d256 c:\Program Files (x86)\Microsoft Office\Office14\OUTLRPC.DLL
MD5: fbf07f7833828bcd70e32c054c96417c c:\Program Files (x86)\Microsoft Office\Office14\RTFHTML.DLL
MD5: 97a59c059f2e63e9d6e00c92baf28d69 C:\Program Files (x86)\Microsoft Office\Office14\SHAREPOINTPROVIDER.DLL
MD5: 4622b6d3f72adb63ded8ad4f99f3ba0d C:\Program Files (x86)\Microsoft Office\Office14\SOCIALCONNECTOR.DLL
MD5: a5d08b86e8a437aa6deaf7a187bf6ca5 c:\program files (x86)\microsoft office\office14\urlredir.dll
MD5: 69f0de7620cbf347cfcf24d81de3118b C:\Program Files (x86)\Microsoft Office\Office14\wwlib.dll
MD5: 711a2e6a55ec7bfd59b5f649d58b704b C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: cb8af049ac9be419a77adae288673359 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: 53e81c75b3c260c8fe9fd9ed4d8db8f0 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\AS_Storage_w32.dll
MD5: 4164a47f3a2da7ea44572904c3df44a4 C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MD5: 1f8ffde82c52353906244afdc6baf2ab C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
MD5: ac421a44de902f2627f1e63793ed89cd C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: e919bae431b9749274e64286e24be1e5 C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
MD5: c121367d21599367f2adb9c11b7babaa C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
MD5: 4dec9b5bedaa97b1ff6a3923e1c4f58a C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
MD5: 97c398750c8e80a48eb63999546f796e C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
MD5: 28ad5e311996a34025cfb07e131058dd C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7e47c328fc4768cb8beafbcfafa70362 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: 18f489e4dea453f130423904968aebf6 C:\Program Files\Dell Support Center\uaclauncher.exe
MD5: 527ba8f96712ab5535a84b3ae15e66e3 C:\Program Files\DellTPad\Apoint.exe
MD5: a6b2ec3a2b6ad7c3f7b2f3495cade4c0 C:\Program Files\IDT\WDM\STacSV64.exe
MD5: d5a3eb5ed95e36b643e55f9f489fc8fc C:\Program Files\IDT\WDM\sttray64.exe
MD5: 6e50cfa46527b39015b750aad161c5cc C:\Program Files\iPod\bin\iPodService.exe
MD5: 459b0681b6ba1bc2dd4e38fbfe5b6816 C:\Program Files\McAfee.com\Agent\mcagent.exe
MD5: 52ff6b4b5f809d9726a4f39a3e693680 c:\Program Files\McAfee\MSK\mskoladd.dll
MD5: 1c345c6a3805bbff32a59c1f72ad0124 c:\Program Files\McAfee\MSK\MskSet.dll
MD5: be7c8c3f8fe52d8f7826e14cf11de949 C:\Program Files\McAfee\VirusScan\mcods.exe
MD5: 7e581b97f2009121d3160e724af2edf3 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
MD5: b7dea77ee893806859072274ee8ec8fc C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
MD5: 6a21bef3709eb0bf39c2b72028209cc9 C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 29c5375ce613b40eb4869c8b03fd1010 C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Users\Russ\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\windows\AppPatch\AcLayers.DLL
MD5: 6d7de520d8aa80a243347becd401eb54 C:\windows\AppPatch\AcWow64.DLL
MD5: 9120a105d9731059388233f25bb2a449 C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll
MD5: bc1328c46291545166c559a3e1a5fe94 C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\a9ed42b3b26abfc8ab65b302fdfdf8b7\IAStorDataMgr.ni.dll
MD5: 570c05328bc956dec08ace9f8068b728 C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\de7e025fe71f89fbee5f77be9d94dd0a\IAStorDataMgrSvc.ni.exe
MD5: 44a5ec14a6c3e60e34fb16b2d78c017c C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll
MD5: 1892cc03e372750b7186f95d7f955467 C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4b188f27b2bc873daf0cec8f642d0312\IsdiInterop.ni.dll
MD5: c2335d714efafffb4c7a3c164f2024b1 C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MD5: 777f34146cd4126a2b8d6f2342f57536 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MD5: 40e60c0c6e4b9f4d9b8af2ede7a6a2e3 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MD5: 02e185944cfa58dad47d409e5655fb28 C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MD5: dca0a2526c66c420cb02c7300f4016d9 C:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MD5: 10307046e19c8ec964c792a798b32bb3 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MD5: 5f44b1a92e09e8803b0a10da6b1d15c9 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MD5: 3b919cbdde7ae3376ed296839846c3dd C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MD5: 0b1e1c64a030571fdf2b5500c0f77406 C:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MD5: e4993a704aca876fc68e3fe2ef858e1e C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MD5: a490b22bd077d42e385581047801b6b2 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MD5: ee97ead5ac0b76dfc87e7cb1f21770d6 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MD5: b8e8afdc913e6899d6c33955f142a750 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MD5: d3234ba93b73454d181020696f401ed2 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MD5: 17fadecb631ff8dbe735ba33409885c2 C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll
MD5: fab18e11587305bf8039ea6f8f731207 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MD5: bd23077cbad092a5ea5f77ed874f32a2 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MD5: 2291d1fabc087e43d4122cace1ca30f9 C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MD5: 26a68554f95a344b62e5771af598e0e8 C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MD5: 01d585c95a0e752effb11ea899b0e387 C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MD5: 8495229cb7e717879c8e6a22ef661d09 C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MD5: 3c8d2d5f8e2c9c520464089cbd7e1ada C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MD5: dd4d72a136d86f96c0b9129f0d8919d1 C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MD5: f51cc94b1e735bfe833cef0b02bf7f7a C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MD5: 1a161a7cdb211e5d078f2d39ce70ee43 C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MD5: b3961d83f37b9d7f36d52107aa121ba1 C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MD5: 548aacbd3ddd3a2fb4962dcc34d81eac C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\5a3beae8b211b91bfc620c029cf4c2d4\System.Security.ni.dll
MD5: 8fa6f55a960e5a2b6c30c33103cf8628 C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MD5: e0d4e9f3ca62ec9cfbfac077ab7d8e3d C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MD5: b862120e6265afcf322bc1322233dfe9 C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\4837a5c6204d53e7aa4f7dd94b98207c\System.Xml.Linq.ni.dll
MD5: cdec94c7c8e84fffdf53c108ba9ade99 C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MD5: 0d572d08224dc6f65e686a522dc1f4da C:\windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MD5: 54e0a1aabcdf2c84a30914702dce7d4f C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MD5: 56940b50ab0e5923822f47b0e4463885 C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 7b46a076184b73aedc1a66a71d9131e8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 75bcc4043512e41d83c8f224b168039c C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 4552f8f61a7975c2359d19673483604d C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: 972dcc74d4cdcb64086e7cfacbdb74cb C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll
MD5: ddfbfd8959f32ac0cf3947f36bac3081 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\wpfgfx_v0300.dll
MD5: 215ce077258cedd5be4c56e9d614db9f C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 781bf72f57cc9e5f85cb109c24d00fdc C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 35ed37326421112206caabc025fdcdab C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: f3b50eb9f4d015b49a3866e8625b0ff9 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\windows\servicing\TrustedInstaller.exe
MD5: 37ce7a79d901235504f9add99a7ac177 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\windows\system32\apphelp.dll
MD5: 00d2c06a552f782c1f16acf77db765a5 C:\windows\system32\ATL100.DLL
MD5: c940f2f5c60b3727c5f18840735b229c C:\windows\system32\AUDIOSES.DLL
MD5: ad7b9c14083b52bc532fba5948342b98 C:\windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\windows\system32\credssp.dll
MD5: 1295338cfe6f249823ef9bc8d4368a84 C:\windows\system32\crypt32.dll
MD5: 6316957bb3431dfb06bffa98c0f1926e C:\windows\system32\cryptnet.dll
MD5: 06e771aa596b8761107ab57e99f128d7 C:\windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\windows\system32\D3D10Warp.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\windows\system32\d3d9.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\windows\system32\DavClnt.DLL
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\windows\system32\dbghelp.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\windows\system32\dnsapi.DLL
MD5: 062373995eae5f0eac9eaa9192136bfb C:\windows\system32\dnssd.dll
MD5: a29d734f650f958424743be3baa052c8 C:\windows\system32\dwrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\windows\system32\dxgi.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\windows\System32\fwpuclnt.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\windows\system32\IEFRAME.dll
MD5: cc0713b192bf47a124168957acd75cc1 C:\windows\system32\IEUI.dll
MD5: 0dff557d796b6abfb28208c6680fb5c9 C:\windows\system32\igd10umd32.dll
MD5: 2c8f782cb58df73ab1952aa41879df76 C:\windows\system32\igdumd32.dll
MD5: 56fae4983a955b04216d1fe54fc7bad7 C:\windows\system32\igdumdx32.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\windows\system32\IMM32.DLL
MD5: ed27d1d75bf5e683ad3edd9e3123520a C:\windows\system32\INETCOMM.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\windows\system32\iphlpapi.DLL
MD5: 509d846fdf0c83158ed5970de751364c C:\windows\system32\jsproxy.dll
MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\windows\system32\LOGONCLI.DLL
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\windows\system32\MAPI32.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\windows\System32\MMDevApi.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\windows\system32\msasn1.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\windows\SYSTEM32\MSCOREE.DLL
MD5: 45fb05f743e626d9e239e52602cea041 C:\windows\system32\msctfui.dll
MD5: b350525d71b42cf9366af7443bba21e6 C:\windows\system32\msdrm.dll
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\windows\system32\MSHTML.dll
MD5: a6c29db53eca94fa8591c5388d604b82 C:\windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\windows\system32\msls31.dll
MD5: e3c817f7fe44cc870ecdbcbc3ea36132 C:\windows\system32\MSVCP100.dll
MD5: bf38660a9125935658cfa3e53fdc7d65 C:\windows\system32\MSVCR100.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\windows\system32\mswsock.dll
MD5: 1cdea9188899e76d4ffd54c9d512ccdb C:\windows\System32\msxml3.dll
MD5: d9a9702e43a5859896f34898d5fd3fec C:\windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\windows\System32\NaturalLanguage6.dll
MD5: 591fe0a6ceb19bf886ceb1331f591940 C:\windows\system32\ncrypt.dll
MD5: 2fca0d2c59a855c54bafa22aa329df0f C:\windows\system32\NETAPI32.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\windows\system32\netutils.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\windows\System32\nlaapi.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\windows\system32\OLEACC.dll
MD5: 90fb1802d488ffa9029854a77d4f3f27 C:\windows\system32\oleaccrc.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\windows\system32\provsvc.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\windows\system32\samcli.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\windows\system32\SearchIndexer.exe
MD5: f93674263f6b07c77956e966953242d9 C:\windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\windows\system32\sessenv.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\windows\System32\shsvcs.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\windows\system32\tquery.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\windows\System32\wcncsvc.dll
MD5: a9d880f97530d5b8fee278923349929d C:\windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\windows\system32\webio.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\windows\system32\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\windows\system32\wkscli.dll
MD5: ac122407b29378ff9646f03404ac7c54 C:\windows\system32\wshbth.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\windows\system32\xmllite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\windows\syswow64\comdlg32.dll
MD5: 1295338cfe6f249823ef9bc8d4368a84 C:\windows\syswow64\CRYPT32.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: 0ba3f31e2b4d8d99df8dd19e81155374 C:\Windows\SysWOW64\ieframe.dll
MD5: eb8a00e8e9931a7ec04f920b09d880d8 C:\windows\syswow64\iertutil.dll
MD5: b2db6aba2e292235749b80a9c3dfa867 C:\windows\syswow64\imagehlp.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\windows\syswow64\IMM32.dll
MD5: 394373142655accf49d64aad466c86ff C:\windows\SysWow64\JScript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\windows\syswow64\KERNELBASE.dll
MD5: 8b1e277f554228a84126402bbbdc32f4 C:\windows\SysWOW64\Macromed\Flash\Flash32_11_4_402_287.ocx
MD5: 44c00a385ca9dbc1d5cf3781f8c26aea C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 3c78c05f434e26c01a41d702a30951b9 C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.dll
MD5: 8709c95e4ec55378d5bf27f02b0ed5a5 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
MD5: e7bc792810ec02dd1f7ed25d830e9324 C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\windows\syswow64\MSASN1.dll
MD5: bb197f54a8f69eea8356b7f70e6d3a20 C:\Windows\SysWOW64\mshtml.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\windows\syswow64\msvcrt.dll
MD5: ab87c54ca19675880b0cae65b8af140c C:\windows\SysWOW64\npDeployJava1.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\windows\SysWOW64\ntdll.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\windows\syswow64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\windows\syswow64\OLEAUT32.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\windows\syswow64\RPCRT4.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\windows\SysWOW64\RpcRtRemote.dll
MD5: 3d3cbd1847f980fb03343a63671e7886 C:\windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\windows\syswow64\SETUPAPI.dll
MD5: 29e9794708df51db5dc89fb2e903a0f6 C:\windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\windows\syswow64\SHLWAPI.dll
MD5: eda7ad21df8945528f01f0a86d69e524 C:\windows\syswow64\SspiCli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\windows\SysWOW64\SXS.DLL
MD5: 9fac0f6d5f3d922db294e30cd3f62369 C:\windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\windows\syswow64\USER32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\windows\SysWOW64\USERENV.dll
MD5: cc19a4ae696c2191e965a9835f1e6399 C:\windows\syswow64\USP10.dll
MD5: 5553611e2f9ea6f613079177f1233068 C:\windows\syswow64\WININET.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\windows\SysWOW64\WINSPOOL.DRV
MD5: a7d79e9f660340ab20cd73f12910985f C:\windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\windows\syswow64\WLDAP32.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\windows\syswow64\WS2_32.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: d34a527493f39af4491b3e909dc697ca C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\Comctl32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MD5: 7717f84f483002815490033bf069dabd C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.33 KB recvd
Scanned 573 files and modules - 56 seconds

==============================================================================

#8 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 09 October 2012 - 10:37 AM

Hello Ricoval,

Those results are good.
I suggest a full scan with MBAM --- it may take an hour or two, but well worth the investment.


Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Full Scan. Posted Image

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.
Tell me, How is the system ?

Re-enable your antivirus program.
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#9 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 10 October 2012 - 06:27 AM

Thanks. Looks clean?

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Russ :: RUSS-PC [administrator]

10/10/2012 6:27:05 AM
mbam-log-2012-10-10 (06-27-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363941
Time elapsed: 34 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 11 October 2012 - 11:10 AM

Very excellent result from MBAM.

Q: Have you seen any sign of the ransomware lately ?

Please make a fresh run of DSS tool, & copy & paste the new DDS.txt inside a new reply.

also

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#11 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 12 October 2012 - 04:00 PM

No issues since the infection, but given how nasty it was I just wanted to double check.

Here's DDS. Looks clean? A little weird though as the scan only ran for 5 minutes and it's showing much longer below?

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.10.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Russ :: RUSS-PC [administrator]

10/10/2012 6:27:05 AM
mbam-log-2012-10-10 (06-27-05).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 363941
Time elapsed: 34 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 12 October 2012 - 04:03 PM

Sorry, pasted wrong thing from cache!

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.0.1400
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
McAfee Online Backup MOBKbackup.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#13 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 13 October 2012 - 01:37 PM

The MBAM log is fine, but not the one I was looking for.
The Checkup.txt log is fine.

I need new DDS logs Posted Image


Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here
or http://download.bleepingcomputer.com/sUBs/dds.scr or
http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.
Then double click dds.scr to run the tool.
DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.
Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt

~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)

#14 ricoval

ricoval
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:08 AM

Posted 13 October 2012 - 01:54 PM

Sorry, as requested

DDS (Ver_2012-10-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Russ at 14:52:24 on 2012-10-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4004.1456 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\windows\SysWOW64\RunDll32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Russ\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Russ\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AUDIBL~1.LNK - C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &??????? ? Microsoft Excel - <no file>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 10.0.1.1
TCP: Interfaces\{21B4392B-E228-4FFE-8303-A1DF505BC76F} : DHCPNameServer = 172.18.10.11 172.18.10.10 172.16.2.11 172.16.2.10
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15} : DHCPNameServer = 10.0.1.1
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\47F6E6375767 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\6594050234573747F6D65627027596D26496 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\77962756C6563737 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{FFA6F13E-08CB-464C-95C2-8DBD1C281B15}\C696E6B6379737 : DHCPNameServer = 66.189.0.100 24.159.64.23 24.247.24.53
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Russ\AppData\Roaming\Mozilla\Firefox\Profiles\r2twt1k8.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 McPvDrv;McPvDrv Driver;C:\windows\System32\drivers\McPvDrv.sys [2012-9-29 73096]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 752672]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-6-7 335784]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-2-16 55856]
R1 MOBKFilter;MOBKFilter;C:\windows\System32\drivers\MOBK.sys [2012-6-7 66040]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-2-16 89600]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173568]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-2-16 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-9-12 200728]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-6-7 237920]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-6-7 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-2-16 177144]
R2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-4-13 231224]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-2-17 1692480]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-16 2656280]
R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2012-2-16 349736]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2012-2-16 39464]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-6-7 69672]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2012-2-16 176096]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-17 317440]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2012-2-16 56344]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-6-7 300392]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-6-7 513456]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-16 533096]
S2 0150731349003995mcinstcleanup;McAfee Application Installer Cleanup (0150731349003995);C:\windows\TEMP\015073~1.EXE -cleanup -nolog --> C:\windows\TEMP\015073~1.EXE -cleanup -nolog [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-31 250808]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-9-29 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2012-6-7 106112]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 114144]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-17 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-5-22 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-10-13 07:27:45 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2012-10-10 09:39:42 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-10-10 09:39:42 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-10-10 09:39:27 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-10 09:39:27 2048 ----a-w- C:\windows\System32\tzres.dll
2012-10-10 09:38:56 715776 ----a-w- C:\windows\System32\kerberos.dll
2012-10-10 09:38:56 542208 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-10-10 09:38:49 1464320 ----a-w- C:\windows\System32\crypt32.dll
2012-10-10 09:38:48 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-10 09:38:48 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-10 09:38:48 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-10 09:38:47 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-10 09:38:47 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-09 09:18:47 -------- d-----w- C:\Users\Russ\AppData\Roaming\QuickScan
2012-10-09 00:11:58 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-07 18:31:03 98816 ----a-w- C:\windows\sed.exe
2012-10-07 18:31:03 256000 ----a-w- C:\windows\PEV.exe
2012-10-07 18:31:03 208896 ----a-w- C:\windows\MBR.exe
2012-10-07 18:31:00 -------- d-----w- C:\ComboFix
2012-09-30 14:02:22 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-09-30 14:02:17 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-30 13:04:11 -------- d-----w- C:\TDSSKiller_Quarantine
2012-09-30 12:24:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-09-30 12:24:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-09-30 03:02:26 -------- d-----w- C:\Users\Russ\AppData\Roaming\Malwarebytes
2012-09-30 03:02:17 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-30 03:02:16 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-09-30 03:02:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-29 22:38:59 73096 ----a-w- C:\windows\System32\drivers\McPvDrv.sys
2012-09-29 22:38:31 196440 ----a-w- C:\windows\System32\drivers\HipShieldK.sys
2012-09-29 20:47:21 -------- d-----w- C:\found.000
2012-09-26 05:55:03 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-09-22 07:01:01 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-09-22 07:01:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-09-22 07:01:00 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-09-22 07:01:00 304640 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2012-09-22 07:01:00 194048 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2012-09-22 07:01:00 174216 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2012-09-22 07:01:00 140936 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2012-09-17 17:59:17 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-09-17 17:58:30 -------- d-----w- C:\Program Files\iPod
2012-09-17 17:58:13 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-17 17:58:13 -------- d-----w- C:\Program Files\iTunes
.
==================== Find3M ====================
.
2012-10-09 00:21:25 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 00:21:25 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 14:02:11 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 17:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2012-07-18 18:15:06 3148800 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 14:52:40.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/15/2012 3:54:50 PM
System Uptime: 10/13/2012 3:42:29 AM (11 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 324.435 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: A2 Direct Disk Access Support Driver
Device ID: ROOT\LEGACY_A2DDA\0000
Manufacturer:
Name: A2 Direct Disk Access Support Driver
PNP Device ID: ROOT\LEGACY_A2DDA\0000
Service: A2DDA
.
==== System Restore Points ===================
.
RP48: 10/5/2012 12:14:49 PM - Scheduled Checkpoint
RP49: 10/7/2012 2:31:07 PM - ComboFix created restore point
RP50: 10/13/2012 3:01:10 AM - Windows Update
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) MUI
Advanced Audio FX Engine
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
Banctec Service Agreement
Blio
Bonjour
Carbonite
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Edoc Viewer
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell Stage Remote
Dell Support Center
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
Dropbox
DW WLAN Card
ERUNT 1.1j
Garmin Lifetime Updater
IDT Audio
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 7 Update 1 (64-bit)
Junk Mail filter update
Kernel Outlook PST Viewer ver 11.05.01
Logitech Harmony Remote Software 7
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee Online Backup
McAfee Total Protection
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OverDrive Media Console
PhotoShowExpress
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
Quicken 2010
Quickset64
RBVirtualFolder64Inst
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Remote Control USB Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shared C Run-time for x64
Sonic CinePlayer Decoder Pack
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VLC media player 2.0.1
WIDCOMM Bluetooth Software
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 8:10:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcmscsvc service.
10/8/2012 8:10:49 PM, Error: Service Control Manager [7043] - The McAfee McShield service did not shut down properly after receiving a preshutdown control.
10/8/2012 8:10:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McMPFSvc service.
10/8/2012 8:10:00 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
10/8/2012 8:09:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McAfee SiteAdvisor Service service.
10/7/2012 5:21:21 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
10/7/2012 2:45:09 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/7/2012 2:39:23 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
10/6/2012 2:39:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CarboniteService service.
10/6/2012 2:28:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
10/6/2012 2:28:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNaiAnn service.
10/13/2012 5:31:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
10/13/2012 3:27:32 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).
10/12/2012 4:52:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running.
10/12/2012 4:51:00 PM, Error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
10/10/2012 4:24:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McODS service.
.
==== End Of File ===========================

#15 Maurice Naggar

Maurice Naggar

    Eradicator de malware


  • Malware Response Team
  • 1,088 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 14 October 2012 - 11:35 AM

Hello,

You need to Uninstall an old & outdated Java version: Java 7 Update 1

We can wrap this up now. I see that you are clear of your original issues.
If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix Posted Image),
put that name in the RUN box stated just below.
The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.
Note the space before the slash mark.
The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Russ\Desktop\ComboFix.exe /uninstall
  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:
RogueKiller.exe
TDSSKILLER.exe
adwcleaner.exe
FSS.exe
SecurityCheck.exe

Use Control Panel >> Programs and Features & Uninstall BitDefender Quickscan

Safer practices & malware prevention
We are finished here. Best regards. Posted Image
~Maurice Naggar
MS-MVP (Oct 2002 - Sept 2010)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users