Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible browser redirect and maybe a rootkit?


  • Please log in to reply
43 replies to this topic

#1 DeanEx

DeanEx

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 01 July 2013 - 11:45 PM

Hi -

 

I think I might be a victim of a browser hijack or possibly a rootkit.  I'm using Firefox 21.0 & Windows 7 Service Pack 1 x64

 

I've been a little paranoid lately because my Discover ID Theft Alert service notified me Friday that a new loan was opened in my name and reported on my credit history.  I'm still working on that problem, but on to my computer issue:

 

I had to enroll in a new 401K plan last Saturday which required registering in their website.  I typed the address into the Firefox address bar and pressed enter.  Instead of going to the 401K's website, I ended up at onlinefwd.com with a blank webpage.  I got REALLY suspicious.  Google search showed multiple hits regarding a browser redirect virus called onlinefwd.com.  OK, now I'm worried.

 

I typed in the 401k address again and it worked - it was the legitimate site - but I didn't register of course.  I wanted to see if I could reproduce onlinefwd.com showing up.  No luck.

 

I deleted the firefox history to clear the address cache and retyped the 401K URL.  No issues - went to the real website.

 

Still suspicious, I did a full scan of my hard drive with MSE and Malwarebytes (fully updated).  No issues detected.

 

Now it gets interesting:

 

Before finding this website, my research found the usual suggestions for finding possible malware.  One of which was checking firefox add-ons.   Apparently, I installed a plugin-called optimizegoogle a long time ago, but I can't remember.  I did notice that the colors of the google search results page looked slightly different.  Also, the optimizegoogle project was killed last April. http://sourceforge.net/projects/optimizegoogle/

 

In the add-on manager you can view the details of the plugin, which includes a hyperlink to the the website of the creators.  For the heck of it, I clicked on it.  Instead of going to www.optimizegoogle.com, I was redirected to www.dntx.com then immediately to searchtermresults.com, also with blank webpage just like onlinefwd.com.. 

 

[Edit:  deleted the links because I don't want readers to click them]

 

And guess what?  searchtermresults.com is another browser hijacker... Now I'm REALLY worried.

 

I went ahead and removed the plugin.  The google search results look normal.

 

I checked my hosts file which had one entry: a redirect to a romanian server if I used www.bing.com.  The file was modified in 2012.  I don't use bing.  But still, something wrote that there.  Actually, google searching the IP address 94.63.147.17 found more hits of google search redirects and malware....

 

I came across this website and saw lots of similarities to my problem and my paranoia grew further as I learned about rootkits.  So, with the possibility that my identity was stolen and getting a re-direct when I tried to access my 401K website, I REALLY would like someone to walk me through this step by step to make sure there is nothing wrong with my machine.  I do a lot of banking and bill paying on it and bills are due.  I'll reinstall the OS if I have to, but that is moot if my external HD is infected too...

 

Is there someone that can help me out?

 

Thanks,

Dean


Edited by DeanEx, 01 July 2013 - 11:53 PM.


BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:03 PM

Posted 02 July 2013 - 02:15 AM

Hello DeanEx  and Welcome -

:step1: Download Security Check by Screen317 from HERE
* Save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Note: If a security program requests permission to access the Internet, allow it to do so.

 

:step2: Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them.
NOTE : You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe):http://www.bleepingcomputer.com/download/rkill/dl/10/

Double-click on the Rkill desktop icon to run the tool.

  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.
When the scan is done Notepad will open with rKill log.
Post it in your next reply.
NOTE. rKill.txt log will also be present on your desktop.
 

 

:step3: Scan your machine with ESET OnlineScan
1.Hold down Control and click HERE to open ESET OnlineScan in a new window.
2.Click the ESET Online Scanner button.
3.NOTE :.For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

- 1.Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- 2.Double click on the ESET Online Scanner icon on your desktop.

 4.Check "YES, I accept the Terms of Use."
 5.Click the Start button.
 6.Accept any security warnings from your browser.
 7.Under scan settings, check "Scan Archives" and "Remove found threats"
8.Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology

 9.ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time to download the program for a first time, and then download updated data base (1 to 2  hours is not unusual)
10.When the scan completes, click List Threats
11.Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12.Click the Back button.
13.Click the Finish button

 

 

:step4: Download Malwarebytes' Anti-Malware Free (aka MBAM)
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Be sure to reboot the computer after you post the log.

 

 

 

:step5: Download SUPERAntiSpyware Free (aka SAS)
* Double-click SAS -setup.exe and follow the prompts to install the program.
* At the end, be sure to Check for Updates to be sure it is current
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to reboot the computer after you post the log.

NOTE : A second scan of SUPERAntiSpyware is often required.

 

 

Thank You -



#3 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 July 2013 - 04:38 PM

Hi niknojon -

 

Thanks for your reply.  Results as follows:

 

1)  SecurityCheck checkup.txt:

Results of screen317's Security Check version 0.99.68  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 22  
 Java 7 Update 25  
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player 11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.116  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



2) Rkill results:

 

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 07/02/2013 08:28:55 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe (PID: 3472) [WD-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe (PID: 3744) [WD-HEUR]
 * C:\Users\Dean\Local Settings\Apps\F.lux\flux.exe (PID: 3812) [UP-HEUR]
 * C:\Users\Dean\Desktop\SecurityCheck.exe (PID: 2972) [UP-HEUR]

4 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\Dean\Desktop\rkill\rkill-07-02-2013-08-29-01.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 07/02/2013 08:29:36 AM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)



#4 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 July 2013 - 07:39 PM

3) ESET results.  Found a couple.

 

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe    a variant of Win32/HiddenStart.A application    cleaned by deleting - quarantined

 



#5 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:03 PM

Posted 02 July 2013 - 08:02 PM

After MBAM and SAS tools, please run this -

 

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
• If TDSSKiller does not run, try renaming it.
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
• Click the Start Scan button.
Do not use the computer during the scan
•If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
• Copy and paste the contents of that file in your next reply.

 

Thanks -


Edited by noknojon, 02 July 2013 - 08:06 PM.


#6 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 July 2013 - 08:54 PM

4) I already have MBAM.  I updated the database and ran a full scan:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.03.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Dean :: DEANLAPTOP [administrator]

7/2/2013 8:41:51 PM
mbam-log-2013-07-02 (20-41-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 506872
Time elapsed: 1 hour(s), 9 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

moving on to SAS...



#7 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 July 2013 - 09:36 PM

5) SAS Results.  SAS asked me to reboot, so I did then ran it again.  The 1st scan found a few things, but mostly tracking cookies.  The 2nd scan found nothing. 

 

Log from 1st scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2013 at 10:14 PM

Application Version : 5.6.1020

Core Rules Database Version : 10582
Trace Rules Database Version: 8394

Scan type       : Quick Scan
Total Scan Time : 00:06:59

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 711
Memory threats detected   : 0
Registry items scanned    : 60160
Registry threats detected : 2
File items scanned        : 11180
File threats detected     : 219

Malware.Trace
    (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#dplaysvr [ C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe ]
    (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#dplaysvr [ C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe ]

Adware.Tracking Cookie
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@ad.wsod[2].txt [ /ad.wsod ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .doubleclick.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@ads.bleepingcomputer[1].txt [ /ads.bleepingcomputer ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@ads.pointroll[2].txt [ /ads.pointroll ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@advertising[2].txt [ /advertising ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@apmebf[1].txt [ /apmebf ]
    .xiti.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .xiti.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@collective-media[1].txt [ /collective-media ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@imrworldwide[2].txt [ /imrworldwide ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@insightexpressai[1].txt [ /insightexpressai ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@msnportal.112.2o7[1].txt [ /msnportal.112.2o7 ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@pointroll[2].txt [ /pointroll ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@questionmarket[2].txt [ /questionmarket ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\dean@serving-sys[2].txt [ /serving-sys ]
    track.adjump.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .c.atdmt.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\0ZP8MR2P.txt [ /tribalfusion.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\YWNO1AWZ.txt [ /ru4.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\MSRE6ISB.txt [ /interclick.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\SOO8TW7Q.txt [ /at.atwola.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\L7Z1KOQX.txt [ /invitemedia.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\DG4MCXYL.txt [ /atdmt.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\VL0YIX8U.txt [ /ad.360yield.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\YKW7DTB0.txt [ /media6degrees.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\Q17034H1.txt [ /doubleclick.net ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\UJPB68O6.txt [ /ads.monster.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\IE8ITMZE.txt [ /specificclick.net ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .equifaxps.122.2o7.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\4NO6A6R0.txt [ /2o7.net ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\AL1IF75B.txt [ /burstnet.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\IYN8Q1ME.txt [ /247realmedia.com ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\DO7GMK1T.txt [ /ad.yieldmanager.com ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\29DUBO7W.txt [ /fastclick.net ]
    C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Cookies\KOXC1DLN.txt [ /casalemedia.com ]
    .accounts.google.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .accounts.google.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    accounts.youtube.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    accounts.google.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .legolas-media.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    server.iad.liveperson.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .ru4.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .liveperson.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .atlanticmedia.122.2o7.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .statcounter.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .microsoftsto.112.2o7.net [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .atdmt.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .c1.atdmt.com [ C:\USERS\DEAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7P8UNKID.DEFAULT\COOKIES.SQLITE ]
    .imrworldwide.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .imrworldwide.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.youtube.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .atdmt.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .c1.atdmt.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .collective-media.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads2.iweb.cortica.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ru4.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mtvn.112.2o7.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .apmebf.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kontera.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtech.de [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adbrite.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.at.atwola.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tacoda.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ar.atwola.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad2.adfarm1.adition.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adfarm1.adition.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .kanoodle.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adxpose.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pro-market.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .at.atwola.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .yieldmanager.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .traveladvertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media2.legacy.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .specificclick.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media2.legacy.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .www.burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adserver.adtechus.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media2.legacy.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .clickfuse.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .interclick.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .247realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .advertising.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lfstmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .trafficmp.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media.adfrontiers.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    a.intentmedia.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media.adfrontiers.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .network.realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    network.realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    network.realmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .technoratimedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    www.burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tribalfusion.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .burstnet.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    adserving.autotrader.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.pointroll.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    accounts.google.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .accounts.google.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .legolas-media.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .overture.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .invitemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .lucidmedia.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .zedo.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ad.yieldmanager.com [ C:\USERS\DEAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
 

Log from 2nd scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/02/2013 at 10:30 PM

Application Version : 5.6.1020

Core Rules Database Version : 10582
Trace Rules Database Version: 8394

Scan type       : Quick Scan
Total Scan Time : 00:06:28

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 699
Memory threats detected   : 0
Registry items scanned    : 60172
Registry threats detected : 0
File items scanned        : 11181
File threats detected     : 0

 

 

On to TDSS...



#8 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 02 July 2013 - 09:48 PM

Ran TDSS.   Nothing was found:

 

22:39:24.0080 8168  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
22:39:24.0626 8168  ============================================================
22:39:24.0626 8168  Current date / time: 2013/07/02 22:39:24.0626
22:39:24.0626 8168  SystemInfo:
22:39:24.0626 8168  
22:39:24.0626 8168  OS Version: 6.1.7601 ServicePack: 1.0
22:39:24.0626 8168  Product type: Workstation
22:39:24.0626 8168  ComputerName: DEANLAPTOP
22:39:24.0626 8168  UserName: Dean
22:39:24.0626 8168  Windows directory: C:\Windows
22:39:24.0626 8168  System windows directory: C:\Windows
22:39:24.0626 8168  Running under WOW64
22:39:24.0626 8168  Processor architecture: Intel x64
22:39:24.0626 8168  Number of processors: 4
22:39:24.0626 8168  Page size: 0x1000
22:39:24.0626 8168  Boot type: Normal boot
22:39:24.0626 8168  ============================================================
22:39:26.0545 8168  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:39:26.0545 8168  ============================================================
22:39:26.0545 8168  \Device\Harddisk0\DR0:
22:39:26.0545 8168  MBR partitions:
22:39:26.0545 8168  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
22:39:26.0545 8168  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
22:39:26.0545 8168  ============================================================
22:39:26.0561 8168  C: <-> \Device\Harddisk0\DR0\Partition2
22:39:26.0561 8168  ============================================================
22:39:26.0561 8168  Initialize success
22:39:26.0561 8168  ============================================================
22:39:46.0373 0824  ============================================================
22:39:46.0373 0824  Scan started
22:39:46.0373 0824  Mode: Manual;
22:39:46.0373 0824  ============================================================
22:39:46.0622 0824  ================ Scan system memory ========================
22:39:46.0622 0824  System memory - ok
22:39:46.0622 0824  ================ Scan services =============================
22:39:46.0747 0824  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:39:46.0747 0824  !SASCORE - ok
22:39:46.0950 0824  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
22:39:46.0950 0824  1394ohci - ok
22:39:47.0090 0824  [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
22:39:47.0122 0824  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
22:39:47.0153 0824  [ C49C56B35BFC6CDA8D1FDCAD2885568F ] Acceler         C:\Windows\system32\DRIVERS\Acceler.sys
22:39:47.0168 0824  Acceler - ok
22:39:47.0200 0824  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
22:39:47.0200 0824  ACPI - ok
22:39:47.0246 0824  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
22:39:47.0246 0824  AcpiPmi - ok
22:39:47.0309 0824  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:39:47.0309 0824  AdobeARMservice - ok
22:39:47.0449 0824  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:47.0449 0824  AdobeFlashPlayerUpdateSvc - ok
22:39:47.0512 0824  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
22:39:47.0512 0824  adp94xx - ok
22:39:47.0543 0824  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
22:39:47.0558 0824  adpahci - ok
22:39:47.0574 0824  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
22:39:47.0574 0824  adpu320 - ok
22:39:47.0621 0824  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:39:47.0621 0824  AeLookupSvc - ok
22:39:47.0730 0824  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
22:39:47.0746 0824  AESTFilters - ok
22:39:47.0792 0824  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
22:39:47.0792 0824  AFD - ok
22:39:47.0839 0824  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:39:47.0839 0824  agp440 - ok
22:39:47.0855 0824  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
22:39:47.0855 0824  ALG - ok
22:39:47.0870 0824  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
22:39:47.0870 0824  aliide - ok
22:39:47.0902 0824  [ 5989D711769200F0F3E145319250472B ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
22:39:47.0917 0824  AMD External Events Utility - ok
22:39:47.0933 0824  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
22:39:47.0933 0824  amdide - ok
22:39:47.0980 0824  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
22:39:47.0980 0824  AmdK8 - ok
22:39:47.0995 0824  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
22:39:47.0995 0824  AmdPPM - ok
22:39:48.0042 0824  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
22:39:48.0042 0824  amdsata - ok
22:39:48.0073 0824  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
22:39:48.0073 0824  amdsbs - ok
22:39:48.0089 0824  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
22:39:48.0089 0824  amdxata - ok
22:39:48.0151 0824  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
22:39:48.0151 0824  AppID - ok
22:39:48.0182 0824  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
22:39:48.0182 0824  AppIDSvc - ok
22:39:48.0214 0824  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
22:39:48.0214 0824  Appinfo - ok
22:39:48.0292 0824  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:48.0292 0824  Apple Mobile Device - ok
22:39:48.0307 0824  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
22:39:48.0323 0824  arc - ok
22:39:48.0323 0824  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
22:39:48.0338 0824  arcsas - ok
22:39:48.0354 0824  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:48.0354 0824  AsyncMac - ok
22:39:48.0401 0824  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
22:39:48.0401 0824  atapi - ok
22:39:48.0432 0824  [ FB7602C5C508BE281368AAE0B61B51C6 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
22:39:48.0432 0824  AtiHdmiService - ok
22:39:48.0557 0824  [ B5FB227A09A9EC28163FA4B45487C3C7 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:39:48.0682 0824  atikmdag - ok
22:39:48.0728 0824  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:39:48.0760 0824  AudioEndpointBuilder - ok
22:39:48.0775 0824  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
22:39:48.0775 0824  AudioSrv - ok
22:39:48.0822 0824  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
22:39:48.0822 0824  AxInstSV - ok
22:39:48.0869 0824  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
22:39:48.0869 0824  b06bdrv - ok
22:39:48.0916 0824  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
22:39:48.0916 0824  b57nd60a - ok
22:39:48.0962 0824  [ 5C0F919666954885D7760DFFE4B29A25 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
22:39:48.0962 0824  BCM42RLY - ok
22:39:49.0040 0824  [ BAB887A2B2786310A966881F074F4A99 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
22:39:49.0087 0824  BCM43XX - ok
22:39:49.0165 0824  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
22:39:49.0165 0824  BDESVC - ok
22:39:49.0181 0824  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:39:49.0181 0824  Beep - ok
22:39:49.0228 0824  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
22:39:49.0259 0824  BFE - ok
22:39:49.0274 0824  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
22:39:49.0290 0824  BITS - ok
22:39:49.0321 0824  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
22:39:49.0321 0824  blbdrive - ok
22:39:49.0368 0824  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:39:49.0384 0824  Bonjour Service - ok
22:39:49.0430 0824  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:39:49.0430 0824  bowser - ok
22:39:49.0446 0824  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:39:49.0446 0824  BrFiltLo - ok
22:39:49.0462 0824  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:39:49.0462 0824  BrFiltUp - ok
22:39:49.0493 0824  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
22:39:49.0493 0824  Browser - ok
22:39:49.0524 0824  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
22:39:49.0524 0824  Brserid - ok
22:39:49.0555 0824  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
22:39:49.0555 0824  BrSerWdm - ok
22:39:49.0571 0824  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
22:39:49.0571 0824  BrUsbMdm - ok
22:39:49.0586 0824  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
22:39:49.0586 0824  BrUsbSer - ok
22:39:49.0602 0824  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
22:39:49.0602 0824  BTHMODEM - ok
22:39:49.0633 0824  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
22:39:49.0649 0824  bthserv - ok
22:39:49.0680 0824  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:39:49.0680 0824  cdfs - ok
22:39:49.0727 0824  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
22:39:49.0727 0824  cdrom - ok
22:39:49.0774 0824  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
22:39:49.0774 0824  CertPropSvc - ok
22:39:49.0805 0824  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:39:49.0805 0824  circlass - ok
22:39:49.0836 0824  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
22:39:49.0836 0824  CLFS - ok
22:39:49.0914 0824  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:49.0914 0824  clr_optimization_v2.0.50727_32 - ok
22:39:49.0961 0824  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:49.0976 0824  clr_optimization_v2.0.50727_64 - ok
22:39:50.0039 0824  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:50.0070 0824  clr_optimization_v4.0.30319_32 - ok
22:39:50.0101 0824  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:50.0101 0824  clr_optimization_v4.0.30319_64 - ok
22:39:50.0132 0824  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
22:39:50.0132 0824  CmBatt - ok
22:39:50.0179 0824  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:39:50.0179 0824  cmdide - ok
22:39:50.0226 0824  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
22:39:50.0226 0824  CNG - ok
22:39:50.0242 0824  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
22:39:50.0242 0824  Compbatt - ok
22:39:50.0288 0824  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
22:39:50.0288 0824  CompositeBus - ok
22:39:50.0304 0824  COMSysApp - ok
22:39:50.0335 0824  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
22:39:50.0335 0824  crcdisk - ok
22:39:50.0366 0824  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:39:50.0366 0824  CryptSvc - ok
22:39:50.0398 0824  [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
22:39:50.0398 0824  CtClsFlt - ok
22:39:50.0491 0824  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:39:50.0491 0824  DcomLaunch - ok
22:39:50.0538 0824  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
22:39:50.0554 0824  defragsvc - ok
22:39:50.0600 0824  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:39:50.0600 0824  DfsC - ok
22:39:50.0632 0824  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
22:39:50.0632 0824  Dhcp - ok
22:39:50.0663 0824  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
22:39:50.0663 0824  discache - ok
22:39:50.0694 0824  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
22:39:50.0694 0824  Disk - ok
22:39:50.0741 0824  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:39:50.0741 0824  Dnscache - ok
22:39:50.0803 0824  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
22:39:50.0819 0824  DockLoginService - ok
22:39:50.0850 0824  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
22:39:50.0850 0824  dot3svc - ok
22:39:50.0897 0824  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
22:39:50.0897 0824  DPS - ok
22:39:50.0928 0824  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:39:50.0928 0824  drmkaud - ok
22:39:50.0990 0824  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:39:51.0006 0824  DXGKrnl - ok
22:39:51.0053 0824  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
22:39:51.0053 0824  EapHost - ok
22:39:51.0146 0824  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
22:39:51.0162 0824  ebdrv - ok
22:39:51.0209 0824  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
22:39:51.0209 0824  EFS - ok
22:39:51.0302 0824  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:39:51.0302 0824  ehRecvr - ok
22:39:51.0334 0824  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
22:39:51.0334 0824  ehSched - ok
22:39:51.0380 0824  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
22:39:51.0396 0824  elxstor - ok
22:39:51.0427 0824  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:39:51.0427 0824  ErrDev - ok
22:39:51.0474 0824  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
22:39:51.0490 0824  EventSystem - ok
22:39:51.0521 0824  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
22:39:51.0521 0824  exfat - ok
22:39:51.0536 0824  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:39:51.0552 0824  fastfat - ok
22:39:51.0599 0824  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
22:39:51.0630 0824  Fax - ok
22:39:51.0630 0824  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:39:51.0630 0824  fdc - ok
22:39:51.0646 0824  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
22:39:51.0661 0824  fdPHost - ok
22:39:51.0661 0824  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:39:51.0677 0824  FDResPub - ok
22:39:51.0692 0824  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:39:51.0692 0824  FileInfo - ok
22:39:51.0692 0824  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:39:51.0708 0824  Filetrace - ok
22:39:51.0708 0824  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:51.0708 0824  flpydisk - ok
22:39:51.0739 0824  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:39:51.0755 0824  FltMgr - ok
22:39:51.0802 0824  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
22:39:51.0833 0824  FontCache - ok
22:39:51.0895 0824  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:51.0895 0824  FontCache3.0.0.0 - ok
22:39:51.0911 0824  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
22:39:51.0911 0824  FsDepends - ok
22:39:51.0958 0824  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:39:51.0958 0824  Fs_Rec - ok
22:39:52.0004 0824  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
22:39:52.0020 0824  fvevol - ok
22:39:52.0036 0824  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
22:39:52.0036 0824  gagp30kx - ok
22:39:52.0114 0824  [ 1FDA0DF739234C4023851A282DD28704 ] GameConsoleService C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
22:39:52.0114 0824  GameConsoleService - ok
22:39:52.0145 0824  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:52.0145 0824  GEARAspiWDM - ok
22:39:52.0207 0824  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
22:39:52.0223 0824  gpsvc - ok
22:39:52.0254 0824  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
22:39:52.0254 0824  hcw85cir - ok
22:39:52.0301 0824  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
22:39:52.0301 0824  HDAudBus - ok
22:39:52.0348 0824  [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
22:39:52.0348 0824  HECIx64 - ok
22:39:52.0363 0824  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
22:39:52.0363 0824  HidBatt - ok
22:39:52.0379 0824  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
22:39:52.0379 0824  HidBth - ok
22:39:52.0426 0824  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:39:52.0426 0824  HidIr - ok
22:39:52.0457 0824  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
22:39:52.0457 0824  hidserv - ok
22:39:52.0504 0824  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
22:39:52.0504 0824  HidUsb - ok
22:39:52.0535 0824  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:39:52.0535 0824  hkmsvc - ok
22:39:52.0582 0824  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:39:52.0597 0824  HomeGroupListener - ok
22:39:52.0613 0824  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:39:52.0613 0824  HomeGroupProvider - ok
22:39:52.0628 0824  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
22:39:52.0628 0824  HpSAMD - ok
22:39:52.0675 0824  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:39:52.0691 0824  HTTP - ok
22:39:52.0738 0824  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
22:39:52.0738 0824  hwpolicy - ok
22:39:52.0784 0824  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
22:39:52.0784 0824  i8042prt - ok
22:39:52.0816 0824  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
22:39:52.0831 0824  iaStorV - ok
22:39:52.0862 0824  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:52.0878 0824  idsvc - ok
22:39:52.0925 0824  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
22:39:52.0925 0824  iirsp - ok
22:39:52.0972 0824  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
22:39:53.0003 0824  IKEEXT - ok
22:39:53.0018 0824  [ FD5EF1D0210CB9C0773BBA7CA360D762 ] InstallFilterService C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
22:39:53.0018 0824  InstallFilterService - ok
22:39:53.0034 0824  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
22:39:53.0034 0824  intelide - ok
22:39:53.0065 0824  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:39:53.0065 0824  intelppm - ok
22:39:53.0096 0824  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:39:53.0096 0824  IPBusEnum - ok
22:39:53.0128 0824  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:53.0143 0824  IpFilterDriver - ok
22:39:53.0190 0824  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:39:53.0206 0824  iphlpsvc - ok
22:39:53.0252 0824  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
22:39:53.0252 0824  IPMIDRV - ok
22:39:53.0284 0824  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
22:39:53.0284 0824  IPNAT - ok
22:39:53.0346 0824  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
22:39:53.0377 0824  iPod Service - ok
22:39:53.0393 0824  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:39:53.0393 0824  IRENUM - ok
22:39:53.0424 0824  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:39:53.0424 0824  isapnp - ok
22:39:53.0455 0824  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
22:39:53.0455 0824  iScsiPrt - ok
22:39:53.0486 0824  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
22:39:53.0486 0824  kbdclass - ok
22:39:53.0518 0824  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
22:39:53.0518 0824  kbdhid - ok
22:39:53.0549 0824  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
22:39:53.0549 0824  KeyIso - ok
22:39:53.0580 0824  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:39:53.0580 0824  KSecDD - ok
22:39:53.0611 0824  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
22:39:53.0611 0824  KSecPkg - ok
22:39:53.0658 0824  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
22:39:53.0658 0824  ksthunk - ok
22:39:53.0705 0824  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:39:53.0720 0824  KtmRm - ok
22:39:53.0752 0824  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
22:39:53.0752 0824  LanmanServer - ok
22:39:53.0783 0824  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:39:53.0798 0824  LanmanWorkstation - ok
22:39:53.0830 0824  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:39:53.0830 0824  lltdio - ok
22:39:53.0861 0824  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:39:53.0876 0824  lltdsvc - ok
22:39:53.0892 0824  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:39:53.0908 0824  lmhosts - ok
22:39:53.0954 0824  [ 7485FBCEF9136F530953575E2977859D ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:39:53.0954 0824  LMS - ok
22:39:54.0001 0824  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
22:39:54.0001 0824  LSI_FC - ok
22:39:54.0017 0824  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
22:39:54.0017 0824  LSI_SAS - ok
22:39:54.0032 0824  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:39:54.0032 0824  LSI_SAS2 - ok
22:39:54.0064 0824  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:39:54.0064 0824  LSI_SCSI - ok
22:39:54.0079 0824  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:39:54.0079 0824  luafv - ok
22:39:54.0110 0824  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:39:54.0110 0824  Mcx2Svc - ok
22:39:54.0126 0824  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
22:39:54.0142 0824  megasas - ok
22:39:54.0157 0824  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
22:39:54.0157 0824  MegaSR - ok
22:39:54.0204 0824  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
22:39:54.0204 0824  MMCSS - ok
22:39:54.0220 0824  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
22:39:54.0220 0824  Modem - ok
22:39:54.0235 0824  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:39:54.0235 0824  monitor - ok
22:39:54.0282 0824  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
22:39:54.0282 0824  mouclass - ok
22:39:54.0313 0824  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:39:54.0313 0824  mouhid - ok
22:39:54.0360 0824  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
22:39:54.0360 0824  mountmgr - ok
22:39:54.0422 0824  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:54.0438 0824  MozillaMaintenance - ok
22:39:54.0485 0824  [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
22:39:54.0500 0824  MpFilter - ok
22:39:54.0532 0824  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:39:54.0532 0824  mpio - ok
22:39:54.0563 0824  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:39:54.0563 0824  mpsdrv - ok
22:39:54.0625 0824  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:39:54.0641 0824  MpsSvc - ok
22:39:54.0688 0824  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:39:54.0688 0824  MRxDAV - ok
22:39:54.0719 0824  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:54.0719 0824  mrxsmb - ok
22:39:54.0922 0824  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:54.0922 0824  mrxsmb10 - ok
22:39:54.0937 0824  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:54.0937 0824  mrxsmb20 - ok
22:39:54.0968 0824  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:39:54.0968 0824  msahci - ok
22:39:55.0000 0824  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:39:55.0000 0824  msdsm - ok
22:39:55.0015 0824  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
22:39:55.0031 0824  MSDTC - ok
22:39:55.0062 0824  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:39:55.0062 0824  Msfs - ok
22:39:55.0078 0824  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
22:39:55.0078 0824  mshidkmdf - ok
22:39:55.0109 0824  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:39:55.0109 0824  msisadrv - ok
22:39:55.0156 0824  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:39:55.0156 0824  MSiSCSI - ok
22:39:55.0171 0824  msiserver - ok
22:39:55.0187 0824  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:39:55.0187 0824  MSKSSRV - ok
22:39:55.0265 0824  [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:39:55.0265 0824  MsMpSvc - ok
22:39:55.0296 0824  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:55.0312 0824  MSPCLOCK - ok
22:39:55.0327 0824  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:39:55.0327 0824  MSPQM - ok
22:39:55.0358 0824  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:39:55.0374 0824  MsRPC - ok
22:39:55.0405 0824  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
22:39:55.0405 0824  mssmbios - ok
22:39:55.0421 0824  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:39:55.0421 0824  MSTEE - ok
22:39:55.0436 0824  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
22:39:55.0436 0824  MTConfig - ok
22:39:55.0452 0824  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:39:55.0452 0824  Mup - ok
22:39:55.0468 0824  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
22:39:55.0483 0824  napagent - ok
22:39:55.0514 0824  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:39:55.0514 0824  NativeWifiP - ok
22:39:55.0577 0824  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:39:55.0592 0824  NDIS - ok
22:39:55.0624 0824  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
22:39:55.0624 0824  NdisCap - ok
22:39:55.0639 0824  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:55.0639 0824  NdisTapi - ok
22:39:55.0670 0824  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:55.0670 0824  Ndisuio - ok
22:39:55.0717 0824  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:55.0717 0824  NdisWan - ok
22:39:55.0764 0824  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:39:55.0764 0824  NDProxy - ok
22:39:55.0795 0824  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:39:55.0795 0824  NetBIOS - ok
22:39:55.0826 0824  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
22:39:55.0826 0824  NetBT - ok
22:39:55.0842 0824  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
22:39:55.0842 0824  Netlogon - ok
22:39:55.0873 0824  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
22:39:55.0889 0824  Netman - ok
22:39:55.0920 0824  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
22:39:55.0936 0824  netprofm - ok
22:39:55.0967 0824  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:39:55.0967 0824  NetTcpPortSharing - ok
22:39:55.0982 0824  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
22:39:55.0982 0824  nfrd960 - ok
22:39:56.0045 0824  [ 162100E0BC8377710F9D170631921C03 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:39:56.0060 0824  NisDrv - ok
22:39:56.0092 0824  [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
22:39:56.0107 0824  NisSrv - ok
22:39:56.0138 0824  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:39:56.0154 0824  NlaSvc - ok
22:39:56.0154 0824  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:39:56.0170 0824  Npfs - ok
22:39:56.0201 0824  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
22:39:56.0201 0824  nsi - ok
22:39:56.0216 0824  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:39:56.0216 0824  nsiproxy - ok
22:39:56.0279 0824  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:39:56.0310 0824  Ntfs - ok
22:39:56.0341 0824  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
22:39:56.0341 0824  Null - ok
22:39:56.0372 0824  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:39:56.0388 0824  nvraid - ok
22:39:56.0404 0824  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:39:56.0404 0824  nvstor - ok
22:39:56.0435 0824  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:39:56.0435 0824  nv_agp - ok
22:39:56.0466 0824  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
22:39:56.0466 0824  ohci1394 - ok
22:39:56.0497 0824  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:56.0513 0824  ose - ok
22:39:56.0684 0824  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:39:56.0794 0824  osppsvc - ok
22:39:56.0825 0824  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
22:39:56.0840 0824  p2pimsvc - ok
22:39:56.0856 0824  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:39:56.0856 0824  p2psvc - ok
22:39:56.0903 0824  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
22:39:56.0903 0824  Parport - ok
22:39:56.0934 0824  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:39:56.0934 0824  partmgr - ok
22:39:56.0950 0824  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:39:56.0965 0824  PcaSvc - ok
22:39:57.0043 0824  [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{D3412D80-CF3B4A27-06020200}_0 c:\program files\my dell\pcdsrvc_x64.pkms
22:39:57.0106 0824  PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - ok
22:39:57.0152 0824  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
22:39:57.0152 0824  pci - ok
22:39:57.0184 0824  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
22:39:57.0184 0824  pciide - ok
22:39:57.0215 0824  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
22:39:57.0215 0824  pcmcia - ok
22:39:57.0246 0824  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
22:39:57.0246 0824  pcw - ok
22:39:57.0277 0824  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:39:57.0277 0824  PEAUTH - ok
22:39:57.0386 0824  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
22:39:57.0386 0824  PerfHost - ok
22:39:57.0464 0824  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
22:39:57.0511 0824  pla - ok
22:39:57.0558 0824  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:39:57.0574 0824  PlugPlay - ok
22:39:57.0605 0824  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
22:39:57.0605 0824  PNRPAutoReg - ok
22:39:57.0620 0824  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
22:39:57.0636 0824  PNRPsvc - ok
22:39:57.0652 0824  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:39:57.0667 0824  PolicyAgent - ok
22:39:57.0714 0824  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
22:39:57.0714 0824  Power - ok
22:39:57.0761 0824  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:39:57.0761 0824  PptpMiniport - ok
22:39:57.0776 0824  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
22:39:57.0776 0824  Processor - ok
22:39:57.0823 0824  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:39:57.0823 0824  ProfSvc - ok
22:39:57.0839 0824  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:39:57.0839 0824  ProtectedStorage - ok
22:39:57.0870 0824  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
22:39:57.0870 0824  Psched - ok
22:39:57.0901 0824  [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
22:39:57.0901 0824  PxHlpa64 - ok
22:39:57.0964 0824  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
22:39:57.0995 0824  ql2300 - ok
22:39:58.0010 0824  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
22:39:58.0010 0824  ql40xx - ok
22:39:58.0042 0824  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
22:39:58.0042 0824  QWAVE - ok
22:39:58.0057 0824  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:39:58.0057 0824  QWAVEdrv - ok
22:39:58.0073 0824  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:39:58.0073 0824  RasAcd - ok
22:39:58.0120 0824  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
22:39:58.0120 0824  RasAgileVpn - ok
22:39:58.0135 0824  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
22:39:58.0151 0824  RasAuto - ok
22:39:58.0182 0824  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:58.0182 0824  Rasl2tp - ok
22:39:58.0229 0824  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
22:39:58.0244 0824  RasMan - ok
22:39:58.0260 0824  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:58.0260 0824  RasPppoe - ok
22:39:58.0276 0824  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:39:58.0276 0824  RasSstp - ok
22:39:58.0322 0824  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:39:58.0322 0824  rdbss - ok
22:39:58.0338 0824  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
22:39:58.0338 0824  rdpbus - ok
22:39:58.0369 0824  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:58.0369 0824  RDPCDD - ok
22:39:58.0385 0824  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:39:58.0385 0824  RDPENCDD - ok
22:39:58.0400 0824  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
22:39:58.0400 0824  RDPREFMP - ok
22:39:58.0432 0824  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:39:58.0432 0824  RDPWD - ok
22:39:58.0478 0824  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
22:39:58.0478 0824  rdyboost - ok
22:39:58.0510 0824  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:39:58.0525 0824  RemoteAccess - ok
22:39:58.0556 0824  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:39:58.0556 0824  RemoteRegistry - ok
22:39:58.0588 0824  [ 6FAF5B04BEDC66D300D9D233B2D222F0 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
22:39:58.0588 0824  rimmptsk - ok
22:39:58.0619 0824  [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci         C:\Windows\system32\DRIVERS\rimspe64.sys
22:39:58.0619 0824  rimspci - ok
22:39:58.0634 0824  [ 67F50C31713106FD1B0F286F86AA2B2E ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
22:39:58.0634 0824  rimsptsk - ok
22:39:58.0650 0824  [ A6DA2B0C8F5BB3F9F5423CFF8D6A02D9 ] risdpcie        C:\Windows\system32\DRIVERS\risdpe64.sys
22:39:58.0650 0824  risdpcie - ok
22:39:58.0666 0824  [ 4D7EF3D46346EC4C58784DB964B365DE ] rismxdp         C:\Windows\system32\DRIVERS\rixdpx64.sys
22:39:58.0666 0824  rismxdp - ok
22:39:58.0681 0824  [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie        C:\Windows\system32\DRIVERS\rixdpe64.sys
22:39:58.0681 0824  rixdpcie - ok
22:39:58.0697 0824  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
22:39:58.0697 0824  RpcEptMapper - ok
22:39:58.0728 0824  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
22:39:58.0728 0824  RpcLocator - ok
22:39:58.0775 0824  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
22:39:58.0775 0824  RpcSs - ok
22:39:58.0822 0824  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:39:58.0822 0824  rspndr - ok
22:39:58.0853 0824  [ 4B42BC58294E83A6A92EC8B88C14C4A3 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
22:39:58.0853 0824  RTL8167 - ok
22:39:58.0868 0824  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
22:39:58.0868 0824  SamSs - ok
22:39:58.0931 0824  [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:39:58.0931 0824  SASDIFSV - ok
22:39:58.0962 0824  [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:39:58.0962 0824  SASKUTIL - ok
22:39:59.0009 0824  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:39:59.0009 0824  sbp2port - ok
22:39:59.0056 0824  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:39:59.0056 0824  SCardSvr - ok
22:39:59.0087 0824  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
22:39:59.0087 0824  scfilter - ok
22:39:59.0149 0824  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
22:39:59.0180 0824  Schedule - ok
22:39:59.0212 0824  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:39:59.0212 0824  SCPolicySvc - ok
22:39:59.0227 0824  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:39:59.0243 0824  SDRSVC - ok
22:39:59.0321 0824  [ 16A252022535B680046F6E34E136D378 ] SeaPort         C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:39:59.0321 0824  SeaPort - ok
22:39:59.0368 0824  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:39:59.0368 0824  secdrv - ok
22:39:59.0414 0824  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
22:39:59.0414 0824  seclogon - ok
22:39:59.0446 0824  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
22:39:59.0461 0824  SENS - ok
22:39:59.0461 0824  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
22:39:59.0461 0824  SensrSvc - ok
22:39:59.0492 0824  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
22:39:59.0492 0824  Serenum - ok
22:39:59.0586 0824  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
22:39:59.0586 0824  Serial - ok
22:39:59.0633 0824  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
22:39:59.0633 0824  sermouse - ok
22:39:59.0695 0824  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:39:59.0711 0824  SessionEnv - ok
22:39:59.0742 0824  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:39:59.0742 0824  sffdisk - ok
22:39:59.0742 0824  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:39:59.0742 0824  sffp_mmc - ok
22:39:59.0758 0824  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:39:59.0758 0824  sffp_sd - ok
22:39:59.0773 0824  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:39:59.0773 0824  sfloppy - ok
22:39:59.0836 0824  [ 74EC60E20516AAA573BE74F31175270F ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:39:59.0898 0824  SftService - ok
22:39:59.0945 0824  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:39:59.0960 0824  SharedAccess - ok
22:40:00.0007 0824  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:40:00.0007 0824  ShellHWDetection - ok
22:40:00.0038 0824  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:40:00.0038 0824  SiSRaid2 - ok
22:40:00.0054 0824  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
22:40:00.0054 0824  SiSRaid4 - ok
22:40:00.0085 0824  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:40:00.0085 0824  Smb - ok
22:40:00.0132 0824  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:40:00.0148 0824  SNMPTRAP - ok
22:40:00.0148 0824  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:40:00.0148 0824  spldr - ok
22:40:00.0210 0824  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
22:40:00.0226 0824  Spooler - ok
22:40:00.0335 0824  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
22:40:00.0413 0824  sppsvc - ok
22:40:00.0444 0824  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
22:40:00.0444 0824  sppuinotify - ok
22:40:00.0475 0824  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:40:00.0491 0824  srv - ok
22:40:00.0506 0824  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:40:00.0506 0824  srv2 - ok
22:40:00.0538 0824  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:40:00.0538 0824  srvnet - ok
22:40:00.0569 0824  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:40:00.0569 0824  SSDPSRV - ok
22:40:00.0584 0824  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:40:00.0600 0824  SstpSvc - ok
22:40:00.0709 0824  [ DA7702025DFD169B909C4DA3126762CC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
22:40:00.0725 0824  STacSV - ok
22:40:00.0756 0824  [ C48E0745D33897C7A73394214F2B9B4F ] stdflt          C:\Windows\system32\DRIVERS\stdflt.sys
22:40:00.0756 0824  stdflt - ok
22:40:00.0787 0824  Steam Client Service - ok
22:40:00.0818 0824  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
22:40:00.0818 0824  stexstor - ok
22:40:00.0881 0824  [ CAF5A9708671B14B9670260735B22C4E ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
22:40:00.0881 0824  STHDA - ok
22:40:00.0928 0824  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
22:40:00.0943 0824  stisvc - ok
22:40:00.0974 0824  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
22:40:00.0974 0824  swenum - ok
22:40:01.0021 0824  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
22:40:01.0037 0824  swprv - ok
22:40:01.0068 0824  [ 639B57DC871BE4B86283027FAF1F4E30 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
22:40:01.0084 0824  SynTP - ok
22:40:01.0146 0824  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
22:40:01.0208 0824  SysMain - ok
22:40:01.0240 0824  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:40:01.0240 0824  TabletInputService - ok
22:40:01.0286 0824  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:40:01.0286 0824  TapiSrv - ok
22:40:01.0318 0824  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
22:40:01.0318 0824  TBS - ok
22:40:01.0380 0824  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:40:01.0396 0824  Tcpip - ok
22:40:01.0458 0824  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
22:40:01.0474 0824  TCPIP6 - ok
22:40:01.0520 0824  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:40:01.0520 0824  tcpipreg - ok
22:40:01.0552 0824  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:40:01.0552 0824  TDPIPE - ok
22:40:01.0583 0824  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:40:01.0583 0824  TDTCP - ok
22:40:01.0630 0824  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:40:01.0630 0824  tdx - ok
22:40:01.0661 0824  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
22:40:01.0661 0824  TermDD - ok
22:40:01.0692 0824  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
22:40:01.0708 0824  TermService - ok
22:40:01.0754 0824  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
22:40:01.0754 0824  Themes - ok
22:40:01.0786 0824  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
22:40:01.0801 0824  THREADORDER - ok
22:40:01.0817 0824  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
22:40:01.0817 0824  TrkWks - ok
22:40:01.0864 0824  [ 8DE922CD4FEA6F83B10805DF965B9A08 ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
22:40:01.0864 0824  truecrypt - ok
22:40:01.0942 0824  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:40:01.0942 0824  TrustedInstaller - ok
22:40:01.0973 0824  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:40:01.0973 0824  tssecsrv - ok
22:40:02.0020 0824  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
22:40:02.0020 0824  TsUsbFlt - ok
22:40:02.0082 0824  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:40:02.0082 0824  tunnel - ok
22:40:02.0113 0824  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
22:40:02.0113 0824  uagp35 - ok
22:40:02.0129 0824  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:40:02.0144 0824  udfs - ok
22:40:02.0176 0824  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:40:02.0176 0824  UI0Detect - ok
22:40:02.0207 0824  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:40:02.0207 0824  uliagpkx - ok
22:40:02.0238 0824  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
22:40:02.0238 0824  umbus - ok
22:40:02.0269 0824  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
22:40:02.0269 0824  UmPass - ok
22:40:02.0347 0824  [ 765F2DD351BA064F657751D8D75E58C0 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:40:02.0410 0824  UNS - ok
22:40:02.0456 0824  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
22:40:02.0456 0824  upnphost - ok
22:40:02.0503 0824  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
22:40:02.0503 0824  USBAAPL64 - ok
22:40:02.0566 0824  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:40:02.0566 0824  usbaudio - ok
22:40:02.0597 0824  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:40:02.0597 0824  usbccgp - ok
22:40:02.0644 0824  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:40:02.0644 0824  usbcir - ok
22:40:02.0659 0824  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
22:40:02.0659 0824  usbehci - ok
22:40:02.0675 0824  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:40:02.0675 0824  usbhub - ok
22:40:02.0690 0824  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:40:02.0690 0824  usbohci - ok
22:40:02.0737 0824  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:40:02.0737 0824  usbprint - ok
22:40:02.0768 0824  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:40:02.0768 0824  usbscan - ok
22:40:02.0800 0824  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:40:02.0800 0824  USBSTOR - ok
22:40:02.0800 0824  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
22:40:02.0800 0824  usbuhci - ok
22:40:02.0831 0824  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
22:40:02.0831 0824  usbvideo - ok
22:40:02.0862 0824  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
22:40:02.0862 0824  UxSms - ok
22:40:02.0878 0824  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
22:40:02.0878 0824  VaultSvc - ok
22:40:02.0893 0824  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
22:40:02.0893 0824  vdrvroot - ok
22:40:02.0940 0824  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
22:40:02.0956 0824  vds - ok
22:40:02.0987 0824  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:40:02.0987 0824  vga - ok
22:40:03.0002 0824  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:40:03.0002 0824  VgaSave - ok
22:40:03.0034 0824  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
22:40:03.0034 0824  vhdmp - ok
22:40:03.0049 0824  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
22:40:03.0049 0824  viaide - ok
22:40:03.0065 0824  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:40:03.0065 0824  volmgr - ok
22:40:03.0112 0824  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:40:03.0112 0824  volmgrx - ok
22:40:03.0127 0824  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:40:03.0127 0824  volsnap - ok
22:40:03.0158 0824  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
22:40:03.0158 0824  vsmraid - ok
22:40:03.0221 0824  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
22:40:03.0283 0824  VSS - ok
22:40:03.0299 0824  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
22:40:03.0299 0824  vwifibus - ok
22:40:03.0314 0824  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
22:40:03.0330 0824  vwififlt - ok
22:40:03.0377 0824  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
22:40:03.0377 0824  vwifimp - ok
22:40:03.0455 0824  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
22:40:03.0470 0824  W32Time - ok
22:40:03.0502 0824  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
22:40:03.0502 0824  WacomPen - ok
22:40:03.0564 0824  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
22:40:03.0564 0824  WANARP - ok
22:40:03.0564 0824  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:40:03.0564 0824  Wanarpv6 - ok
22:40:03.0642 0824  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
22:40:03.0658 0824  WatAdminSvc - ok
22:40:03.0736 0824  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
22:40:03.0782 0824  wbengine - ok
22:40:03.0814 0824  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
22:40:03.0829 0824  WbioSrvc - ok
22:40:03.0845 0824  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:40:03.0860 0824  wcncsvc - ok
22:40:03.0876 0824  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:40:03.0876 0824  WcsPlugInService - ok
22:40:03.0907 0824  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
22:40:03.0907 0824  Wd - ok
22:40:03.0954 0824  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:40:03.0954 0824  Wdf01000 - ok
22:40:03.0985 0824  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:40:03.0985 0824  WdiServiceHost - ok
22:40:03.0985 0824  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:40:03.0985 0824  WdiSystemHost - ok
22:40:04.0032 0824  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
22:40:04.0032 0824  WebClient - ok
22:40:04.0048 0824  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:40:04.0048 0824  Wecsvc - ok
22:40:04.0063 0824  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:40:04.0063 0824  wercplsupport - ok
22:40:04.0094 0824  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:40:04.0094 0824  WerSvc - ok
22:40:04.0126 0824  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
22:40:04.0126 0824  WfpLwf - ok
22:40:04.0157 0824  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
22:40:04.0157 0824  WimFltr - ok
22:40:04.0172 0824  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
22:40:04.0172 0824  WIMMount - ok
22:40:04.0188 0824  WinDefend - ok
22:40:04.0188 0824  WinHttpAutoProxySvc - ok
22:40:04.0266 0824  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:40:04.0282 0824  Winmgmt - ok
22:40:04.0344 0824  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
22:40:04.0422 0824  WinRM - ok
22:40:04.0547 0824  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
22:40:04.0547 0824  WinUsb - ok
22:40:04.0609 0824  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:40:04.0640 0824  Wlansvc - ok
22:40:04.0781 0824  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:40:04.0874 0824  wlidsvc - ok
22:40:04.0890 0824  [ A96D6C0613DCF84F2D07FAEB75663072 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
22:40:04.0906 0824  wltrysvc - ok
22:40:04.0937 0824  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:40:04.0937 0824  WmiAcpi - ok
22:40:04.0984 0824  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:40:04.0984 0824  wmiApSrv - ok
22:40:04.0999 0824  WMPNetworkSvc - ok
22:40:05.0015 0824  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:40:05.0015 0824  WPCSvc - ok
22:40:05.0030 0824  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:40:05.0046 0824  WPDBusEnum - ok
22:40:05.0062 0824  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:40:05.0062 0824  ws2ifsl - ok
22:40:05.0077 0824  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
22:40:05.0093 0824  wscsvc - ok
22:40:05.0093 0824  WSearch - ok
22:40:05.0171 0824  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:40:05.0218 0824  wuauserv - ok
22:40:05.0249 0824  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:40:05.0249 0824  WudfPf - ok
22:40:05.0296 0824  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:40:05.0296 0824  WUDFRd - ok
22:40:05.0327 0824  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:40:05.0327 0824  wudfsvc - ok
22:40:05.0374 0824  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
22:40:05.0374 0824  WwanSvc - ok
22:40:05.0405 0824  ================ Scan global ===============================
22:40:05.0436 0824  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:40:05.0467 0824  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:40:05.0483 0824  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:40:05.0514 0824  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:40:05.0530 0824  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:40:05.0545 0824  [Global] - ok
22:40:05.0545 0824  ================ Scan MBR ==================================
22:40:05.0561 0824  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
22:40:05.0873 0824  \Device\Harddisk0\DR0 - ok
22:40:05.0873 0824  ================ Scan VBR ==================================
22:40:05.0873 0824  [ 3D9D29FB97DC3555F5C5013EE94D2649 ] \Device\Harddisk0\DR0\Partition1
22:40:05.0873 0824  \Device\Harddisk0\DR0\Partition1 - ok
22:40:05.0904 0824  [ A883389ABD1C5C98901FD0BDC4FD521F ] \Device\Harddisk0\DR0\Partition2
22:40:05.0904 0824  \Device\Harddisk0\DR0\Partition2 - ok
22:40:05.0904 0824  ============================================================
22:40:05.0904 0824  Scan finished
22:40:05.0904 0824  ============================================================
22:40:05.0920 0712  Detected object count: 0
22:40:05.0920 0712  Actual detected object count: 0
 

I noticed under "change parameters" that loaded modules and detect TDFLS file systems were unchecked.  Moderators in other threads recommended checking that.  Should I check those and try again?

 

Thanks for your help so far.



#9 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:03 PM

Posted 02 July 2013 - 11:45 PM

>> I noticed under "change parameters" that loaded modules and detect TDFLS file systems were unchecked.  Moderators in other threads recommended checking that.  Should I check those and try again? <<

Good pick up - Yes please rescan and see if there are other results.

 

 

Registry threats detected : 2  Malware.Trace
    (x86) HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#dplaysvr [ C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe ]
    (x86) HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#dplaysvr [ C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe ]
<< From your SAS scan these 2 items are infections, but I hope they are now removed

 

Please also post a MiniToolBox for me -

Please download MiniToolBox, Save it to your desktop and run it.
Close any Firefox browsers you may have open to reset Firefox settings -
Checkmark the following boxes:
•Flush DNS
•Report IE Proxy Settings
•Reset IE Proxy Settings
•Report FF Proxy Settings
•Reset FF Proxy Settings
•List content of Hosts
•List last 10 Event Viewer log
•List Installed Programs
 Click Go and copy / paste the result (Result.txt).

 

 

Thanks -



#10 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 July 2013 - 06:19 AM

noknojon -

Let's slow down a sec.

TDSSKiller found 1 threat under TDSS File System.  Your instructions say to select "cure", but there is no cure option.  See below.

 

3TWzAT5.png

 

Please advise.

 

- Dean



#11 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:03 PM

Posted 03 July 2013 - 06:29 AM

Select SKIP and continue with the scan -

Once you post the log I can review the items found

 

Thanks -



#12 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 July 2013 - 06:50 AM

OK, selected skip.

 

Tried to post the log but error message came up post_too_long.

 

I trimmed the log down - everything <snipped> was listed as OK.   Curious about the MBR results.

 

06:53:19.0741 4432  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
06:53:20.0147 4432  ============================================================
06:53:20.0147 4432  Current date / time: 2013/07/03 06:53:20.0147
06:53:20.0147 4432  SystemInfo:
06:53:20.0147 4432  
06:53:20.0147 4432  OS Version: 6.1.7601 ServicePack: 1.0
06:53:20.0147 4432  Product type: Workstation
06:53:20.0147 4432  ComputerName: DEANLAPTOP
06:53:20.0147 4432  UserName: Dean
06:53:20.0147 4432  Windows directory: C:\Windows
06:53:20.0147 4432  System windows directory: C:\Windows
06:53:20.0147 4432  Running under WOW64
06:53:20.0147 4432  Processor architecture: Intel x64
06:53:20.0147 4432  Number of processors: 4
06:53:20.0147 4432  Page size: 0x1000
06:53:20.0147 4432  Boot type: Normal boot
06:53:20.0147 4432  ============================================================
06:53:20.0147 4432  BG loaded
06:53:21.0410 4432  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags

0x00000040
06:53:21.0426 4432  ============================================================
06:53:21.0426 4432  \Device\Harddisk0\DR0:
06:53:21.0426 4432  MBR partitions:
06:53:21.0426 4432  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
06:53:21.0426 4432  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B
06:53:21.0426 4432  ============================================================
06:53:21.0660 4432  C: <-> \Device\Harddisk0\DR0\Partition2
06:53:21.0660 4432  ============================================================
06:53:21.0660 4432  Initialize success
06:53:21.0660 4432  ============================================================
06:53:38.0551 6976  ============================================================
06:53:38.0551 6976  Scan started
06:53:38.0551 6976  Mode: Manual; TDLFS;
06:53:38.0551 6976  ============================================================
06:53:47.0818 6976  ================ Scan system memory ========================
06:53:47.0818 6976  System memory - ok
06:53:47.0818 6976  ================ Scan services =============================
06:53:48.0052 6976  [ ABDCD326E1DD1C62509ED94C278A7453 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
06:53:48.0114 6976  !SASCORE - ok
...
<snip>
...
06:54:22.0452 6976  WwanSvc - ok
06:54:22.0467 6976  ================ Scan global ===============================
06:54:22.0499 6976  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:54:22.0545 6976  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
06:54:22.0561 6976  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
06:54:22.0608 6976  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:54:22.0655 6976  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:54:22.0655 6976  [Global] - ok
06:54:22.0655 6976  ================ Scan MBR ==================================
06:54:22.0686 6976  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
06:54:24.0698 6976  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
06:54:24.0698 6976  \Device\Harddisk0\DR0 - detected TDSS File System (1)

06:54:24.0698 6976  ================ Scan VBR ==================================
06:54:24.0729 6976  [ 3D9D29FB97DC3555F5C5013EE94D2649 ] \Device\Harddisk0\DR0\Partition1
06:54:24.0729 6976  \Device\Harddisk0\DR0\Partition1 - ok
06:54:24.0761 6976  [ A883389ABD1C5C98901FD0BDC4FD521F ] \Device\Harddisk0\DR0\Partition2
06:54:24.0761 6976  \Device\Harddisk0\DR0\Partition2 - ok
06:54:24.0761 6976  ================ Scan active images ========================
06:54:24.0761 6976  [ 3E588B60EC061686BA05D33574A344C6 ] C:\Windows\System32\drivers\crashdmp.sys
06:54:24.0761 6976  C:\Windows\System32\drivers\crashdmp.sys - ok
...
<snip>
...
06:54:29.0456 6976  C:\Windows\System32\drttransport.dll - ok
06:54:29.0456 6976  ============================================================
06:54:29.0456 6976  Scan finished
06:54:29.0456 6976  ============================================================
06:54:29.0472 6964  Detected object count: 1
06:54:29.0472 6964  Actual detected object count: 1
07:24:32.0895 6964  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
07:24:32.0895 6964  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

 



#13 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 July 2013 - 06:52 AM

Minitoolbox results:

MiniToolBox by Farbar  Version: 16-06-2013
Ran by Dean (administrator) on 03-07-2013 at 07:26:25
Running from "C:\Users\Dean\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================




========================= Event log errors: ===============================

Application errors:
==================
Error: (07/03/2013 01:49:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/03/2013 01:48:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 05:41:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 05:41:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 05:41:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 05:41:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 05:40:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/02/2013 02:35:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/01/2013 07:01:20 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (06/30/2013 04:05:48 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (07/03/2013 06:53:46 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (07/03/2013 06:53:16 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (07/02/2013 10:22:10 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (07/02/2013 10:21:40 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (07/02/2013 09:58:15 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2013 10:11:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2013 08:34:57 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2013 08:34:27 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2013 06:12:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

Error: (06/30/2013 01:34:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.


Microsoft Office Sessions:
=========================
Error: (07/03/2013 01:49:01 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (07/03/2013 01:48:23 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (07/02/2013 05:41:28 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dean\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2013 05:41:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dean\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2013 05:41:25 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dean\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2013 05:41:01 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dean\Desktop\esetsmartinstaller_enu.exe

Error: (07/02/2013 05:40:54 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Dean\Downloads\esetsmartinstaller_enu.exe

Error: (07/02/2013 02:35:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (07/01/2013 07:01:20 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Program Files (x86)\Cozi Express\CoziExpress.exe

Error: (06/30/2013 04:05:48 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe


=========================== Installed Programs ============================

ABBYY FineReader 9.0 Sprint (Version: 9.01.514.58214)
Accelerometer (Version: 1.06.08.17)
Adesso EZScan 2000 (Version: 4.0.0)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Advanced Audio FX Engine (Version: 1.12.05)
Amazon MP3 Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
ATI Catalyst Control Center (Version: 2.009.1118.1259)
Audacity 2.0.2 (Version: 2.0.2)
Banctec Service Agreement (Version: 2.0.0)
Bejeweled 3
Bonjour (Version: 3.0.0.10)
Canon CanoScan Toolbox 5.0
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Full Existing (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Full New (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Light (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Previews Common (Version: 2009.1118.1260.23275)
Catalyst Control Center Graphics Previews Vista (Version: 2009.1118.1260.23275)
Catalyst Control Center InstallProxy (Version: 2009.1118.1260.23275)
Catalyst Control Center Localization All (Version: 2009.1118.1260.23275)
CCC Help Chinese Standard (Version: 2009.1118.1259.23275)
CCC Help Chinese Traditional (Version: 2009.1118.1259.23275)
CCC Help Danish (Version: 2009.1118.1259.23275)
CCC Help Dutch (Version: 2009.1118.1259.23275)
CCC Help English (Version: 2009.1118.1259.23275)
CCC Help Finnish (Version: 2009.1118.1259.23275)
CCC Help French (Version: 2009.1118.1259.23275)
CCC Help German (Version: 2009.1118.1259.23275)
CCC Help Italian (Version: 2009.1118.1259.23275)
CCC Help Japanese (Version: 2009.1118.1259.23275)
CCC Help Korean (Version: 2009.1118.1259.23275)
CCC Help Norwegian (Version: 2009.1118.1259.23275)
CCC Help Portuguese (Version: 2009.1118.1259.23275)
CCC Help Russian (Version: 2009.1118.1259.23275)
CCC Help Spanish (Version: 2009.1118.1259.23275)
CCC Help Swedish (Version: 2009.1118.1259.23275)
ccc-core-static (Version: 2009.1118.1260.23275)
ccc-utility64 (Version: 2009.1118.1260.23275)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Click to Call with Skype (Version: 5.6.8153)
Cozi (Version: 1.0.4323.24051)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup - Support Software (Version: 9.4.60)
Dell DataSafe Local Backup (Version: 9.4.60)
Dell DataSafe Online (Version: 1.2.0011)
Dell Dock (Version: 2.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Touchpad (Version: 14.0.2.0)
Dell Webcam Central (Version: 1.40.05)
DirectVobSub 2.40.3093 x86 (Version: 2.40.3093)
DW WLAN Card Utility (Version: 5.60.48.18)
ESET Online Scanner v3
F.lux
File Shredder 2.0
Fotosizer 1.34 (Version: 1.34)
Google Chrome (Version: 27.0.1453.116)
Google Talk Plugin (Version: 4.1.3.13728)
Intel® Management Engine Components (Version: 6.0.0.1179)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 22 (Version: 6.0.220)
JMP 5.1
Junk Mail filter update (Version: 15.4.3502.0922)
KeePass Password Safe 1.18 (Version: 1.18)
LAME v3.99.3 (for Windows)
LIMBO Demo
Live! Cam Avatar Creator (Version: 4.6.3009.1)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mathematica Extras 8.0 (2077975) (Version: 8.0.1)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010 (Version: 14.0.6029.1000)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
My Dell (Version: 3.3.6261.27)
Portal 2
PowerDVD DX (Version: 8.3.6029)
Presto! PageManager 7.15.14 (Version: 7.15.14E)
progeCAD 2011 Professional (Version: 11.0.2.9)
Quake
Quickset64 (Version: 9.6.18)
QuickTime (Version: 7.74.80.86)
Rainmeter (Version: 2.2 r1116)
Roxio Burn (Version: 1.01)
Skins (Version: 2009.1118.1260.23275)
Steam (Version: 1.0.0.0)
SUPERAntiSpyware (Version: 5.6.1020)
swMSM (Version: 12.0.0.1)
System Requirements Lab CYRI (Version: 4.4.26.0)
Team Fortress Classic
TrueCrypt (Version: 7.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VLC media player 1.1.9 (Version: 1.1.9)
WildTangent Games (Version: 1.0.0.71)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Wolfram CDF Player (M-WIN-D 8.0.1 2078140) (Version: 8.0.1)

**** End of log ****
 



#14 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:03 PM

Posted 03 July 2013 - 07:09 AM

[8F558EB6672622401DA993E1E865C861] is the MD5 ID related to the selected item
I found a 2011/07/23  check from VirScan that listed it as most likely Malware

 

Also just found another that lists it as 20% chance of Malware -

 

Rerun and select Option > Quarantine -
 



#15 DeanEx

DeanEx
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 03 July 2013 - 07:20 AM

OK.  I will do that when I get home tonight.  I have to go to work.  

 

Thanks,

Dean






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users