Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection with Trojan:win64/sirefef.W


  • This topic is locked This topic is locked
27 replies to this topic

#1 Deeply_confused

Deeply_confused

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 16 January 2013 - 03:36 AM

Hello. I am not sure what's going on with my laptop, but I'm quite certain that I might have virus/trojans or something. I have done full-scan with Malwarebytes Antimalware 1.70 but no malware detected. Significant and rather annoying computer problems include, unable to log in into one of my yahoo email (i.e. redirect to edit.yahoo.com and asking for code, and when I tried 2 of my other yahoo email, everything works normal without redirection or asking for code, etc), random characters showing up on my note pad file and sometimes on websites, google chrome and computer processing is considerably slow and sometimes I can't find the whole page on the websites, especially in Facebook, seems to be unable to load page properly and needs to be refreshed. Oh, and the one I find the most odd is when I can't even rename my own folder in my Document folder, that's very scary.

I have also read the thread forums from http://www.bleepingcomputer.com/forums/topic456344.html and http://www.bleepingcomputer.com/forums/topic464267.html

The forums above have similar symptoms like my laptop, which is why I suspect the Trojan:win64/sirefef.W. Please help me, I'm totally confused and I don't even know how I get this trojan. Any help would be appreciated. Thank you.

Edited by Deeply_confused, 16 January 2013 - 03:44 AM.


BC AdBot (Login to Remove)

 


#2 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 17 January 2013 - 10:04 AM

:welcome: to BleepingComputer.


My name is Matthias and I'll help you with the cleanup of your computer.


Please be aware of the following:
  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all malware. Formatting is usually faster and always the safest way.
  • If you decide to clean your PC, work with us until a team member tells you that you are clean.
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.





Step 1
Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif
  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of those logfiles with your next answer.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE





Step 2
Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.





Step 3
Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror which will download a randomly named file
  • Zipped Mirror - Unzip the file to its own folder such as C:\gmer
  • Disconnect from the Internet and close all running programs
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running
  • Double-click on the randomly named GMER Posted Image icon
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check in the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    Posted Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning





What you should post with your next answer:
  • both logfiles from DDS,
  • the logfile from GMER.

Regards,
M-K-D-B

#3 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 17 January 2013 - 10:18 PM

Hi Matthias,

Thank you for your help. You want both DDS.txt and attach.txt, right? When I open DDS.com, it automatically ticked both option of dds.txt and attach.txt. So here are the logfiles from DDS:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19393
Run by Yaya at 16:11:11 on 2013-01-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.777 [GMT 13:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by Dell
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\19.9.0.9\ips\ipsbho.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\19.9.0.9\coieplg.dll
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [(default)] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\setpoint.lnk - c:\program files\setpoint\SetPoint.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - <no file>
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4ADCE050-274D-4518-8282-259B9B6BD40E} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1309000.009\symds.sys [2012-10-2 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1309000.009\symefa.sys [2012-10-2 924320]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\bashdefs\20130111.001\BHDrvx86.sys [2013-1-16 995488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1309000.009\ccsetx86.sys [2012-10-2 132768]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.6.2.10\definitions\ipsdefs\20130116.002\IDSvix86.sys [2013-1-17 386720]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1309000.009\ironx86.sys [2012-10-2 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1309000.009\symtdiv.sys [2012-10-2 345208]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-6-7 73728]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-10 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-31 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-31 682344]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.9.0.9\ccsvchst.exe [2012-10-2 138272]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2012-6-27 1326176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-9 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-31 21104]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2011-12-17 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2012-6-27 681056]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 IdcPHid;IdeaCom HID Touch Screen Driver (PS/2);c:\windows\system32\drivers\idcphid.sys [2008-12-11 16256]
S3 IpwP;IPWireless 3G Network Adapter;c:\windows\system32\drivers\ipw3gnet.sys [2008-6-19 51040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-16 00:14:21 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef064cd5-f06e-4953-8710-420df812e2a5}\offreg.dll
2013-01-15 23:53:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-15 23:43:55 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{ef064cd5-f06e-4953-8710-420df812e2a5}\mpengine.dll
2013-01-10 01:19:22 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 01:17:44 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 01:17:42 1400832 ----a-w- c:\windows\system32\msxml6.dll
2012-12-22 23:30:10 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 23:30:10 293376 ----a-w- c:\windows\system32\atmfd.dll
.
==================== Find3M ====================
.
2013-01-11 00:37:01 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-11 00:37:01 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 03:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 10:42:46 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36:43 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36:28 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36:28 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01:43 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13:56 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-24 14:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-24 14:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 16:11:25.97 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/7/2008 6:07:12 AM
System Uptime: 1/18/2013 1:26:45 PM (3 hours ago)
.
Motherboard: Dell Inc. | | 0KY768
Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz | Microprocessor | 1833/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 154.818 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.561 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Advanced Audio FX Engine
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
Browser Address Error Redirector
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Driver Download Manager
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Digital Line Detect
EDocs
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PROSet/Wireless Software
iTunes
KhalSetup
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes Anti-Malware version 1.70.0.1100
mCore
MediaDirect
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
mMHouse
Modem Diagnostic Tool
mPfMgr
mWMI
NetWaiting
Norton Internet Security
NVIDIA Drivers
OGA Notifier 2.0.0048.0
ooVoo
OutlookAddinSetup
QuickSet
QuickTime
Revo Uninstaller 1.94
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SetPoint
SigmaTel Audio
Skype Click to Call
Skype™ 6.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WIDCOMM Bluetooth Software 6.0.1.3100
.
==== End Of File ===========================

#4 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 17 January 2013 - 10:37 PM

Matthias, I downloaded Defogger as per your instructions for Step 2, but after clicking disable button, and yes to continue, and 'finished' message and OK button, Defogger didn't ask me to reboot the machine. It went back to the application window where it asked me to disable button for Defogger, so I closed the application window since I wasn't sure what to do and I didn't want to press "Disable button" twice without your instruction. Please tell me what I should do next? Thank you.

Edited by Deeply_confused, 17 January 2013 - 10:39 PM.


#5 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 18 January 2013 - 10:54 AM

Hi Deeply_confused,

please run GMER as posted in my last answer and add the logfile here. :)

Edited by M-K-D-B, 18 January 2013 - 10:54 AM.

Regards,
M-K-D-B

#6 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 21 January 2013 - 10:54 AM

Hi,


do you still need help with you computer?
If you don't respond within the next 48 hours, your topic will be closed.
Regards,
M-K-D-B

#7 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 22 January 2013 - 01:37 AM

Hi MKDB,

Sorry for the delay. I was just having trouble downloading the GMER links you provided above as both links failed to show in Chrome. So I went to gmer.net and I'm assuming that you want to download the latest version, which GMER 2.0.18444, is that right? Ok, I will run GMER and post log files after this.

I have run GMER several times, it went to restart after unexpected shut down on first try and the several other try was attempted because I couldn't find the gmer log files. So finally figure out, had to physically copy and paste the log, so please let me know if the Gmer log files below is what you expected to find out. Thanks.

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-22 20:21:47
Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 232.89GB
Running: bghx3ce1.exe; Driver: C:\Users\Yaya\AppData\Local\Temp\pxldrpow.sys


---- System - GMER 2.0 ----

SSDT 9231BFD0 ZwAlertResumeThread
SSDT 922F1830 ZwAlertThread
SSDT 922F1200 ZwAllocateVirtualMemory
SSDT 922491E0 ZwAlpcConnectPort
SSDT 9231B778 ZwAssignProcessToJobObject
SSDT 9231BD20 ZwCreateMutant
SSDT 9231B498 ZwCreateSymbolicLinkObject
SSDT 92306B78 ZwCreateThread
SSDT 9231B858 ZwDebugActiveProcess
SSDT 922F1390 ZwDuplicateObject
SSDT 922F1F60 ZwFreeVirtualMemory
SSDT 9231BE10 ZwImpersonateAnonymousToken
SSDT 9231BEF0 ZwImpersonateThread
SSDT 92249168 ZwLoadDriver
SSDT 922F1E60 ZwMapViewOfSection
SSDT 9231BC40 ZwOpenEvent
SSDT 922F1530 ZwOpenProcess
SSDT 922F12D0 ZwOpenProcessToken
SSDT 9231BA80 ZwOpenSection
SSDT 922F1460 ZwOpenThread
SSDT 9231B688 ZwProtectVirtualMemory
SSDT 922F1910 ZwResumeThread
SSDT 922F1BB0 ZwSetContextThread
SSDT 922F1C90 ZwSetInformationProcess
SSDT 9231B938 ZwSetSystemInformation
SSDT 9231BB60 ZwSuspendProcess
SSDT 922F19F0 ZwSuspendThread
SSDT 92306C58 ZwTerminateProcess
SSDT 922F1AD0 ZwTerminateThread
SSDT 922F1D80 ZwUnmapViewOfSection
SSDT 922F10A8 ZwWriteVirtualMemory
SSDT 9231B588 ZwCreateThreadEx

---- Kernel code sections - GMER 2.0 ----

.text ntoskrnl.exe!KeInsertQueue + 30D 82083944 8 Bytes [D0, BF, 31, 92, 30, 18, 2F, ...] {SAR BYTE [EDI+0x18309231], 0x1; DAS ; XCHG EDX, EAX}
.text ntoskrnl.exe!KeInsertQueue + 321 82083958 4 Bytes [00, 12, 2F, 92] {ADD [EDX], DL; DAS ; XCHG EDX, EAX}
.text ntoskrnl.exe!KeInsertQueue + 32D 82083964 4 Bytes [E0, 91, 24, 92] {LOOPNZ 0xffffff93; AND AL, 0x92}
.text ntoskrnl.exe!KeInsertQueue + 381 820839B8 4 Bytes [78, B7, 31, 92]
.text ntoskrnl.exe!KeInsertQueue + 3E5 82083A1C 4 Bytes [20, BD, 31, 92]
.text ...

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1f27ddc
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1f27ddc (not active ControlSet)

---- EOF - GMER 2.0 ----

Edited by Deeply_confused, 22 January 2013 - 02:31 AM.


#8 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 22 January 2013 - 11:52 AM

Hi,


you exactly posted what I need. :thumbup2:


I do not see any special hints that point to Sirefef. :blink:





Step 1
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.07.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.





Step 2
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please include the C:\ComboFix.txt in your next reply for further review.





What you should post with your next answer:
  • the logfile from TDSSKiller,
  • the logfile from ComboFix.

Regards,
M-K-D-B

#9 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 24 January 2013 - 01:05 AM

Hi MKDB,

Thank you for your help. It's a relief that there's no indication of Sirefef since that trojan seems very nasty and scary to me. Before running the GMER scan, I had 100% google chrome use on svchost.exe and random characters shows up on my notepad and sometimes on website, so that's what bother me. And also when I scan full scan on Malwarebytes, there were so many files with the word 'manifest' on windows systems 32 or something like that, is that something suspicious? Sorry for the rant.

I will complete the tasks you want me to do. There were no threat detected with TDSSkiller scan and below is the TDSSkiller log file you want. ComboFix log file is next to be posted.

18:51:48.0200 4896 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:51:50.0203 4896 ============================================================
18:51:50.0203 4896 Current date / time: 2013/01/24 18:51:50.0203
18:51:50.0203 4896 SystemInfo:
18:51:50.0203 4896
18:51:50.0203 4896 OS Version: 6.0.6002 ServicePack: 2.0
18:51:50.0203 4896 Product type: Workstation
18:51:50.0203 4896 ComputerName: YAYA-PC
18:51:50.0204 4896 UserName: Yaya
18:51:50.0204 4896 Windows directory: C:\Windows
18:51:50.0204 4896 System windows directory: C:\Windows
18:51:50.0204 4896 Processor architecture: Intel x86
18:51:50.0204 4896 Number of processors: 2
18:51:50.0204 4896 Page size: 0x1000
18:51:50.0204 4896 Boot type: Normal boot
18:51:50.0204 4896 ============================================================
18:51:51.0240 4896 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:51:51.0267 4896 ============================================================
18:51:51.0267 4896 \Device\Harddisk0\DR0:
18:51:51.0267 4896 MBR partitions:
18:51:51.0267 4896 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x1400000
18:51:51.0267 4896 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x142B800, BlocksNum 0x1B8997F8
18:51:51.0283 4896 ============================================================
18:51:51.0326 4896 C: <-> \Device\Harddisk0\DR0\Partition2
18:51:51.0494 4896 D: <-> \Device\Harddisk0\DR0\Partition1
18:51:51.0494 4896 ============================================================
18:51:51.0495 4896 Initialize success
18:51:51.0495 4896 ============================================================
18:53:32.0902 4224 ============================================================
18:53:32.0902 4224 Scan started
18:53:32.0902 4224 Mode: Manual;
18:53:32.0902 4224 ============================================================
18:53:33.0339 4224 ================ Scan system memory ========================
18:53:33.0339 4224 System memory - ok
18:53:33.0340 4224 ================ Scan services =============================
18:53:33.0585 4224 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:53:33.0592 4224 ACPI - ok
18:53:33.0701 4224 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:53:33.0703 4224 AdobeARMservice - ok
18:53:33.0783 4224 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:53:33.0788 4224 AdobeFlashPlayerUpdateSvc - ok
18:53:33.0876 4224 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:53:33.0890 4224 adp94xx - ok
18:53:33.0938 4224 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:53:33.0949 4224 adpahci - ok
18:53:33.0996 4224 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:53:34.0002 4224 adpu160m - ok
18:53:34.0033 4224 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:53:34.0040 4224 adpu320 - ok
18:53:34.0087 4224 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:53:34.0089 4224 AeLookupSvc - ok
18:53:34.0143 4224 [ EF1142512BEC12F1C2C87735DA1755BE ] AESTFilters C:\Windows\system32\aestsrv.exe
18:53:34.0146 4224 AESTFilters - ok
18:53:34.0190 4224 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:53:34.0220 4224 AFD - ok
18:53:34.0271 4224 [ 8B10CE1C1F9F1D47E4DEB1A547A00CD4 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:53:34.0276 4224 agp440 - ok
18:53:34.0303 4224 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:53:34.0308 4224 aic78xx - ok
18:53:34.0347 4224 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:53:34.0350 4224 ALG - ok
18:53:34.0368 4224 [ E32A92E1574A467F7C762922F6162D76 ] aliide C:\Windows\system32\drivers\aliide.sys
18:53:34.0372 4224 aliide - ok
18:53:34.0394 4224 [ 848F27E5B27C1C253F6CEFDC1A5D8F21 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:53:34.0397 4224 amdagp - ok
18:53:34.0418 4224 [ B52B576CB0099A62F87214F371031561 ] amdide C:\Windows\system32\drivers\amdide.sys
18:53:34.0422 4224 amdide - ok
18:53:34.0444 4224 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:53:34.0447 4224 AmdK7 - ok
18:53:34.0476 4224 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:53:34.0480 4224 AmdK8 - ok
18:53:34.0521 4224 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:53:34.0522 4224 Appinfo - ok
18:53:34.0591 4224 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:53:34.0592 4224 Apple Mobile Device - ok
18:53:34.0613 4224 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
18:53:34.0617 4224 arc - ok
18:53:34.0656 4224 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:53:34.0659 4224 arcsas - ok
18:53:34.0690 4224 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:53:34.0691 4224 AsyncMac - ok
18:53:34.0716 4224 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:53:34.0717 4224 atapi - ok
18:53:34.0778 4224 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:53:34.0784 4224 AudioEndpointBuilder - ok
18:53:34.0800 4224 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:53:34.0803 4224 Audiosrv - ok
18:53:34.0855 4224 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys
18:53:34.0856 4224 bcm4sbxp - ok
18:53:34.0891 4224 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:53:34.0892 4224 Beep - ok
18:53:34.0938 4224 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:53:34.0946 4224 BFE - ok
18:53:35.0142 4224 [ D2A55F5FE6B716913FB573872F2E5944 ] BHDrvx86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys
18:53:35.0176 4224 BHDrvx86 - ok
18:53:35.0248 4224 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:53:35.0282 4224 BITS - ok
18:53:35.0293 4224 blbdrive - ok
18:53:35.0356 4224 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:53:35.0365 4224 Bonjour Service - ok
18:53:35.0413 4224 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:53:35.0416 4224 bowser - ok
18:53:35.0454 4224 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:53:35.0457 4224 BrFiltLo - ok
18:53:35.0478 4224 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:53:35.0481 4224 BrFiltUp - ok
18:53:35.0520 4224 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:53:35.0524 4224 Browser - ok
18:53:35.0548 4224 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:53:35.0553 4224 Brserid - ok
18:53:35.0584 4224 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:53:35.0588 4224 BrSerWdm - ok
18:53:35.0607 4224 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:53:35.0611 4224 BrUsbMdm - ok
18:53:35.0627 4224 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:53:35.0638 4224 BrUsbSer - ok
18:53:35.0689 4224 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:53:35.0692 4224 BthEnum - ok
18:53:35.0751 4224 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:53:35.0755 4224 BTHMODEM - ok
18:53:35.0792 4224 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:53:35.0796 4224 BthPan - ok
18:53:35.0835 4224 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
18:53:35.0846 4224 BTHPORT - ok
18:53:35.0901 4224 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:53:35.0902 4224 BthServ - ok
18:53:35.0936 4224 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:53:35.0938 4224 BTHUSB - ok
18:53:35.0994 4224 [ 4A28E7BD365377D0512B7EF8C7596D2C ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:53:35.0997 4224 btwaudio - ok
18:53:36.0030 4224 [ 5FFDE57253D665067B0886612817EB11 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:53:36.0032 4224 btwavdt - ok
18:53:36.0048 4224 [ AB07DC8B05C31A4F95FC73019BE9DB15 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:53:36.0049 4224 btwrchid - ok
18:53:36.0118 4224 [ ACE85AF1C31F68BDFEE9333F6592917E ] ccSet_NIS C:\Windows\system32\drivers\NIS\1309000.009\ccSetx86.sys
18:53:36.0121 4224 ccSet_NIS - ok
18:53:36.0164 4224 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:53:36.0167 4224 cdfs - ok
18:53:36.0202 4224 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:53:36.0205 4224 cdrom - ok
18:53:36.0254 4224 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:53:36.0255 4224 CertPropSvc - ok
18:53:36.0281 4224 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
18:53:36.0285 4224 circlass - ok
18:53:36.0324 4224 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:53:36.0330 4224 CLFS - ok
18:53:36.0418 4224 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:53:36.0422 4224 clr_optimization_v2.0.50727_32 - ok
18:53:36.0477 4224 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:53:36.0480 4224 clr_optimization_v4.0.30319_32 - ok
18:53:36.0516 4224 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:53:36.0518 4224 CmBatt - ok
18:53:36.0542 4224 [ C177DD90B5DC1DCAA96CCECE752E6F0F ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:53:36.0546 4224 cmdide - ok
18:53:36.0558 4224 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:53:36.0561 4224 Compbatt - ok
18:53:36.0573 4224 COMSysApp - ok
18:53:36.0584 4224 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:53:36.0587 4224 crcdisk - ok
18:53:36.0628 4224 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:53:36.0630 4224 Crusoe - ok
18:53:36.0673 4224 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:53:36.0677 4224 CryptSvc - ok
18:53:36.0739 4224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:53:36.0762 4224 DcomLaunch - ok
18:53:36.0815 4224 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:53:36.0817 4224 DfsC - ok
18:53:36.0908 4224 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:53:36.0963 4224 DFSR - ok
18:53:37.0051 4224 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:53:37.0056 4224 Dhcp - ok
18:53:37.0095 4224 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:53:37.0097 4224 disk - ok
18:53:37.0148 4224 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:53:37.0151 4224 Dnscache - ok
18:53:37.0186 4224 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:53:37.0192 4224 dot3svc - ok
18:53:37.0226 4224 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:53:37.0231 4224 DPS - ok
18:53:37.0257 4224 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:53:37.0262 4224 drmkaud - ok
18:53:37.0350 4224 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:53:37.0372 4224 DXGKrnl - ok
18:53:37.0422 4224 [ 7505290504C8E2D172FA378CC0497BCC ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
18:53:37.0432 4224 e1express - ok
18:53:37.0462 4224 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:53:37.0468 4224 E1G60 - ok
18:53:37.0540 4224 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:53:37.0543 4224 EapHost - ok
18:53:37.0599 4224 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:53:37.0604 4224 Ecache - ok
18:53:37.0665 4224 [ 85B8B4032A895A746D46A288A9B30DED ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:53:37.0677 4224 eeCtrl - ok
18:53:37.0755 4224 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:53:37.0762 4224 ehRecvr - ok
18:53:37.0786 4224 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:53:37.0789 4224 ehSched - ok
18:53:37.0802 4224 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:53:37.0803 4224 ehstart - ok
18:53:37.0841 4224 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:53:37.0848 4224 elxstor - ok
18:53:37.0898 4224 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:53:37.0920 4224 EMDMgmt - ok
18:53:37.0994 4224 [ B5A8A04A6E5B4E86B95B1553AA918F5F ] EraserUtilRebootDrv C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
18:53:37.0997 4224 EraserUtilRebootDrv - ok
18:53:38.0082 4224 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:53:38.0089 4224 EventSystem - ok
18:53:38.0141 4224 [ E71B03FF6B819AE1A286AA27E956D523 ] EvtEng C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
18:53:38.0163 4224 EvtEng - ok
18:53:38.0241 4224 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:53:38.0246 4224 exfat - ok
18:53:38.0293 4224 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:53:38.0297 4224 fastfat - ok
18:53:38.0323 4224 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:53:38.0325 4224 fdc - ok
18:53:38.0349 4224 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:53:38.0352 4224 fdPHost - ok
18:53:38.0382 4224 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:53:38.0385 4224 FDResPub - ok
18:53:38.0427 4224 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:53:38.0430 4224 FileInfo - ok
18:53:38.0468 4224 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:53:38.0471 4224 Filetrace - ok
18:53:38.0487 4224 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:53:38.0490 4224 flpydisk - ok
18:53:38.0529 4224 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:53:38.0535 4224 FltMgr - ok
18:53:38.0663 4224 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:53:38.0697 4224 FontCache - ok
18:53:38.0789 4224 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:53:38.0792 4224 FontCache3.0.0.0 - ok
18:53:38.0818 4224 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:53:38.0820 4224 Fs_Rec - ok
18:53:38.0842 4224 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:53:38.0846 4224 gagp30kx - ok
18:53:38.0884 4224 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:53:38.0886 4224 GEARAspiWDM - ok
18:53:38.0937 4224 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:53:38.0964 4224 gpsvc - ok
18:53:39.0104 4224 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:53:39.0108 4224 gupdate - ok
18:53:39.0126 4224 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:53:39.0129 4224 gupdatem - ok
18:53:39.0171 4224 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:53:39.0179 4224 HdAudAddService - ok
18:53:39.0221 4224 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:53:39.0242 4224 HDAudBus - ok
18:53:39.0279 4224 [ FCB3F4BE408F72C1BD81BCABA87FC22F ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:53:39.0283 4224 HidBth - ok
18:53:39.0316 4224 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
18:53:39.0319 4224 HidIr - ok
18:53:39.0351 4224 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:53:39.0354 4224 hidserv - ok
18:53:39.0391 4224 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:53:39.0394 4224 HidUsb - ok
18:53:39.0429 4224 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:53:39.0433 4224 hkmsvc - ok
18:53:39.0484 4224 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:53:39.0487 4224 HpCISSs - ok
18:53:39.0558 4224 [ E9E589C9AB799F52E18F057635A2B362 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
18:53:39.0592 4224 HSF_DPV - ok
18:53:39.0620 4224 [ 7845D2385F4DC7DFB3CCAF0C2FA4948E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
18:53:39.0627 4224 HSXHWAZL - ok
18:53:39.0674 4224 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:53:39.0697 4224 HTTP - ok
18:53:39.0721 4224 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:53:39.0725 4224 i2omp - ok
18:53:39.0770 4224 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:53:39.0773 4224 i8042prt - ok
18:53:39.0810 4224 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\drivers\iastor.sys
18:53:39.0814 4224 iaStor - ok
18:53:39.0828 4224 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:53:39.0835 4224 iaStorV - ok
18:53:39.0881 4224 [ 65188A16FA8D11558EB8417ECE1087C3 ] IdcPHid C:\Windows\system32\DRIVERS\idcphid.sys
18:53:39.0886 4224 IdcPHid - ok
18:53:39.0975 4224 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:53:40.0005 4224 idsvc - ok
18:53:40.0112 4224 [ 404FB2AAF532BC7BBACC8880BE401C74 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130123.001\IDSvix86.sys
18:53:40.0121 4224 IDSVix86 - ok
18:53:40.0144 4224 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:53:40.0146 4224 iirsp - ok
18:53:40.0182 4224 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:53:40.0194 4224 IKEEXT - ok
18:53:40.0235 4224 [ 59B00EFB24EAD979BECF413703BB1FAC ] intelide C:\Windows\system32\DRIVERS\intelide.sys
18:53:40.0237 4224 intelide - ok
18:53:40.0280 4224 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:53:40.0281 4224 intelppm - ok
18:53:40.0316 4224 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:53:40.0320 4224 IPBusEnum - ok
18:53:40.0354 4224 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:53:40.0356 4224 IpFilterDriver - ok
18:53:40.0389 4224 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:53:40.0394 4224 iphlpsvc - ok
18:53:40.0403 4224 IpInIp - ok
18:53:40.0449 4224 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:53:40.0453 4224 IPMIDRV - ok
18:53:40.0482 4224 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:53:40.0486 4224 IPNAT - ok
18:53:40.0557 4224 [ BC0EA61246F8D940FBC5F652D337D6BD ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:53:40.0589 4224 iPod Service - ok
18:53:40.0622 4224 [ D3F6DF74534CFDCCF49803E739ACAEA0 ] IpwP C:\Windows\system32\DRIVERS\ipw3gnet.sys
18:53:40.0625 4224 IpwP - ok
18:53:40.0659 4224 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:53:40.0661 4224 IRENUM - ok
18:53:40.0681 4224 [ 2F8ECE2699E7E2070545E9B0960A8ED2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:53:40.0684 4224 isapnp - ok
18:53:40.0730 4224 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:53:40.0736 4224 iScsiPrt - ok
18:53:40.0762 4224 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:53:40.0765 4224 iteatapi - ok
18:53:40.0789 4224 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:53:40.0793 4224 iteraid - ok
18:53:40.0828 4224 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:53:40.0831 4224 kbdclass - ok
18:53:40.0872 4224 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:53:40.0876 4224 kbdhid - ok
18:53:40.0909 4224 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:53:40.0913 4224 KeyIso - ok
18:53:40.0961 4224 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:53:40.0981 4224 KSecDD - ok
18:53:41.0062 4224 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:53:41.0074 4224 KtmRm - ok
18:53:41.0116 4224 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:53:41.0123 4224 LanmanServer - ok
18:53:41.0158 4224 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:53:41.0168 4224 LanmanWorkstation - ok
18:53:41.0220 4224 [ 597D79382C154CEDB638A65012925A23 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:53:41.0224 4224 LHidFilt - ok
18:53:41.0268 4224 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:53:41.0270 4224 lltdio - ok
18:53:41.0303 4224 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:53:41.0312 4224 lltdsvc - ok
18:53:41.0378 4224 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:53:41.0382 4224 lmhosts - ok
18:53:41.0392 4224 [ 9EAD053D28182BD6ACB19D5F58202194 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:53:41.0395 4224 LMouFilt - ok
18:53:41.0429 4224 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:53:41.0432 4224 LSI_FC - ok
18:53:41.0457 4224 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:53:41.0460 4224 LSI_SAS - ok
18:53:41.0491 4224 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:53:41.0496 4224 LSI_SCSI - ok
18:53:41.0536 4224 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:53:41.0538 4224 luafv - ok
18:53:41.0583 4224 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:53:41.0584 4224 MBAMProtector - ok
18:53:41.0645 4224 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:53:41.0653 4224 MBAMScheduler - ok
18:53:41.0684 4224 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:53:41.0701 4224 MBAMService - ok
18:53:41.0737 4224 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:53:41.0740 4224 Mcx2Svc - ok
18:53:41.0784 4224 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:53:41.0786 4224 mdmxsdk - ok
18:53:41.0826 4224 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
18:53:41.0828 4224 megasas - ok
18:53:41.0865 4224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:53:41.0868 4224 MMCSS - ok
18:53:41.0909 4224 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:53:41.0911 4224 Modem - ok
18:53:41.0947 4224 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:53:41.0949 4224 monitor - ok
18:53:41.0965 4224 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:53:41.0967 4224 mouclass - ok
18:53:42.0002 4224 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:53:42.0004 4224 mouhid - ok
18:53:42.0037 4224 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:53:42.0039 4224 MountMgr - ok
18:53:42.0064 4224 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
18:53:42.0068 4224 mpio - ok
18:53:42.0095 4224 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:53:42.0097 4224 mpsdrv - ok
18:53:42.0138 4224 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:53:42.0161 4224 MpsSvc - ok
18:53:42.0212 4224 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:53:42.0216 4224 Mraid35x - ok
18:53:42.0244 4224 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:53:42.0249 4224 MRxDAV - ok
18:53:42.0275 4224 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:53:42.0278 4224 mrxsmb - ok
18:53:42.0319 4224 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:53:42.0324 4224 mrxsmb10 - ok
18:53:42.0335 4224 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:53:42.0337 4224 mrxsmb20 - ok
18:53:42.0351 4224 [ 2681302B63B318CBEA6C82902AC5428C ] msahci C:\Windows\system32\drivers\msahci.sys
18:53:42.0353 4224 msahci - ok
18:53:42.0369 4224 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:53:42.0374 4224 msdsm - ok
18:53:42.0414 4224 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:53:42.0419 4224 MSDTC - ok
18:53:42.0482 4224 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:53:42.0483 4224 Msfs - ok
18:53:42.0504 4224 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:53:42.0505 4224 msisadrv - ok
18:53:42.0537 4224 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:53:42.0540 4224 MSiSCSI - ok
18:53:42.0546 4224 msiserver - ok
18:53:42.0583 4224 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:53:42.0584 4224 MSKSSRV - ok
18:53:42.0627 4224 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:53:42.0629 4224 MSPCLOCK - ok
18:53:42.0666 4224 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:53:42.0668 4224 MSPQM - ok
18:53:42.0703 4224 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:53:42.0707 4224 MsRPC - ok
18:53:42.0728 4224 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:53:42.0730 4224 mssmbios - ok
18:53:42.0772 4224 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:53:42.0774 4224 MSTEE - ok
18:53:42.0802 4224 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:53:42.0804 4224 Mup - ok
18:53:42.0846 4224 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:53:42.0854 4224 napagent - ok
18:53:42.0905 4224 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:53:42.0909 4224 NativeWifiP - ok
18:53:42.0991 4224 [ 7D7A3BC6640C1A0D1442816B30856928 ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130123.017\NAVENG.SYS
18:53:42.0995 4224 NAVENG - ok
18:53:43.0112 4224 [ 28494C43D62AA7584BDCA2FADFBC4D11 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130123.017\NAVEX15.SYS
18:53:43.0179 4224 NAVEX15 - ok
18:53:43.0245 4224 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:53:43.0268 4224 NDIS - ok
18:53:43.0310 4224 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:53:43.0312 4224 NdisTapi - ok
18:53:43.0342 4224 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:53:43.0344 4224 Ndisuio - ok
18:53:43.0383 4224 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:53:43.0386 4224 NdisWan - ok
18:53:43.0417 4224 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:53:43.0419 4224 NDProxy - ok
18:53:43.0455 4224 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:53:43.0457 4224 NetBIOS - ok
18:53:43.0496 4224 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:53:43.0501 4224 netbt - ok
18:53:43.0513 4224 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:53:43.0516 4224 Netlogon - ok
18:53:43.0554 4224 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:53:43.0565 4224 Netman - ok
18:53:43.0624 4224 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:53:43.0633 4224 netprofm - ok
18:53:43.0676 4224 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:53:43.0681 4224 NetTcpPortSharing - ok
18:53:43.0802 4224 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
18:53:43.0880 4224 NETw4v32 - ok
18:53:43.0928 4224 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:53:43.0932 4224 nfrd960 - ok
18:53:44.0020 4224 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe
18:53:44.0022 4224 NIS - ok
18:53:44.0065 4224 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:53:44.0073 4224 NlaSvc - ok
18:53:44.0105 4224 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:53:44.0107 4224 Npfs - ok
18:53:44.0139 4224 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:53:44.0143 4224 nsi - ok
18:53:44.0174 4224 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:53:44.0176 4224 nsiproxy - ok
18:53:44.0251 4224 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:53:44.0296 4224 Ntfs - ok
18:53:44.0315 4224 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:53:44.0318 4224 ntrigdigi - ok
18:53:44.0357 4224 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:53:44.0359 4224 Null - ok
18:53:44.0693 4224 [ 8FE5350FA6A9F0B6633AEE811C468954 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:53:44.0921 4224 nvlddmkm - ok
18:53:44.0964 4224 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:53:44.0967 4224 nvraid - ok
18:53:44.0981 4224 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:53:44.0984 4224 nvstor - ok
18:53:45.0017 4224 [ DED8F2C0070478F13C37F7BD849B83FA ] nvsvc C:\Windows\system32\nvvsvc.exe
18:53:45.0021 4224 nvsvc - ok
18:53:45.0044 4224 [ 055081FD5076401C1EE1BCAB08D81911 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:53:45.0048 4224 nv_agp - ok
18:53:45.0055 4224 NwlnkFlt - ok
18:53:45.0063 4224 NwlnkFwd - ok
18:53:45.0132 4224 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:53:45.0142 4224 odserv - ok
18:53:45.0173 4224 [ 19CAC780B858822055F46C58A111723C ] OEM02Dev C:\Windows\system32\DRIVERS\OEM02Dev.sys
18:53:45.0178 4224 OEM02Dev - ok
18:53:45.0193 4224 [ 86326062A90494BDD79CE383511D7D69 ] OEM02Vfx C:\Windows\system32\DRIVERS\OEM02Vfx.sys
18:53:45.0195 4224 OEM02Vfx - ok
18:53:45.0240 4224 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
18:53:45.0242 4224 ohci1394 - ok
18:53:45.0293 4224 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:53:45.0298 4224 ose - ok
18:53:45.0340 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:53:45.0363 4224 p2pimsvc - ok
18:53:45.0381 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:53:45.0389 4224 p2psvc - ok
18:53:45.0429 4224 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:53:45.0432 4224 Parport - ok
18:53:45.0459 4224 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:53:45.0461 4224 partmgr - ok
18:53:45.0481 4224 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:53:45.0483 4224 Parvdm - ok
18:53:45.0520 4224 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:53:45.0525 4224 PcaSvc - ok
18:53:45.0565 4224 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:53:45.0569 4224 pci - ok
18:53:45.0584 4224 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
18:53:45.0586 4224 pciide - ok
18:53:45.0610 4224 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:53:45.0615 4224 pcmcia - ok
18:53:45.0665 4224 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:53:45.0686 4224 PEAUTH - ok
18:53:45.0774 4224 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:53:45.0818 4224 pla - ok
18:53:45.0849 4224 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:53:45.0856 4224 PlugPlay - ok
18:53:45.0885 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:53:45.0892 4224 PNRPAutoReg - ok
18:53:45.0932 4224 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:53:45.0942 4224 PNRPsvc - ok
18:53:45.0988 4224 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:53:45.0998 4224 PolicyAgent - ok
18:53:46.0023 4224 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:53:46.0025 4224 PptpMiniport - ok
18:53:46.0053 4224 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
18:53:46.0055 4224 Processor - ok
18:53:46.0093 4224 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:53:46.0099 4224 ProfSvc - ok
18:53:46.0116 4224 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:53:46.0119 4224 ProtectedStorage - ok
18:53:46.0158 4224 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:53:46.0160 4224 PSched - ok
18:53:46.0223 4224 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
18:53:46.0224 4224 PSI - ok
18:53:46.0271 4224 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
18:53:46.0273 4224 PxHelp20 - ok
18:53:46.0322 4224 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:53:46.0356 4224 ql2300 - ok
18:53:46.0405 4224 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:53:46.0410 4224 ql40xx - ok
18:53:46.0452 4224 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:53:46.0464 4224 QWAVE - ok
18:53:46.0498 4224 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:53:46.0501 4224 QWAVEdrv - ok
18:53:46.0587 4224 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
18:53:46.0653 4224 R300 - ok
18:53:46.0694 4224 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:53:46.0696 4224 RasAcd - ok
18:53:46.0730 4224 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:53:46.0738 4224 RasAuto - ok
18:53:46.0779 4224 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:53:46.0783 4224 Rasl2tp - ok
18:53:46.0805 4224 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:53:46.0816 4224 RasMan - ok
18:53:46.0841 4224 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:53:46.0845 4224 RasPppoe - ok
18:53:46.0872 4224 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:53:46.0875 4224 RasSstp - ok
18:53:46.0914 4224 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:53:46.0921 4224 rdbss - ok
18:53:46.0966 4224 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:53:46.0968 4224 RDPCDD - ok
18:53:47.0010 4224 [ 0245418224CFA77BF4B41C2FE0622258 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:53:47.0019 4224 rdpdr - ok
18:53:47.0029 4224 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:53:47.0031 4224 RDPENCDD - ok
18:53:47.0089 4224 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:53:47.0096 4224 RDPWD - ok
18:53:47.0130 4224 [ 2CF574D0965F58E514A2DC94114D7ECA ] RegSrvc C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
18:53:47.0139 4224 RegSrvc - ok
18:53:47.0176 4224 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:53:47.0182 4224 RemoteAccess - ok
18:53:47.0221 4224 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:53:47.0229 4224 RemoteRegistry - ok
18:53:47.0266 4224 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:53:47.0272 4224 RFCOMM - ok
18:53:47.0309 4224 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
18:53:47.0312 4224 rimmptsk - ok
18:53:47.0332 4224 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
18:53:47.0335 4224 rimsptsk - ok
18:53:47.0372 4224 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
18:53:47.0375 4224 rismxdp - ok
18:53:47.0411 4224 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:53:47.0414 4224 RpcLocator - ok
18:53:47.0467 4224 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:53:47.0477 4224 RpcSs - ok
18:53:47.0513 4224 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:53:47.0516 4224 rspndr - ok
18:53:47.0530 4224 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:53:47.0533 4224 SamSs - ok
18:53:47.0562 4224 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:53:47.0566 4224 sbp2port - ok
18:53:47.0601 4224 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:53:47.0609 4224 SCardSvr - ok
18:53:47.0657 4224 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:53:47.0690 4224 Schedule - ok
18:53:47.0714 4224 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:53:47.0716 4224 SCPolicySvc - ok
18:53:47.0750 4224 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:53:47.0754 4224 sdbus - ok
18:53:47.0781 4224 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:53:47.0790 4224 SDRSVC - ok
18:53:47.0814 4224 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:53:47.0816 4224 secdrv - ok
18:53:47.0846 4224 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:53:47.0851 4224 seclogon - ok
18:53:47.0930 4224 [ F70A51EB03EE7046784EF62EFCE9528E ] Secunia PSI Agent C:\Program Files\Secunia\PSI\PSIA.exe
18:53:47.0948 4224 Secunia PSI Agent - ok
18:53:47.0984 4224 [ AD56CEB08EEB517332355FDE9E5939C8 ] Secunia Update Agent C:\Program Files\Secunia\PSI\sua.exe
18:53:48.0005 4224 Secunia Update Agent - ok
18:53:48.0026 4224 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:53:48.0033 4224 SENS - ok
18:53:48.0051 4224 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:53:48.0054 4224 Serenum - ok
18:53:48.0079 4224 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:53:48.0085 4224 Serial - ok
18:53:48.0101 4224 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:53:48.0104 4224 sermouse - ok
18:53:48.0154 4224 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:53:48.0159 4224 SessionEnv - ok
18:53:48.0180 4224 [ 51CF56AA8BCC241F134B420B8F850406 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:53:48.0184 4224 sffdisk - ok
18:53:48.0201 4224 [ 96DED8B20C734AC41641CE275250E55D ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:53:48.0204 4224 sffp_mmc - ok
18:53:48.0222 4224 [ 8B08CAB1267B2C377883FC9E56981F90 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:53:48.0225 4224 sffp_sd - ok
18:53:48.0239 4224 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:53:48.0248 4224 sfloppy - ok
18:53:48.0270 4224 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:53:48.0280 4224 SharedAccess - ok
18:53:48.0320 4224 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:53:48.0327 4224 ShellHWDetection - ok
18:53:48.0374 4224 [ 08072B2FB92477FC813271A84B3A8698 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:53:48.0376 4224 sisagp - ok
18:53:48.0386 4224 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:53:48.0388 4224 SiSRaid2 - ok
18:53:48.0398 4224 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:53:48.0401 4224 SiSRaid4 - ok
18:53:48.0583 4224 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:53:48.0722 4224 Skype C2C Service - ok
18:53:48.0782 4224 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:53:48.0786 4224 SkypeUpdate - ok
18:53:48.0935 4224 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:53:49.0049 4224 slsvc - ok
18:53:49.0087 4224 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:53:49.0094 4224 SLUINotify - ok
18:53:49.0133 4224 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:53:49.0136 4224 Smb - ok
18:53:49.0181 4224 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:53:49.0186 4224 SNMPTRAP - ok
18:53:49.0304 4224 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:53:49.0306 4224 spldr - ok
18:53:49.0355 4224 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:53:49.0363 4224 Spooler - ok
18:53:49.0383 4224 sprtsvc_dellsupportcenter - ok
18:53:49.0468 4224 [ 7BB297CADA42903328E92425D9761DA6 ] SRTSP C:\Windows\System32\Drivers\NIS\1309000.009\SRTSP.SYS
18:53:49.0492 4224 SRTSP - ok
18:53:49.0513 4224 [ 475FCF0F28D845BF1C8ABAC27F19003E ] SRTSPX C:\Windows\system32\drivers\NIS\1309000.009\SRTSPX.SYS
18:53:49.0516 4224 SRTSPX - ok
18:53:49.0559 4224 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:53:49.0568 4224 srv - ok
18:53:49.0606 4224 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:53:49.0612 4224 srv2 - ok
18:53:49.0643 4224 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:53:49.0647 4224 srvnet - ok
18:53:49.0682 4224 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:53:49.0691 4224 SSDPSRV - ok
18:53:49.0738 4224 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:53:49.0747 4224 SstpSvc - ok
18:53:49.0797 4224 [ 7E6DD4B34ACD36AF6C711D2BDE91B040 ] STacSV C:\Windows\system32\STacSV.exe
18:53:49.0803 4224 STacSV - ok
18:53:49.0847 4224 [ 6A2A5E809C2C0178326D92B19EE4AAD3 ] STHDA C:\Windows\system32\drivers\stwrt.sys
18:53:49.0858 4224 STHDA - ok
18:53:49.0903 4224 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:53:49.0926 4224 stisvc - ok
18:53:49.0983 4224 [ 7489520E98A119B5A9A00857F4F87D16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
18:53:49.0987 4224 stllssvr - ok
18:53:49.0996 4224 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:53:49.0999 4224 swenum - ok
18:53:50.0039 4224 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:53:50.0062 4224 swprv - ok
18:53:50.0089 4224 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:53:50.0092 4224 Symc8xx - ok
18:53:50.0140 4224 [ 690FA0E61B90084C4D9A721BD4F3D779 ] SymDS C:\Windows\system32\drivers\NIS\1309000.009\SYMDS.SYS
18:53:50.0150 4224 SymDS - ok
18:53:50.0209 4224 [ 8F88EDB211B12537D2DC2A6D73D6067C ] SymEFA C:\Windows\system32\drivers\NIS\1309000.009\SYMEFA.SYS
18:53:50.0244 4224 SymEFA - ok
18:53:50.0294 4224 [ 74E2521E96176A4449570E50BE91954D ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
18:53:50.0301 4224 SymEvent - ok
18:53:50.0344 4224 [ 2C356CCA706505CF63CBE39D532B9236 ] SymIRON C:\Windows\system32\drivers\NIS\1309000.009\Ironx86.SYS
18:53:50.0348 4224 SymIRON - ok
18:53:50.0398 4224 [ 40C6E6417C8B7D7FCF82CFBE71525795 ] SYMTDIv C:\Windows\System32\Drivers\NIS\1309000.009\SYMTDIV.SYS
18:53:50.0408 4224 SYMTDIv - ok
18:53:50.0452 4224 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:53:50.0455 4224 Sym_hi - ok
18:53:50.0472 4224 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:53:50.0476 4224 Sym_u3 - ok
18:53:50.0541 4224 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:53:50.0546 4224 SynTP - ok
18:53:50.0595 4224 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:53:50.0616 4224 SysMain - ok
18:53:50.0649 4224 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:53:50.0653 4224 TabletInputService - ok
18:53:50.0692 4224 [ 0C3B2A9C4BD2DD9A6C2E4084314DD719 ] taphss C:\Windows\system32\DRIVERS\taphss.sys
18:53:50.0695 4224 taphss - ok
18:53:50.0721 4224 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:53:50.0728 4224 TapiSrv - ok
18:53:50.0756 4224 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:53:50.0759 4224 TBS - ok
18:53:50.0805 4224 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:53:50.0828 4224 Tcpip - ok
18:53:50.0852 4224 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:53:50.0860 4224 Tcpip6 - ok
18:53:50.0884 4224 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:53:50.0885 4224 tcpipreg - ok
18:53:50.0915 4224 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:53:50.0917 4224 TDPIPE - ok
18:53:50.0951 4224 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:53:50.0954 4224 TDTCP - ok
18:53:50.0990 4224 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:53:50.0993 4224 tdx - ok
18:53:51.0021 4224 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:53:51.0025 4224 TermDD - ok
18:53:51.0055 4224 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:53:51.0076 4224 TermService - ok
18:53:51.0102 4224 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:53:51.0108 4224 Themes - ok
18:53:51.0122 4224 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:53:51.0124 4224 THREADORDER - ok
18:53:51.0153 4224 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:53:51.0158 4224 TrkWks - ok
18:53:51.0210 4224 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:53:51.0211 4224 TrustedInstaller - ok
18:53:51.0234 4224 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:53:51.0237 4224 tssecsrv - ok
18:53:51.0280 4224 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:53:51.0282 4224 tunmp - ok
18:53:51.0314 4224 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:53:51.0316 4224 tunnel - ok
18:53:51.0343 4224 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:53:51.0347 4224 uagp35 - ok
18:53:51.0390 4224 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:53:51.0398 4224 udfs - ok
18:53:51.0459 4224 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:53:51.0465 4224 UI0Detect - ok
18:53:51.0485 4224 [ 6D72EF05921ABDF59FC45C7EBFE7E8DD ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:53:51.0488 4224 uliagpkx - ok
18:53:51.0510 4224 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:53:51.0520 4224 uliahci - ok
18:53:51.0543 4224 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:53:51.0548 4224 UlSata - ok
18:53:51.0570 4224 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:53:51.0575 4224 ulsata2 - ok
18:53:51.0606 4224 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:53:51.0608 4224 umbus - ok
18:53:51.0654 4224 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:53:51.0674 4224 upnphost - ok
18:53:51.0728 4224 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:53:51.0731 4224 usbccgp - ok
18:53:51.0750 4224 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:53:51.0753 4224 usbcir - ok
18:53:51.0792 4224 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:53:51.0794 4224 usbehci - ok
18:53:51.0829 4224 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:53:51.0834 4224 usbhub - ok
18:53:51.0852 4224 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:53:51.0855 4224 usbohci - ok
18:53:51.0872 4224 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:53:51.0874 4224 usbprint - ok
18:53:51.0888 4224 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:53:51.0890 4224 USBSTOR - ok
18:53:51.0917 4224 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:53:51.0918 4224 usbuhci - ok
18:53:51.0948 4224 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:53:51.0951 4224 UxSms - ok
18:53:51.0983 4224 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:53:51.0995 4224 vds - ok
18:53:52.0024 4224 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:53:52.0026 4224 vga - ok
18:53:52.0079 4224 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:53:52.0081 4224 VgaSave - ok
18:53:52.0105 4224 [ D5929A28BDFF4367A12CAF06AF901971 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:53:52.0108 4224 viaagp - ok
18:53:52.0128 4224 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:53:52.0131 4224 ViaC7 - ok
18:53:52.0144 4224 [ 689547CE911998D1E0DA7A5992E025FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:53:52.0146 4224 viaide - ok
18:53:52.0164 4224 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:53:52.0166 4224 volmgr - ok
18:53:52.0195 4224 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:53:52.0203 4224 volmgrx - ok
18:53:52.0251 4224 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:53:52.0257 4224 volsnap - ok
18:53:52.0298 4224 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:53:52.0303 4224 vsmraid - ok
18:53:52.0365 4224 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:53:52.0413 4224 VSS - ok
18:53:52.0460 4224 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:53:52.0473 4224 W32Time - ok
18:53:52.0503 4224 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:53:52.0506 4224 WacomPen - ok
18:53:52.0542 4224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:53:52.0545 4224 Wanarp - ok
18:53:52.0553 4224 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:53:52.0555 4224 Wanarpv6 - ok
18:53:52.0574 4224 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:53:52.0593 4224 wcncsvc - ok
18:53:52.0641 4224 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:53:52.0648 4224 WcsPlugInService - ok
18:53:52.0669 4224 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
18:53:52.0672 4224 Wd - ok
18:53:52.0729 4224 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:53:52.0748 4224 Wdf01000 - ok
18:53:52.0787 4224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:53:52.0791 4224 WdiServiceHost - ok
18:53:52.0800 4224 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:53:52.0803 4224 WdiSystemHost - ok
18:53:52.0821 4224 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:53:52.0829 4224 WebClient - ok
18:53:52.0847 4224 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:53:52.0854 4224 Wecsvc - ok
18:53:52.0890 4224 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:53:52.0894 4224 wercplsupport - ok
18:53:52.0931 4224 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:53:52.0937 4224 WerSvc - ok
18:53:52.0988 4224 [ 4DACA8F07537D4D7E3534BB99294AA26 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:53:53.0011 4224 winachsf - ok
18:53:53.0080 4224 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:53:53.0086 4224 WinDefend - ok
18:53:53.0093 4224 WinHttpAutoProxySvc - ok
18:53:53.0144 4224 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:53:53.0148 4224 Winmgmt - ok
18:53:53.0224 4224 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:53:53.0289 4224 WinRM - ok
18:53:53.0340 4224 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:53:53.0382 4224 Wlansvc - ok
18:53:53.0425 4224 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:53:53.0426 4224 WmiAcpi - ok
18:53:53.0451 4224 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:53:53.0456 4224 wmiApSrv - ok
18:53:53.0587 4224 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:53:53.0621 4224 WMPNetworkSvc - ok
18:53:53.0636 4224 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:53:53.0647 4224 WPCSvc - ok
18:53:53.0688 4224 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:53:53.0696 4224 WPDBusEnum - ok
18:53:53.0792 4224 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:53:53.0826 4224 WPFFontCache_v0400 - ok
18:53:53.0862 4224 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:53:53.0866 4224 ws2ifsl - ok
18:53:53.0910 4224 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:53:53.0917 4224 wscsvc - ok
18:53:53.0925 4224 WSearch - ok
18:53:54.0029 4224 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:53:54.0097 4224 wuauserv - ok
18:53:54.0140 4224 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:53:54.0142 4224 WudfPf - ok
18:53:54.0177 4224 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:53:54.0183 4224 WUDFRd - ok
18:53:54.0220 4224 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:53:54.0229 4224 wudfsvc - ok
18:53:54.0268 4224 [ 5A7FF9A18FF6D7E0527FE3ABF9204EF8 ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
18:53:54.0271 4224 XAudio - ok
18:53:54.0325 4224 [ 28DC5D626E036A75A572556F0A6EB1F6 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
18:53:54.0334 4224 XAudioService - ok
18:53:54.0356 4224 ================ Scan global ===============================
18:53:54.0399 4224 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:53:54.0439 4224 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:53:54.0476 4224 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:53:54.0579 4224 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:53:54.0590 4224 [Global] - ok
18:53:54.0591 4224 ================ Scan MBR ==================================
18:53:54.0652 4224 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
18:53:56.0083 4224 \Device\Harddisk0\DR0 - ok
18:53:56.0084 4224 ================ Scan VBR ==================================
18:53:56.0136 4224 [ D984E5C2A6C10237CF1F3F1680D102F5 ] \Device\Harddisk0\DR0\Partition1
18:53:56.0138 4224 \Device\Harddisk0\DR0\Partition1 - ok
18:53:56.0151 4224 [ 89334D8E5F796D0BDCECAF59E932E44A ] \Device\Harddisk0\DR0\Partition2
18:53:56.0153 4224 \Device\Harddisk0\DR0\Partition2 - ok
18:53:56.0154 4224 ============================================================
18:53:56.0154 4224 Scan finished
18:53:56.0154 4224 ============================================================
18:53:56.0168 1276 Detected object count: 0
18:53:56.0168 1276 Actual detected object count: 0
18:54:32.0200 1220 Deinitialize success

#10 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 24 January 2013 - 01:20 PM

Hi,

"manifest" files are not generally suspicious.

Please post the logfile from ComboFix.
Regards,
M-K-D-B

#11 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 25 January 2013 - 02:43 AM

Hi MKDB,

Below is the ComboFix logfile:

ComboFix 13-01-24.02 - Yaya 01/25/2013 20:27:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1122 [GMT 13:00]
Running from: c:\users\Yaya\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Yaya\AppData\Roaming\Desktopicon
c:\users\Yaya\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Yaya\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Yaya\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-25 to 2013-01-25 )))))))))))))))))))))))))))))))
.
.
2013-01-23 04:38 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71667B11-4ABB-4E88-9D2F-6727B482C3E9}\mpengine.dll
2013-01-22 06:44 . 2013-01-22 06:44 100352 ----a-w- C:\pxldrpow.sys
2013-01-15 23:53 . 2013-01-03 18:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-10 01:19 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 01:17 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 01:17 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 00:37 . 2012-04-25 00:05 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-11 00:37 . 2011-07-03 07:33 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-22 23:30 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-22 23:30 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 03:49 . 2012-10-31 05:17 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-13 01:29 . 2012-12-14 02:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 10:42 . 2012-12-14 03:36 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-09 10:37 . 2012-12-14 03:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-09 10:36 . 2012-12-14 03:36 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-09 10:36 . 2012-12-14 03:36 71680 ----a-w- c:\windows\system32\iesetup.dll
2012-11-09 10:36 . 2012-12-14 03:36 109056 ----a-w- c:\windows\system32\iesysprep.dll
2012-11-09 09:01 . 2012-12-14 03:36 385024 ----a-w- c:\windows\system32\html.iec
2012-11-09 07:13 . 2012-12-14 03:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-02 10:18 . 2012-12-14 02:46 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-14 02:46 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2009-11-15 00:35 . 2009-08-04 11:35 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-06-15 92704]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-12-19 50688]
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2012-6-27 572000]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-1-15 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]
backup=c:\windows\pss\QuickSet.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 14:28 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 09:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-29 04:18 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 11:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-12-03 05:58 36864 ----a-w- c:\windows\OEM02Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-08-13 23:02 21975120 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-12-21 02:58 184320 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-24 14:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-13 01:44 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-16 00:29 1606760 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 00:37]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 09:28]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-11 09:28]
.
2013-01-25 c:\windows\Tasks\User_Feed_Synchronization-{FB0A81C9-139D-4DBF-8475-34C97E330CAC}.job
- c:\windows\system32\msfeedssync.exe [2012-12-14 07:12]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKLM-Run-(default) - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
AddRemove-com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 - c:\program files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-25 20:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,2d,a3,68,10,6f,3a,4c,93,81,b8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4a,2d,a3,68,10,6f,3a,4c,93,81,b8,\
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:0000007e
.
Completion time: 2013-01-25 20:39:17
ComboFix-quarantined-files.txt 2013-01-25 07:39
.
Pre-Run: 165,527,793,664 bytes free
Post-Run: 165,623,291,904 bytes free
.
- - End Of File - - B19B8FFFEF9E59EBB3FA1AE3D6B15D66

#12 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 25 January 2013 - 11:30 AM

Hi,


your logfile from ComboFix looks good. :)

How is your machine running at the moment?

Regards,
M-K-D-B

#13 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 28 January 2013 - 01:35 AM

Hi MKDB,

So far it looks alright, it runs faster, it doesn't hang as much and I haven't got the notice that says that google chrome processes is busy. Random characters on website and notepad is still there though. Any suggestions? Thank you for your help so far though.

#14 M-K-D-B

M-K-D-B

  • Malware Response Team
  • 1,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bavaria
  • Local time:03:40 AM

Posted 28 January 2013 - 10:58 AM

Hi,





Random characters on website and notepad is still there though. Any suggestions? Thank you for your help so far though.

Can you upload or post a screenshot from those "random characters" on websites and notepad, please?





Please download OTL from one of the following mirrors:
  • This is THE Mirror
  • Please reopen Posted Image on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under Extra Registry choose Use SafeList.
  • Copy and Paste the following code into the Posted Image textbox.
    activex
    netsvcs
    msconfig
    drivers32
    safebootminimal
    safebootnetwork
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Push Posted Image
  • Two reports will open:
    OTL.txt <-- Will be opened
    Extra.txt <-- Will be minimized
  • Copy and paste them in a reply here

Regards,
M-K-D-B

#15 Deeply_confused

Deeply_confused
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:40 PM

Posted 30 January 2013 - 12:56 AM

Hi MKDB,

Yesterday and today I got google chrome freezes and notification that says 'page need to be killed' and sometimes in the middle of browsing, the whole page freezes and goes white blank with nothing on it, I don't know what's causing it. Below is a sample of the random characters in my notepad file and the random characters showing up on websites on occasion. Previously, I did not even have this songs list on my particular notepad file and the numbers seems odd. When I tried posting this, the format changes and doesn't appear like the one in my notepad, the random characters also disappears as soon as I hit the post button. I do not know how post a screenshot in here, I have tried using the print screen requirement button, but couldn't appear here unfortunately.

Sunlight Bag Raiders 0.99
Walls Come Down Keke Palmer 1.29
One Club At A Time Midnight Red 1.29
Every Little Part Of Me (ft Jay Sean) Alesha Dixon 1.29
Celebrate Mitchel Musso 0.99
Don't Wanna Go Home Jason Derulo 1.29
PING!! Me Baby Riz 0.99


Robert Half Finance &amp; Accounting
People with Heart…
To join our Winning Creative Team

our team
MYOB skills an advantage
CBD location


OTL.txt log files:

OTL logfile created on: 1/30/2013 7:00:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yaya\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.92% Memory free
4.22 Gb Paging File | 2.74 Gb Available in Paging File | 64.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 154.72 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.56 Gb Free Space | 55.61% Space Free | Partition Type: NTFS

Computer Name: YAYA-PC | User Name: Yaya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 18:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yaya\Desktop\OTL.exe
PRC - [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/19 03:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/16 01:22:11 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/06/27 20:25:06 | 001,326,176 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe
PRC - [2012/06/27 20:25:04 | 000,572,000 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe
PRC - [2012/06/16 15:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe
PRC - [2009/04/11 19:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/08/14 00:04:42 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/01/02 16:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/07/27 21:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/02/20 13:29:00 | 000,679,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2007/01/12 00:15:00 | 000,101,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 21:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 21:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 21:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 21:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 21:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 21:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/12 13:29:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/12 13:27:53 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/12 13:27:41 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV - [2013/01/11 13:37:11 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 03:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/27 20:25:06 | 001,326,176 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/06/27 20:25:04 | 000,681,056 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/06/16 15:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe -- (NIS)
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008/01/19 20:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/02 16:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Yaya\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013/01/28 19:07:36 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130129.017\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/28 19:07:36 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\VirusDefs\20130129.017\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/16 15:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/06 05:54:30 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\Definitions\IPSDefs\20130129.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/08/09 17:05:09 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/09 17:05:09 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/06 15:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtsp.sys -- (SRTSP)
DRV - [2012/07/06 15:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\srtspx.sys -- (SRTSPX)
DRV - [2012/06/07 17:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ccsetx86.sys -- (ccSet_NIS)
DRV - [2012/05/22 14:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symefa.sys -- (SymEFA)
DRV - [2012/04/18 15:13:32 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symtdiv.sys -- (SYMTDIv)
DRV - [2012/04/18 14:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\ironx86.sys -- (SymIRON)
DRV - [2012/04/12 19:39:28 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/01/18 11:45:55 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1309000.009\symds.sys -- (SymDS)
DRV - [2011/12/17 03:19:54 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/23 15:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2009/06/16 14:59:00 | 009,768,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/12/11 10:28:40 | 000,016,256 | ---- | M] (IdeaCom Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\idcphid.sys -- (IdcPHid)
DRV - [2008/04/28 16:53:36 | 000,051,040 | ---- | M] (IPWireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ipw3gnet.sys -- (IpwP)
DRV - [2008/01/02 16:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/12/03 18:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/12/03 18:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/01/12 00:15:16 | 000,032,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/01/12 00:15:06 | 000,032,272 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/11/27 20:48:46 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/27 20:48:44 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/27 20:48:44 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/22 01:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/02 20:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 20:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/08/05 13:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DANZ
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 00 D9 A3 C8 B8 CD 01 [binary data]
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\SearchScopes\{45A1069D-263F-4FDF-9020-6E07BFA2035B}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DANZ
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-644690034-744750335-1808933152-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: FirefoxAddon@similarWeb.com:1.4.27
FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.5
FF - prefs.js..extensions.enabledAddons: https-everywhere@eff.org:2.1
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.7rc2
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.0.0.243 - 1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.2.0.7165
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: 1vffxtbr@SmileyCentral_1v.com:1.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?=q"
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPlgn\ [2012/04/13 10:12:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\coFFPlgn\ [2013/01/30 16:34:37 | 000,000,000 | ---D | M]

[2012/02/27 15:10:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Extensions
[2012/06/30 15:21:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions
[2010/05/15 14:48:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/17 13:11:27 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\ChoiceGuard@Microsoft
[2012/06/21 15:33:31 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\https-everywhere@eff.org
[2012/06/30 15:22:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\staged
[2012/02/02 11:41:31 | 000,599,045 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\FirefoxAddon@similarWeb.com.xpi
[2012/06/21 23:30:22 | 000,525,138 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/02/01 19:11:17 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/26 14:45:32 | 000,045,066 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2012/06/30 15:22:07 | 000,525,346 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/30 15:21:57 | 000,044,994 | ---- | M] () (No name found) -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\extensions\staged\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi
[2009/10/17 16:51:51 | 000,002,171 | ---- | M] () -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\searchplugins\bing.xml
[2012/02/26 20:37:28 | 000,002,519 | ---- | M] () -- C:\Users\Yaya\AppData\Roaming\Mozilla\Firefox\Profiles\4nvjcpsz.default\searchplugins\Search_Results.xml
[2012/10/31 17:51:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/27 13:06:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/13 10:12:21 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.6.2.10\IPSFFPLGN
[2009/11/15 13:35:23 | 000,065,536 | ---- | M] () -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\components\np32asw.dll
[2004/07/02 14:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32asw.dll

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Yaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Yaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Skype Click to Call = C:\Users\Yaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.5.0.11422_0\
CHR - Extension: Norton Identity Protection = C:\Users\Yaya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\

O1 HOSTS File: ([2013/01/25 20:36:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-644690034-744750335-1808933152-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.9.0.9\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-644690034-744750335-1808933152-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save YouTube Video as MP3 - Reg Error: Value error. File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ADCE050-274D-4518-8282-259B9B6BD40E}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Yaya\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Yaya\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 10:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk - C:\Program Files\Dell\QuickSet\quickset.exe - (Dell Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: OEM02Mon.exe - hkey= - key= - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)
MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 0

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/01/30 18:58:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yaya\Desktop\OTL.exe
[2013/01/30 16:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/30 16:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/01/25 20:39:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/25 20:39:20 | 000,000,000 | ---D | C] -- C:\Users\Yaya\AppData\Local\temp
[2013/01/25 20:36:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/25 20:23:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/25 20:23:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/25 20:23:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/25 20:22:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/25 20:21:58 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/25 20:20:12 | 005,026,656 | R--- | C] (Swearware) -- C:\Users\Yaya\Desktop\ComboFix.exe
[2013/01/24 18:51:11 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Yaya\Desktop\tdsskiller.exe
[2013/01/22 19:44:09 | 000,100,352 | ---- | C] (GMER) -- C:\pxldrpow.sys
[2013/01/18 15:58:55 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Yaya\Desktop\dds.com
[2013/01/16 12:53:56 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/01/10 14:19:22 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/10 14:17:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2013/01/30 18:57:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yaya\Desktop\OTL.exe
[2013/01/30 18:54:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FB0A81C9-139D-4DBF-8475-34C97E330CAC}.job
[2013/01/30 18:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/30 18:33:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 18:33:50 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/30 18:27:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 16:52:49 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/30 16:40:31 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/30 16:40:31 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/30 16:35:41 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 16:35:20 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013/01/30 16:35:19 | 000,048,032 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013/01/30 16:33:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/01/30 16:33:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/29 20:35:31 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/01/25 20:36:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/25 20:19:57 | 005,026,656 | R--- | M] (Swearware) -- C:\Users\Yaya\Desktop\ComboFix.exe
[2013/01/24 18:50:29 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Yaya\Desktop\tdsskiller.exe
[2013/01/24 16:55:46 | 000,002,651 | ---- | M] () -- C:\Users\Yaya\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2013/01/22 19:51:28 | 366,010,095 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/22 19:44:09 | 000,100,352 | ---- | M] (GMER) -- C:\pxldrpow.sys
[2013/01/22 19:38:56 | 000,365,568 | ---- | M] () -- C:\Users\Yaya\Desktop\bghx3ce1.exe
[2013/01/18 16:29:12 | 000,000,000 | ---- | M] () -- C:\Users\Yaya\defogger_reenable
[2013/01/18 16:27:49 | 000,050,477 | ---- | M] () -- C:\Users\Yaya\Desktop\Defogger.exe
[2013/01/18 15:58:46 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Yaya\Desktop\dds.com
[2013/01/16 15:49:11 | 000,001,997 | ---- | M] () -- C:\Users\Yaya\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/12 13:26:32 | 000,298,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/11 13:37:01 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/11 13:37:01 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/04 07:34:26 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

========== Files Created - No Company Name ==========

[2013/01/30 16:52:49 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/01/25 20:23:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/25 20:23:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/25 20:23:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/25 20:23:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/25 20:23:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/22 19:51:28 | 366,010,095 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/22 19:39:27 | 000,365,568 | ---- | C] () -- C:\Users\Yaya\Desktop\bghx3ce1.exe
[2013/01/18 16:29:12 | 000,000,000 | ---- | C] () -- C:\Users\Yaya\defogger_reenable
[2013/01/18 16:28:18 | 000,050,477 | ---- | C] () -- C:\Users\Yaya\Desktop\Defogger.exe
[2011/06/26 23:18:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2011/03/26 12:50:01 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/01/12 16:45:09 | 000,000,134 | ---- | C] () -- C:\Users\Yaya\AppData\Roaming\wklnhst.dat
[2008/12/02 19:12:33 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008/12/02 19:12:33 | 000,048,032 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008/12/02 19:04:39 | 000,020,992 | ---- | C] () -- C:\Users\Yaya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/11 22:19:02 | 000,008,484 | ---- | C] () -- C:\Users\Yaya\AppData\Local\d3d9caps.dat
[2008/07/06 18:48:09 | 000,027,240 | ---- | C] () -- C:\Users\Yaya\AppData\Roaming\nvModes.001
[2008/07/06 18:47:56 | 000,027,240 | ---- | C] () -- C:\Users\Yaya\AppData\Roaming\nvModes.dat

========== ZeroAccess Check ==========

[2006/11/03 01:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 19:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 19:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/09 23:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/09 23:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2013/01/18 21:07:04 | 001,248,208 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2012/11/09 20:13:43 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/11/09 23:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/11/09 23:44:47 | 000,638,040 | ---- | M] (Microsoft Corporation)

< End of report >

Extras.txt log files:

OTL Extras logfile created on: 1/30/2013 7:00:14 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yaya\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19393)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.92% Memory free
4.22 Gb Paging File | 2.74 Gb Available in Paging File | 64.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.30 Gb Total Space | 154.72 Gb Free Space | 70.23% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.56 Gb Free Space | 55.61% Space Free | Partition Type: NTFS

Computer Name: YAYA-PC | User Name: Yaya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F5FEC1F-1C18-4E46-92A1-F08BB4F9A6B9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{23E31963-A678-4A96-A69D-AA2A8B30F7D0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{26BD411B-91B8-4F39-833A-7FBC979B64E5}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{4B7989A5-4DD8-4833-B5B1-6B0A68E57D0C}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{6B5CCE54-3818-4B80-87AD-E6587AAAE19D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7BB86D46-7CBC-438A-B510-BC70C830D5D0}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7E4E7B24-0886-4FBA-8DB7-269131F2D8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9736B48B-407B-458D-B316-EDB159FC6BB2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AF76F7A3-2EE7-410A-95E1-4A4EE1285E0C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B850CBC7-518D-4968-B207-DA12210F4AEC}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{B98993EA-9DC9-401A-9322-930C3A7CDC3B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{BFFD1EDF-3CAE-4A4D-B48B-FC4A01CD2790}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D05F367C-FF8B-4D4F-9E1C-11E4F2399772}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D32DD1A5-E345-4782-8E7D-06D6576353F0}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E549E4EE-704F-47DB-AF53-DEB778FF4E2C}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{EE0779FC-66A8-4970-9CDC-0DEBBD507BC6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F5FD6DC1-9EE0-407D-B94E-6E7003E4DBAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{1272E664-A301-4567-BEB5-7DDAD2B62029}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{3E1412B8-0614-4245-9E92-FA0DB90AFF5F}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{9D3AA03C-90AE-48EF-93FB-26FE6252F926}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{9D75ECFE-5E70-4B81-82FA-C6644BBBDD66}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{9F63FEB3-7485-4A10-8D5C-6E81341769E4}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{FEB105B8-9889-44A6-8D74-976A0C0B1AEC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{170EDFF0-10DA-3EB1-9FA0-7B92E3DBD8C1}" = Google Chrome
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = SetPoint
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Digital Editions" = Adobe Digital Editions
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel® PROSet/Wireless Software
"Revo Uninstaller" = Revo Uninstaller 1.94
"Secunia PSI" = Secunia PSI (3.0.0.2004)
"SynTPDeinstKey" = Dell Touchpad

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-644690034-744750335-1808933152-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bd4d3a0508d364f5" = Dell Driver Download Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2012 5:03:51 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5013716

Error - 3/24/2012 5:03:52 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/24/2012 5:03:52 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5014761

Error - 3/24/2012 5:03:52 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5014761

Error - 3/24/2012 5:03:53 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/24/2012 5:03:53 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5015775

Error - 3/24/2012 5:03:53 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5015775

Error - 3/24/2012 5:03:54 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/24/2012 5:03:54 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5016836

Error - 3/24/2012 5:03:54 AM | Computer Name = Yaya-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5016836

[ Media Center Events ]
Error - 10/4/2008 4:05:20 AM | Computer Name = Yaya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2008 2:58:13 AM | Computer Name = Yaya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/30/2009 10:38:23 PM | Computer Name = Yaya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/3/2009 9:59:32 PM | Computer Name = Yaya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/11/2009 10:28:24 PM | Computer Name = Yaya-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 5/1/2011 4:26:04 AM | Computer Name = Yaya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/15/2011 1:44:53 AM | Computer Name = Yaya-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/25/2013 2:51:50 AM | Computer Name = Yaya-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.10 for the Network Card with network
address 001F3BBA8053 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 1/25/2013 3:22:04 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/25/2013 3:25:19 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 1/25/2013 3:26:07 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/25/2013 3:32:19 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/25/2013 3:36:29 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 1/26/2013 8:05:33 PM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 1/26/2013 8:09:55 PM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 1/28/2013 8:43:58 PM | Computer Name = Yaya-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.10 for the Network Card with network
address 001F3BBA8053 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 1/30/2013 12:03:04 AM | Computer Name = Yaya-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Edited by Deeply_confused, 30 January 2013 - 01:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users