Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware relaunching after removal


  • Please log in to reply
8 replies to this topic

#1 ari7

ari7

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 30 August 2013 - 07:27 AM

Hello.

Thank you for looking at my logs for advice on malware removal and how to protect my computer. Advertising and banners keep launching when I open my browser. Removed with malware bytes about 30 objects and computer worked fine for a few days then popups and ads and banners began appearing when launching a news article on my IE homepage, Sydney MOrning Herald newspaper. WHen the unwanted ads, warnings about my computer being compromised begin popping up and flashing my computer slows.

 

Please advise what I can do to repair fully. Thank you Ari.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:57 PM

Posted 04 September 2013 - 07:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/506119 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ari7

ari7
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 04 September 2013 - 11:59 PM

Hello,

sorry for lateness in following up your earlier email. I am posting as instructed the log files for tdsskiller and aswMBR.

Thank you for your further assistance.

 

00:27:13.0745 0x0c54  TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29
00:27:15.0611 0x0c54  ============================================================
00:27:15.0611 0x0c54  Current date / time: 2013/09/05 00:27:15.0611
00:27:15.0611 0x0c54  SystemInfo:
00:27:15.0611 0x0c54 
00:27:15.0611 0x0c54  OS Version: 6.1.7601 ServicePack: 1.0
00:27:15.0611 0x0c54  Product type: Workstation
00:27:15.0611 0x0c54  ComputerName: KATHY-PC
00:27:15.0611 0x0c54  UserName: kathy
00:27:15.0611 0x0c54  Windows directory: C:\Windows
00:27:15.0611 0x0c54  System windows directory: C:\Windows
00:27:15.0611 0x0c54  Running under WOW64
00:27:15.0611 0x0c54  Processor architecture: Intel x64
00:27:15.0611 0x0c54  Number of processors: 8
00:27:15.0611 0x0c54  Page size: 0x1000
00:27:15.0611 0x0c54  Boot type: Normal boot
00:27:15.0611 0x0c54  ============================================================
00:27:16.0177 0x0c54  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:27:16.0193 0x0c54  ============================================================
00:27:16.0193 0x0c54  \Device\Harddisk0\DR0:
00:27:16.0193 0x0c54  MBR partitions:
00:27:16.0193 0x0c54  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1B9F000
00:27:16.0193 0x0c54  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BB3000, BlocksNum 0x72B53000
00:27:16.0193 0x0c54  ============================================================
00:27:16.0209 0x0c54  C: <-> \Device\Harddisk0\DR0\Partition2
00:27:16.0209 0x0c54  ============================================================
00:27:16.0209 0x0c54  Initialize success
00:27:16.0209 0x0c54  ============================================================
00:27:47.0404 0x1f90  ============================================================
00:27:47.0404 0x1f90  Scan started
00:27:47.0404 0x1f90  Mode: Manual; SigCheck; TDLFS;
00:27:47.0404 0x1f90  ============================================================
00:27:47.0560 0x1f90  ================ Scan system memory ========================
00:27:47.0560 0x1f90  System memory - ok
00:27:47.0560 0x1f90  ================ Scan services =============================
00:27:47.0716 0x1f90  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:27:47.0825 0x1f90  1394ohci - ok
00:27:47.0887 0x1f90  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:27:47.0903 0x1f90  ACPI - ok
00:27:47.0918 0x1f90  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:27:47.0996 0x1f90  AcpiPmi - ok
00:27:48.0132 0x1f90  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:27:48.0149 0x1f90  AdobeARMservice - ok
00:27:48.0263 0x1f90  [ 86D0D87CB86588818805CF29E0CA14DF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:27:48.0323 0x1f90  AdobeFlashPlayerUpdateSvc - ok
00:27:48.0370 0x1f90  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:27:48.0401 0x1f90  adp94xx - ok
00:27:48.0416 0x1f90  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:27:48.0448 0x1f90  adpahci - ok
00:27:48.0448 0x1f90  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:27:48.0463 0x1f90  adpu320 - ok
00:27:48.0479 0x1f90  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:27:48.0666 0x1f90  AeLookupSvc - ok
00:27:48.0713 0x1f90  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
00:27:48.0775 0x1f90  AFD - ok
00:27:48.0806 0x1f90  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:27:48.0822 0x1f90  agp440 - ok
00:27:48.0869 0x1f90  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
00:27:48.0916 0x1f90  ALG - ok
00:27:48.0931 0x1f90  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:27:48.0947 0x1f90  aliide - ok
00:27:48.0978 0x1f90  [ 2AED9A422EA1574C7D7EF9359A417718 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:27:49.0072 0x1f90  AMD External Events Utility - ok
00:27:49.0118 0x1f90  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
00:27:49.0134 0x1f90  amdide - ok
00:27:49.0165 0x1f90  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
00:27:49.0181 0x1f90  AmdK8 - ok
00:27:49.0368 0x1f90  [ BFA5E854959D5546D8834CA61F4AD075 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:27:49.0602 0x1f90  amdkmdag - ok
00:27:49.0649 0x1f90  [ 92D664FFFCD9E742FB25254F7F458D88 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:27:49.0696 0x1f90  amdkmdap - ok
00:27:49.0727 0x1f90  [ 554FB0F28C411FB1EAFD4EA46A8CAAA4 ] amdkmpfd        C:\Windows\system32\DRIVERS\amdkmpfd.sys
00:27:49.0742 0x1f90  amdkmpfd - ok
00:27:49.0789 0x1f90  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
00:27:49.0820 0x1f90  AmdPPM - ok
00:27:49.0852 0x1f90  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:27:49.0867 0x1f90  amdsata - ok
00:27:49.0898 0x1f90  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:27:49.0914 0x1f90  amdsbs - ok
00:27:49.0930 0x1f90  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:27:49.0945 0x1f90  amdxata - ok
00:27:49.0976 0x1f90  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL          C:\Windows\system32\DRIVERS\AMPPAL.sys
00:27:50.0008 0x1f90  AMPPAL - ok
00:27:50.0023 0x1f90  [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP         C:\Windows\system32\DRIVERS\amppal.sys
00:27:50.0039 0x1f90  AMPPALP - ok
00:27:50.0129 0x1f90  [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3        C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
00:27:50.0154 0x1f90  AMPPALR3 - ok
00:27:50.0194 0x1f90  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
00:27:50.0329 0x1f90  AppID - ok
00:27:50.0345 0x1f90  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:27:50.0376 0x1f90  AppIDSvc - ok
00:27:50.0407 0x1f90  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
00:27:50.0454 0x1f90  Appinfo - ok
00:27:50.0548 0x1f90  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:27:50.0563 0x1f90  Apple Mobile Device - ok
00:27:50.0610 0x1f90  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\drivers\arc.sys
00:27:50.0626 0x1f90  arc - ok
00:27:50.0641 0x1f90  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:27:50.0657 0x1f90  arcsas - ok
00:27:50.0751 0x1f90  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:27:50.0766 0x1f90  aspnet_state - ok
00:27:50.0782 0x1f90  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:27:50.0844 0x1f90  AsyncMac - ok
00:27:50.0875 0x1f90  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
00:27:50.0891 0x1f90  atapi - ok
00:27:50.0938 0x1f90  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:27:50.0985 0x1f90  AudioEndpointBuilder - ok
00:27:51.0000 0x1f90  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:27:51.0031 0x1f90  AudioSrv - ok
00:27:51.0047 0x1f90  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:27:51.0112 0x1f90  AxInstSV - ok
00:27:51.0139 0x1f90  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:27:51.0183 0x1f90  b06bdrv - ok
00:27:51.0213 0x1f90  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:27:51.0255 0x1f90  b57nd60a - ok
00:27:51.0296 0x1f90  [ 87F3BCF82A63E900AF896CD930BF7E05 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:27:51.0316 0x1f90  BBSvc - ok
00:27:51.0333 0x1f90  [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:27:51.0341 0x1f90  BBUpdate - ok
00:27:51.0363 0x1f90  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:27:51.0410 0x1f90  BDESVC - ok
00:27:51.0425 0x1f90  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:27:51.0503 0x1f90  Beep - ok
00:27:51.0566 0x1f90  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
00:27:51.0628 0x1f90  BFE - ok
00:27:51.0659 0x1f90  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
00:27:51.0753 0x1f90  BITS - ok
00:27:51.0784 0x1f90  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:27:51.0800 0x1f90  blbdrive - ok
00:27:51.0878 0x1f90  [ A52EA1D8C2900055323C93DDB252A3DA ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
00:27:51.0909 0x1f90  Bluetooth Device Monitor - ok
00:27:51.0940 0x1f90  [ 091210450CA7CED08F360D9D7FEC5D11 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
00:27:51.0971 0x1f90  Bluetooth Media Service - ok
00:27:52.0002 0x1f90  [ 392450754E17FF778CBC5B9D20583AD1 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
00:27:52.0034 0x1f90  Bluetooth OBEX Service - ok
00:27:52.0085 0x1f90  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:27:52.0102 0x1f90  Bonjour Service - ok
00:27:52.0138 0x1f90  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:27:52.0181 0x1f90  bowser - ok
00:27:52.0214 0x1f90  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
00:27:52.0246 0x1f90  BrFiltLo - ok
00:27:52.0257 0x1f90  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
00:27:52.0267 0x1f90  BrFiltUp - ok
00:27:52.0305 0x1f90  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:27:52.0347 0x1f90  BridgeMP - ok
00:27:52.0364 0x1f90  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
00:27:52.0395 0x1f90  Browser - ok
00:27:52.0411 0x1f90  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:27:52.0473 0x1f90  Brserid - ok
00:27:52.0489 0x1f90  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:27:52.0504 0x1f90  BrSerWdm - ok
00:27:52.0536 0x1f90  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:27:52.0567 0x1f90  BrUsbMdm - ok
00:27:52.0582 0x1f90  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:27:52.0614 0x1f90  BrUsbSer - ok
00:27:52.0645 0x1f90  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
00:27:52.0676 0x1f90  BthEnum - ok
00:27:52.0707 0x1f90  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
00:27:52.0738 0x1f90  BTHMODEM - ok
00:27:52.0770 0x1f90  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
00:27:52.0816 0x1f90  BthPan - ok
00:27:52.0863 0x1f90  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
00:27:52.0910 0x1f90  BTHPORT - ok
00:27:52.0941 0x1f90  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
00:27:53.0004 0x1f90  bthserv - ok
00:27:53.0019 0x1f90  [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
00:27:53.0019 0x1f90  BTHSSecurityMgr - ok
00:27:53.0050 0x1f90  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
00:27:53.0066 0x1f90  BTHUSB - ok
00:27:53.0112 0x1f90  [ 988CC6CC49303665D3B2435C51505C3F ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
00:27:53.0162 0x1f90  btmaux - ok
00:27:53.0187 0x1f90  [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
00:27:53.0263 0x1f90  btmhsf - ok
00:27:53.0295 0x1f90  catchme - ok
00:27:53.0327 0x1f90  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:27:53.0383 0x1f90  cdfs - ok
00:27:53.0461 0x1f90  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:27:53.0492 0x1f90  cdrom - ok
00:27:53.0539 0x1f90  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
00:27:53.0601 0x1f90  CertPropSvc - ok
00:27:53.0617 0x1f90  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
00:27:53.0664 0x1f90  circlass - ok
00:27:53.0679 0x1f90  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
00:27:53.0710 0x1f90  CLFS - ok
00:27:53.0757 0x1f90  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:27:53.0773 0x1f90  clr_optimization_v2.0.50727_32 - ok
00:27:53.0804 0x1f90  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:27:53.0820 0x1f90  clr_optimization_v2.0.50727_64 - ok
00:27:53.0898 0x1f90  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:27:53.0913 0x1f90  clr_optimization_v4.0.30319_32 - ok
00:27:53.0929 0x1f90  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:27:53.0944 0x1f90  clr_optimization_v4.0.30319_64 - ok
00:27:53.0976 0x1f90  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:27:54.0007 0x1f90  CmBatt - ok
00:27:54.0022 0x1f90  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:27:54.0038 0x1f90  cmdide - ok
00:27:54.0094 0x1f90  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
00:27:54.0117 0x1f90  CNG - ok
00:27:54.0172 0x1f90  [ 97238AC8006C14EAF80E374D3B81C2B3 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
00:27:54.0204 0x1f90  CnxtHdAudService - ok
00:27:54.0245 0x1f90  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:27:54.0260 0x1f90  Compbatt - ok
00:27:54.0283 0x1f90  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
00:27:54.0317 0x1f90  CompositeBus - ok
00:27:54.0333 0x1f90  COMSysApp - ok
00:27:54.0403 0x1f90  [ B2EAE4CD1E2F338101D9D4AF39F3D4F3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
00:27:54.0449 0x1f90  cphs - ok
00:27:54.0481 0x1f90  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
00:27:54.0496 0x1f90  crcdisk - ok
00:27:54.0543 0x1f90  [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:27:54.0574 0x1f90  CryptSvc - ok
00:27:54.0606 0x1f90  [ BC3D4F90978CD7C8EABD1BAF3BF7873A ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
00:27:54.0668 0x1f90  CtClsFlt - ok
00:27:54.0715 0x1f90  [ C20E2A7A29F06A69C40E949255257B01 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
00:27:54.0746 0x1f90  ctxusbm - ok
00:27:54.0808 0x1f90  [ 9A59DF2CA690019FEA3B265D5A7EB619 ] CxUtilSvc       C:\Program Files\Conexant\SA3\CxUtilSvc.exe
00:27:54.0824 0x1f90  CxUtilSvc - ok
00:27:54.0871 0x1f90  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:27:54.0918 0x1f90  DcomLaunch - ok
00:27:54.0949 0x1f90  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
00:27:55.0011 0x1f90  defragsvc - ok
00:27:55.0011 0x1f90  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:27:55.0058 0x1f90  DfsC - ok
00:27:55.0074 0x1f90  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:27:55.0130 0x1f90  Dhcp - ok
00:27:55.0145 0x1f90  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
00:27:55.0199 0x1f90  discache - ok
00:27:55.0234 0x1f90  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
00:27:55.0242 0x1f90  Disk - ok
00:27:55.0268 0x1f90  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:27:55.0309 0x1f90  Dnscache - ok
00:27:55.0328 0x1f90  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:27:55.0381 0x1f90  dot3svc - ok
00:27:55.0412 0x1f90  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
00:27:55.0443 0x1f90  Dot4 - ok
00:27:55.0474 0x1f90  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
00:27:55.0506 0x1f90  Dot4Print - ok
00:27:55.0537 0x1f90  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
00:27:55.0568 0x1f90  dot4usb - ok
00:27:55.0584 0x1f90  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
00:27:55.0646 0x1f90  DPS - ok
00:27:55.0662 0x1f90  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:27:55.0693 0x1f90  drmkaud - ok
00:27:55.0724 0x1f90  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:27:55.0724 0x1f90  DXGKrnl - ok
00:27:55.0755 0x1f90  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
00:27:55.0802 0x1f90  EapHost - ok
00:27:55.0896 0x1f90  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:27:55.0989 0x1f90  ebdrv - ok
00:27:56.0005 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
00:27:56.0052 0x1f90  EFS - ok
00:27:56.0083 0x1f90  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:27:56.0147 0x1f90  ehRecvr - ok
00:27:56.0160 0x1f90  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
00:27:56.0181 0x1f90  ehSched - ok
00:27:56.0231 0x1f90  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
00:27:56.0257 0x1f90  elxstor - ok
00:27:56.0277 0x1f90  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:27:56.0294 0x1f90  ErrDev - ok
00:27:56.0327 0x1f90  [ 9F819F324CC4141FAFD5F44B0EAFB1C2 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
00:27:56.0344 0x1f90  ETD - ok
00:27:56.0377 0x1f90  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
00:27:56.0455 0x1f90  EventSystem - ok
00:27:56.0517 0x1f90  [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:27:56.0533 0x1f90  EvtEng - ok
00:27:56.0595 0x1f90  [ DA7CEF9FFBBD6498DF106BCAB84EB10A ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
00:27:56.0642 0x1f90  ewusbnet - ok
00:27:56.0673 0x1f90  [ E2CBB821C7CAE0EF8B56DE28ED85C740 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
00:27:56.0720 0x1f90  ew_hwusbdev - ok
00:27:56.0736 0x1f90  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
00:27:56.0783 0x1f90  exfat - ok
00:27:56.0829 0x1f90  [ 2C1D443E14F376E8331F52F135DCA9EF ] FACAP           C:\Windows\system32\DRIVERS\facap.sys
00:27:56.0845 0x1f90  FACAP - ok
00:27:56.0939 0x1f90  [ A363FF99DC160B7844A1C1E0D6CEBBE3 ] FAService       C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
00:27:57.0238 0x1f90  FAService ( UnsignedFile.Multi.Generic ) - warning
00:27:57.0238 0x1f90  FAService - detected UnsignedFile.Multi.Generic (1)
00:27:57.0264 0x1f90  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:27:57.0315 0x1f90  fastfat - ok
00:27:57.0371 0x1f90  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
00:27:57.0426 0x1f90  Fax - ok
00:27:57.0442 0x1f90  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\drivers\fdc.sys
00:27:57.0473 0x1f90  fdc - ok
00:27:57.0488 0x1f90  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:27:57.0535 0x1f90  fdPHost - ok
00:27:57.0551 0x1f90  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:27:57.0582 0x1f90  FDResPub - ok
00:27:57.0613 0x1f90  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:27:57.0613 0x1f90  FileInfo - ok
00:27:57.0629 0x1f90  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:27:57.0660 0x1f90  Filetrace - ok
00:27:57.0691 0x1f90  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
00:27:57.0707 0x1f90  flpydisk - ok
00:27:57.0722 0x1f90  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:27:57.0754 0x1f90  FltMgr - ok
00:27:57.0816 0x1f90  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
00:27:57.0894 0x1f90  FontCache - ok
00:27:57.0941 0x1f90  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:27:57.0956 0x1f90  FontCache3.0.0.0 - ok
00:27:57.0972 0x1f90  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:27:57.0988 0x1f90  FsDepends - ok
00:27:58.0003 0x1f90  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:27:58.0019 0x1f90  Fs_Rec - ok
00:27:58.0050 0x1f90  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:27:58.0081 0x1f90  fvevol - ok
00:27:58.0112 0x1f90  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:27:58.0140 0x1f90  gagp30kx - ok
00:27:58.0191 0x1f90  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:27:58.0208 0x1f90  GamesAppService - ok
00:27:58.0255 0x1f90  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:27:58.0267 0x1f90  GEARAspiWDM - ok
00:27:58.0302 0x1f90  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
00:27:58.0357 0x1f90  gpsvc - ok
00:27:58.0396 0x1f90  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:27:58.0396 0x1f90  gupdate - ok
00:27:58.0412 0x1f90  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:27:58.0427 0x1f90  gupdatem - ok
00:27:58.0490 0x1f90  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:27:58.0490 0x1f90  gusvc - ok
00:27:58.0521 0x1f90  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:27:58.0568 0x1f90  hcw85cir - ok
00:27:58.0599 0x1f90  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:27:58.0661 0x1f90  HdAudAddService - ok
00:27:58.0677 0x1f90  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
00:27:58.0708 0x1f90  HDAudBus - ok
00:27:58.0724 0x1f90  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
00:27:58.0755 0x1f90  HidBatt - ok
00:27:58.0786 0x1f90  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
00:27:58.0817 0x1f90  HidBth - ok
00:27:58.0833 0x1f90  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\drivers\hidir.sys
00:27:58.0848 0x1f90  HidIr - ok
00:27:58.0864 0x1f90  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
00:27:58.0895 0x1f90  hidserv - ok
00:27:58.0942 0x1f90  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:27:58.0942 0x1f90  HidUsb - ok
00:27:58.0958 0x1f90  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:27:59.0004 0x1f90  hkmsvc - ok
00:27:59.0036 0x1f90  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:27:59.0067 0x1f90  HomeGroupListener - ok
00:27:59.0098 0x1f90  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:27:59.0137 0x1f90  HomeGroupProvider - ok
00:27:59.0226 0x1f90  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
00:27:59.0239 0x1f90  hpqcxs08 - ok
00:27:59.0245 0x1f90  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
00:27:59.0251 0x1f90  hpqddsvc - ok
00:27:59.0284 0x1f90  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:27:59.0292 0x1f90  HpSAMD - ok
00:27:59.0372 0x1f90  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
00:27:59.0399 0x1f90  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
00:27:59.0399 0x1f90  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
00:27:59.0430 0x1f90  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:27:59.0477 0x1f90  HTTP - ok
00:27:59.0508 0x1f90  [ 6DBD08BC1331C78548298E82C4B667C5 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
00:27:59.0555 0x1f90  huawei_enumerator - ok
00:27:59.0602 0x1f90  [ 6E5CD3984742A922D0C183C7E82C3C94 ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:27:59.0633 0x1f90  hwdatacard - ok
00:27:59.0664 0x1f90  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:27:59.0680 0x1f90  hwpolicy - ok
00:27:59.0727 0x1f90  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
00:27:59.0742 0x1f90  i8042prt - ok
00:27:59.0789 0x1f90  [ C224331A54571C8C9162F7714400BBBD ] iaStor          C:\Windows\system32\drivers\iaStor.sys
00:27:59.0805 0x1f90  iaStor - ok
00:27:59.0867 0x1f90  [ 7D4B9A48430ED57ACA6373B71D5904CA ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:27:59.0883 0x1f90  IAStorDataMgrSvc - ok
00:27:59.0914 0x1f90  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:27:59.0945 0x1f90  iaStorV - ok
00:27:59.0976 0x1f90  [ 60CC7AE9AEDB4D1E7923BD053B176D97 ] ibtfltcoex      C:\Windows\system32\DRIVERS\iBtFltCoex.sys
00:28:00.0008 0x1f90  ibtfltcoex - ok
00:28:00.0054 0x1f90  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:28:00.0086 0x1f90  idsvc - ok
00:28:00.0168 0x1f90  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:28:00.0184 0x1f90  iirsp - ok
00:28:00.0245 0x1f90  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
00:28:00.0315 0x1f90  IKEEXT - ok
00:28:00.0358 0x1f90  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
00:28:00.0374 0x1f90  intaud_WaveExtensible - ok
00:28:00.0396 0x1f90  [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:28:00.0419 0x1f90  IntcDAud - ok
00:28:00.0466 0x1f90  [ 7C76466F4E0F76CE259C6005D161E9E8 ] Intel® Capability Licensing Service Interface c:\Program Files\Intel\iCLS Client\HeciServer.exe
00:28:01.0351 0x1f90  Intel® Capability Licensing Service Interface - ok
00:28:01.0401 0x1f90  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
00:28:01.0407 0x1f90  intelide - ok
00:28:01.0656 0x1f90  [ 11BA677667432A99CA261A472A2C29B8 ] intelkmd        C:\Windows\system32\DRIVERS\igdpmd64.sys
00:28:01.0984 0x1f90  intelkmd - ok
00:28:02.0015 0x1f90  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:28:02.0031 0x1f90  intelppm - ok
00:28:02.0062 0x1f90  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:28:02.0124 0x1f90  IPBusEnum - ok
00:28:02.0140 0x1f90  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:28:02.0155 0x1f90  IpFilterDriver - ok
00:28:02.0213 0x1f90  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:28:02.0266 0x1f90  iphlpsvc - ok
00:28:02.0285 0x1f90  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:28:02.0305 0x1f90  IPMIDRV - ok
00:28:02.0320 0x1f90  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:28:02.0390 0x1f90  IPNAT - ok
00:28:02.0446 0x1f90  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:28:02.0471 0x1f90  iPod Service - ok
00:28:02.0487 0x1f90  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:28:02.0518 0x1f90  IRENUM - ok
00:28:02.0533 0x1f90  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:28:02.0549 0x1f90  isapnp - ok
00:28:02.0565 0x1f90  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:28:02.0580 0x1f90  iScsiPrt - ok
00:28:02.0611 0x1f90  [ 6BCEF45131C8B8E1C558BE540B190B3C ] iusb3hcs        C:\Windows\system32\drivers\iusb3hcs.sys
00:28:02.0627 0x1f90  iusb3hcs - ok
00:28:02.0643 0x1f90  [ F080EADA8715F811B58BD35BB774F2F9 ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
00:28:02.0658 0x1f90  iusb3hub - ok
00:28:02.0705 0x1f90  [ 0F1756D9396740F053221FA6260FCE66 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
00:28:02.0736 0x1f90  iusb3xhc - ok
00:28:02.0767 0x1f90  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
00:28:02.0767 0x1f90  iwdbus - ok
00:28:02.0814 0x1f90  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
00:28:02.0830 0x1f90  kbdclass - ok
00:28:02.0861 0x1f90  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
00:28:02.0892 0x1f90  kbdhid - ok
00:28:02.0908 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
00:28:02.0923 0x1f90  KeyIso - ok
00:28:02.0955 0x1f90  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:28:02.0955 0x1f90  KSecDD - ok
00:28:02.0970 0x1f90  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:28:02.0986 0x1f90  KSecPkg - ok
00:28:03.0017 0x1f90  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:28:03.0064 0x1f90  ksthunk - ok
00:28:03.0079 0x1f90  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:28:03.0157 0x1f90  KtmRm - ok
00:28:03.0235 0x1f90  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:28:03.0286 0x1f90  LanmanServer - ok
00:28:03.0314 0x1f90  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:28:03.0360 0x1f90  LanmanWorkstation - ok
00:28:03.0393 0x1f90  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:28:03.0448 0x1f90  lltdio - ok
00:28:03.0473 0x1f90  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:28:03.0507 0x1f90  lltdsvc - ok
00:28:03.0523 0x1f90  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:28:03.0570 0x1f90  lmhosts - ok
00:28:03.0601 0x1f90  [ 5C08357C65F658E29B5DDC2EF18D575C ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:28:03.0617 0x1f90  LMS - ok
00:28:03.0663 0x1f90  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
00:28:03.0679 0x1f90  LSI_FC - ok
00:28:03.0710 0x1f90  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:28:03.0726 0x1f90  LSI_SAS - ok
00:28:03.0741 0x1f90  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:28:03.0757 0x1f90  LSI_SAS2 - ok
00:28:03.0757 0x1f90  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:28:03.0773 0x1f90  LSI_SCSI - ok
00:28:03.0788 0x1f90  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
00:28:03.0835 0x1f90  luafv - ok
00:28:03.0882 0x1f90  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:28:03.0897 0x1f90  MBAMProtector - ok
00:28:03.0975 0x1f90  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:28:04.0007 0x1f90  MBAMScheduler - ok
00:28:04.0022 0x1f90  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:28:04.0038 0x1f90  MBAMService - ok
00:28:04.0069 0x1f90  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:28:04.0100 0x1f90  Mcx2Svc - ok
00:28:04.0116 0x1f90  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:28:04.0131 0x1f90  megasas - ok
00:28:04.0178 0x1f90  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:28:04.0194 0x1f90  MegaSR - ok
00:28:04.0240 0x1f90  [ 6B01B7414A105B9E51652089A03027CF ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
00:28:04.0247 0x1f90  MEIx64 - ok
00:28:04.0330 0x1f90  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:28:04.0344 0x1f90  Microsoft Office Groove Audit Service - ok
00:28:04.0370 0x1f90  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
00:28:04.0434 0x1f90  MMCSS - ok
00:28:04.0462 0x1f90  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
00:28:04.0525 0x1f90  Modem - ok
00:28:04.0541 0x1f90  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:28:04.0572 0x1f90  monitor - ok
00:28:04.0619 0x1f90  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:28:04.0634 0x1f90  mouclass - ok
00:28:04.0650 0x1f90  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\drivers\mouhid.sys
00:28:04.0681 0x1f90  mouhid - ok
00:28:04.0697 0x1f90  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:28:04.0712 0x1f90  mountmgr - ok
00:28:04.0775 0x1f90  [ FC1D590039EF06A381768710E6C07E75 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
00:28:04.0790 0x1f90  MpFilter - ok
00:28:04.0806 0x1f90  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:28:04.0822 0x1f90  mpio - ok
00:28:04.0853 0x1f90  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:28:04.0884 0x1f90  mpsdrv - ok
00:28:04.0931 0x1f90  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:28:04.0978 0x1f90  MpsSvc - ok
00:28:04.0993 0x1f90  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:28:05.0009 0x1f90  MRxDAV - ok
00:28:05.0024 0x1f90  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:28:05.0056 0x1f90  mrxsmb - ok
00:28:05.0087 0x1f90  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:28:05.0102 0x1f90  mrxsmb10 - ok
00:28:05.0118 0x1f90  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:28:05.0134 0x1f90  mrxsmb20 - ok
00:28:05.0149 0x1f90  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:28:05.0165 0x1f90  msahci - ok
00:28:05.0196 0x1f90  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:28:05.0214 0x1f90  msdsm - ok
00:28:05.0240 0x1f90  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
00:28:05.0273 0x1f90  MSDTC - ok
00:28:05.0308 0x1f90  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:28:05.0341 0x1f90  Msfs - ok
00:28:05.0364 0x1f90  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:28:05.0402 0x1f90  mshidkmdf - ok
00:28:05.0423 0x1f90  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:28:05.0430 0x1f90  msisadrv - ok
00:28:05.0454 0x1f90  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:28:05.0495 0x1f90  MSiSCSI - ok
00:28:05.0495 0x1f90  msiserver - ok
00:28:05.0526 0x1f90  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:28:05.0573 0x1f90  MSKSSRV - ok
00:28:05.0620 0x1f90  [ FD909D744ACFCF61CAC3A77854F8B301 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:28:05.0651 0x1f90  MsMpSvc - ok
00:28:05.0682 0x1f90  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:28:05.0729 0x1f90  MSPCLOCK - ok
00:28:05.0729 0x1f90  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:28:05.0760 0x1f90  MSPQM - ok
00:28:05.0776 0x1f90  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:28:05.0792 0x1f90  MsRPC - ok
00:28:05.0807 0x1f90  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
00:28:05.0807 0x1f90  mssmbios - ok
00:28:05.0823 0x1f90  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:28:05.0870 0x1f90  MSTEE - ok
00:28:05.0885 0x1f90  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
00:28:05.0901 0x1f90  MTConfig - ok
00:28:05.0901 0x1f90  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
00:28:05.0916 0x1f90  Mup - ok
00:28:05.0932 0x1f90  [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:28:05.0932 0x1f90  MyWiFiDHCPDNS - ok
00:28:05.0963 0x1f90  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
00:28:06.0010 0x1f90  napagent - ok
00:28:06.0041 0x1f90  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:28:06.0088 0x1f90  NativeWifiP - ok
00:28:06.0182 0x1f90  [ 934BB0D23A25C8C136570800A5A149B6 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
00:28:06.0197 0x1f90  NAUpdate - ok
00:28:06.0255 0x1f90  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:28:06.0281 0x1f90  NDIS - ok
00:28:06.0322 0x1f90  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:28:06.0384 0x1f90  NdisCap - ok
00:28:06.0411 0x1f90  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:28:06.0436 0x1f90  NdisTapi - ok
00:28:06.0455 0x1f90  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:28:06.0480 0x1f90  Ndisuio - ok
00:28:06.0482 0x1f90  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:28:06.0513 0x1f90  NdisWan - ok
00:28:06.0529 0x1f90  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:28:06.0560 0x1f90  NDProxy - ok
00:28:06.0607 0x1f90  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
00:28:06.0622 0x1f90  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:28:06.0622 0x1f90  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:28:06.0638 0x1f90  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:28:06.0700 0x1f90  NetBIOS - ok
00:28:06.0716 0x1f90  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:28:06.0747 0x1f90  NetBT - ok
00:28:06.0763 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
00:28:06.0794 0x1f90  Netlogon - ok
00:28:06.0825 0x1f90  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
00:28:06.0872 0x1f90  Netman - ok
00:28:06.0919 0x1f90  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:28:06.0934 0x1f90  NetMsmqActivator - ok
00:28:06.0934 0x1f90  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:28:06.0950 0x1f90  NetPipeActivator - ok
00:28:06.0966 0x1f90  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
00:28:06.0997 0x1f90  netprofm - ok
00:28:07.0012 0x1f90  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:28:07.0012 0x1f90  NetTcpActivator - ok
00:28:07.0012 0x1f90  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:28:07.0028 0x1f90  NetTcpPortSharing - ok
00:28:07.0238 0x1f90  [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64        C:\Windows\system32\DRIVERS\NETwNs64.sys
00:28:07.0489 0x1f90  NETwNs64 - ok
00:28:07.0517 0x1f90  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:28:07.0533 0x1f90  nfrd960 - ok
00:28:07.0595 0x1f90  [ 8FB3C853E886E1E4D57271672486111C ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:28:07.0611 0x1f90  NisDrv - ok
00:28:07.0627 0x1f90  [ EC445A9F0FB52E5F467C156FFF6F6D93 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
00:28:07.0658 0x1f90  NisSrv - ok
00:28:07.0673 0x1f90  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:28:07.0720 0x1f90  NlaSvc - ok
00:28:07.0814 0x1f90  [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
00:28:07.0892 0x1f90  NOBU - ok
00:28:07.0923 0x1f90  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:28:07.0954 0x1f90  Npfs - ok
00:28:07.0970 0x1f90  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
00:28:08.0032 0x1f90  nsi - ok
00:28:08.0048 0x1f90  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:28:08.0079 0x1f90  nsiproxy - ok
00:28:08.0126 0x1f90  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:28:08.0188 0x1f90  Ntfs - ok
00:28:08.0204 0x1f90  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
00:28:08.0253 0x1f90  Null - ok
00:28:08.0268 0x1f90  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:28:08.0277 0x1f90  nvraid - ok
00:28:08.0286 0x1f90  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:28:08.0295 0x1f90  nvstor - ok
00:28:08.0316 0x1f90  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:28:08.0325 0x1f90  nv_agp - ok
00:28:08.0374 0x1f90  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:28:08.0394 0x1f90  odserv - ok
00:28:08.0421 0x1f90  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:28:08.0441 0x1f90  ohci1394 - ok
00:28:08.0474 0x1f90  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:28:08.0486 0x1f90  ose - ok
00:28:08.0507 0x1f90  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:28:08.0554 0x1f90  p2pimsvc - ok
00:28:08.0585 0x1f90  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
00:28:08.0616 0x1f90  p2psvc - ok
00:28:08.0632 0x1f90  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\drivers\parport.sys
00:28:08.0647 0x1f90  Parport - ok
00:28:08.0663 0x1f90  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:28:08.0679 0x1f90  partmgr - ok
00:28:08.0710 0x1f90  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:28:08.0741 0x1f90  PcaSvc - ok
00:28:08.0772 0x1f90  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
00:28:08.0788 0x1f90  pci - ok
00:28:08.0819 0x1f90  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
00:28:08.0835 0x1f90  pciide - ok
00:28:08.0866 0x1f90  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:28:08.0881 0x1f90  pcmcia - ok
00:28:08.0897 0x1f90  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:28:08.0913 0x1f90  pcw - ok
00:28:08.0928 0x1f90  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:28:09.0006 0x1f90  PEAUTH - ok
00:28:09.0069 0x1f90  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:28:09.0100 0x1f90  PerfHost - ok
00:28:09.0162 0x1f90  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
00:28:09.0240 0x1f90  pla - ok
00:28:09.0293 0x1f90  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:28:09.0341 0x1f90  PlugPlay - ok
00:28:09.0396 0x1f90  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
00:28:09.0419 0x1f90  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:28:09.0419 0x1f90  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:28:09.0446 0x1f90  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:28:09.0474 0x1f90  PNRPAutoReg - ok
00:28:09.0494 0x1f90  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:28:09.0517 0x1f90  PNRPsvc - ok
00:28:09.0539 0x1f90  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:28:09.0589 0x1f90  PolicyAgent - ok
00:28:09.0620 0x1f90  [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power           C:\Windows\system32\umpo.dll
00:28:09.0667 0x1f90  Power - ok
00:28:09.0698 0x1f90  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:28:09.0776 0x1f90  PptpMiniport - ok
00:28:09.0792 0x1f90  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\drivers\processr.sys
00:28:09.0823 0x1f90  Processor - ok
00:28:09.0854 0x1f90  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
00:28:09.0901 0x1f90  ProfSvc - ok
00:28:09.0917 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:28:09.0932 0x1f90  ProtectedStorage - ok
00:28:09.0948 0x1f90  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:28:10.0010 0x1f90  Psched - ok
00:28:10.0057 0x1f90  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
00:28:10.0104 0x1f90  ql2300 - ok
00:28:10.0120 0x1f90  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
00:28:10.0135 0x1f90  ql40xx - ok
00:28:10.0151 0x1f90  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
00:28:10.0166 0x1f90  QWAVE - ok
00:28:10.0182 0x1f90  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:28:10.0213 0x1f90  QWAVEdrv - ok
00:28:10.0213 0x1f90  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:28:10.0244 0x1f90  RasAcd - ok
00:28:10.0276 0x1f90  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:28:10.0291 0x1f90  RasAgileVpn - ok
00:28:10.0322 0x1f90  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
00:28:10.0354 0x1f90  RasAuto - ok
00:28:10.0385 0x1f90  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:28:10.0447 0x1f90  Rasl2tp - ok
00:28:10.0478 0x1f90  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
00:28:10.0525 0x1f90  RasMan - ok
00:28:10.0541 0x1f90  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:28:10.0572 0x1f90  RasPppoe - ok
00:28:10.0603 0x1f90  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:28:10.0666 0x1f90  RasSstp - ok
00:28:10.0681 0x1f90  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:28:10.0728 0x1f90  rdbss - ok
00:28:10.0759 0x1f90  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
00:28:10.0759 0x1f90  rdpbus - ok
00:28:10.0775 0x1f90  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:28:10.0806 0x1f90  RDPCDD - ok
00:28:10.0806 0x1f90  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:28:10.0853 0x1f90  RDPENCDD - ok
00:28:10.0868 0x1f90  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:28:10.0884 0x1f90  RDPREFMP - ok
00:28:10.0915 0x1f90  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:28:10.0931 0x1f90  RDPWD - ok
00:28:10.0946 0x1f90  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:28:10.0962 0x1f90  rdyboost - ok
00:28:11.0024 0x1f90  [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:28:11.0040 0x1f90  RegSrvc - ok
00:28:11.0071 0x1f90  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:28:11.0118 0x1f90  RemoteAccess - ok
00:28:11.0134 0x1f90  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:28:11.0165 0x1f90  RemoteRegistry - ok
00:28:11.0196 0x1f90  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
00:28:11.0227 0x1f90  RFCOMM - ok
00:28:11.0243 0x1f90  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:28:11.0308 0x1f90  RpcEptMapper - ok
00:28:11.0326 0x1f90  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
00:28:11.0335 0x1f90  RpcLocator - ok
00:28:11.0353 0x1f90  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
00:28:11.0382 0x1f90  RpcSs - ok
00:28:11.0413 0x1f90  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:28:11.0455 0x1f90  rspndr - ok
00:28:11.0470 0x1f90  [ 40817D2DA49866C55781DB7601ABCEC1 ] RSUSBVSTOR      C:\Windows\system32\Drivers\RTSUVSTOR.sys
00:28:11.0478 0x1f90  RSUSBVSTOR - ok
00:28:11.0507 0x1f90  [ 7F4F11527AF5A7E4526CB6A146B3E40C ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
00:28:11.0530 0x1f90  RTL8167 - ok
00:28:11.0563 0x1f90  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
00:28:11.0578 0x1f90  s0016bus - ok
00:28:11.0609 0x1f90  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
00:28:11.0625 0x1f90  s0016mdfl - ok
00:28:11.0641 0x1f90  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
00:28:11.0656 0x1f90  s0016mdm - ok
00:28:11.0672 0x1f90  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
00:28:11.0687 0x1f90  s0016mgmt - ok
00:28:11.0719 0x1f90  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
00:28:11.0734 0x1f90  s0016nd5 - ok
00:28:11.0750 0x1f90  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
00:28:11.0765 0x1f90  s0016obex - ok
00:28:11.0812 0x1f90  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
00:28:11.0828 0x1f90  s0016unic - ok
00:28:11.0843 0x1f90  [ 3B50C84F0A19944E9BCC48EF90E4C237 ] s616bus         C:\Windows\system32\DRIVERS\s616bus.sys
00:28:11.0859 0x1f90  s616bus - ok
00:28:11.0875 0x1f90  [ B3B6D1AABC5E4CED79A64EDD6895D6B8 ] s616mdfl        C:\Windows\system32\DRIVERS\s616mdfl.sys
00:28:11.0890 0x1f90  s616mdfl - ok
00:28:11.0921 0x1f90  [ AACA98666648A8C846E8FF57342266E6 ] s616mdm         C:\Windows\system32\DRIVERS\s616mdm.sys
00:28:11.0937 0x1f90  s616mdm - ok
00:28:11.0953 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
00:28:11.0968 0x1f90  SamSs - ok
00:28:11.0984 0x1f90  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:28:11.0999 0x1f90  sbp2port - ok
00:28:12.0031 0x1f90  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:28:12.0093 0x1f90  SCardSvr - ok
00:28:12.0109 0x1f90  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:28:12.0171 0x1f90  scfilter - ok
00:28:12.0187 0x1f90  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
00:28:12.0249 0x1f90  Schedule - ok
00:28:12.0265 0x1f90  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:28:12.0280 0x1f90  SCPolicySvc - ok
00:28:12.0307 0x1f90  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:28:12.0334 0x1f90  SDRSVC - ok
00:28:12.0365 0x1f90  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:28:12.0427 0x1f90  secdrv - ok
00:28:12.0453 0x1f90  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
00:28:12.0477 0x1f90  seclogon - ok
00:28:12.0481 0x1f90  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
00:28:12.0520 0x1f90  SENS - ok
00:28:12.0536 0x1f90  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:28:12.0566 0x1f90  SensrSvc - ok
00:28:12.0613 0x1f90  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\drivers\serenum.sys
00:28:12.0644 0x1f90  Serenum - ok
00:28:12.0675 0x1f90  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
00:28:12.0706 0x1f90  Serial - ok
00:28:12.0722 0x1f90  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
00:28:12.0737 0x1f90  sermouse - ok
00:28:12.0769 0x1f90  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
00:28:12.0831 0x1f90  SessionEnv - ok
00:28:12.0847 0x1f90  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
00:28:12.0878 0x1f90  sffdisk - ok
00:28:12.0878 0x1f90  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:28:12.0893 0x1f90  sffp_mmc - ok
00:28:12.0909 0x1f90  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
00:28:12.0925 0x1f90  sffp_sd - ok
00:28:12.0940 0x1f90  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:28:12.0956 0x1f90  sfloppy - ok
00:28:13.0065 0x1f90  [ 4215C271D6E6898C3F4DABAB4F387DC9 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
00:28:13.0081 0x1f90  SftService - ok
00:28:13.0112 0x1f90  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:28:13.0143 0x1f90  SharedAccess - ok
00:28:13.0159 0x1f90  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:28:13.0237 0x1f90  ShellHWDetection - ok
00:28:13.0268 0x1f90  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:28:13.0283 0x1f90  SiSRaid2 - ok
00:28:13.0308 0x1f90  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:28:13.0325 0x1f90  SiSRaid4 - ok
00:28:13.0385 0x1f90  [ 2F5AF9D91D51E832773D4A9EAF65CB33 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:28:13.0401 0x1f90  SkypeUpdate - ok
00:28:13.0437 0x1f90  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:28:13.0474 0x1f90  Smb - ok
00:28:13.0516 0x1f90  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:28:13.0550 0x1f90  SNMPTRAP - ok
00:28:13.0615 0x1f90  [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
00:28:13.0677 0x1f90  Sony PC Companion - ok
00:28:13.0693 0x1f90  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:28:13.0708 0x1f90  spldr - ok
00:28:13.0740 0x1f90  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
00:28:13.0771 0x1f90  Spooler - ok
00:28:13.0849 0x1f90  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
00:28:13.0958 0x1f90  sppsvc - ok
00:28:13.0974 0x1f90  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:28:14.0005 0x1f90  sppuinotify - ok
00:28:14.0020 0x1f90  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:28:14.0067 0x1f90  srv - ok
00:28:14.0098 0x1f90  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:28:14.0130 0x1f90  srv2 - ok
00:28:14.0145 0x1f90  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:28:14.0161 0x1f90  srvnet - ok
00:28:14.0192 0x1f90  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:28:14.0239 0x1f90  SSDPSRV - ok
00:28:14.0239 0x1f90  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:28:14.0270 0x1f90  SstpSvc - ok
00:28:14.0286 0x1f90  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:28:14.0286 0x1f90  stexstor - ok
00:28:14.0301 0x1f90  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:28:14.0317 0x1f90  StillCam - ok
00:28:14.0332 0x1f90  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
00:28:14.0364 0x1f90  stisvc - ok
00:28:14.0379 0x1f90  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
00:28:14.0379 0x1f90  swenum - ok
00:28:14.0410 0x1f90  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
00:28:14.0488 0x1f90  swprv - ok
00:28:14.0535 0x1f90  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
00:28:14.0644 0x1f90  SysMain - ok
00:28:14.0660 0x1f90  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:28:14.0676 0x1f90  TabletInputService - ok
00:28:14.0691 0x1f90  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:28:14.0754 0x1f90  TapiSrv - ok
00:28:14.0769 0x1f90  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
00:28:14.0785 0x1f90  TBS - ok
00:28:14.0863 0x1f90  [ DB74544B75566C974815E79A62433F29 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:28:14.0941 0x1f90  Tcpip - ok
00:28:14.0988 0x1f90  [ DB74544B75566C974815E79A62433F29 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:28:15.0019 0x1f90  TCPIP6 - ok
00:28:15.0050 0x1f90  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:28:15.0066 0x1f90  tcpipreg - ok
00:28:15.0081 0x1f90  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:28:15.0112 0x1f90  TDPIPE - ok
00:28:15.0128 0x1f90  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:28:15.0159 0x1f90  TDTCP - ok
00:28:15.0175 0x1f90  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:28:15.0206 0x1f90  tdx - ok
00:28:15.0237 0x1f90  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
00:28:15.0237 0x1f90  TermDD - ok
00:28:15.0268 0x1f90  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
00:28:15.0331 0x1f90  TermService - ok
00:28:15.0346 0x1f90  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
00:28:15.0362 0x1f90  Themes - ok
00:28:15.0378 0x1f90  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
00:28:15.0409 0x1f90  THREADORDER - ok
00:28:15.0471 0x1f90  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
00:28:15.0502 0x1f90  TrkWks - ok
00:28:15.0549 0x1f90  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:28:15.0565 0x1f90  TrustedInstaller - ok
00:28:15.0596 0x1f90  [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:28:15.0627 0x1f90  tssecsrv - ok
00:28:15.0674 0x1f90  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:28:15.0705 0x1f90  TsUsbFlt - ok
00:28:15.0721 0x1f90  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
00:28:15.0736 0x1f90  TsUsbGD - ok
00:28:15.0783 0x1f90  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:28:15.0830 0x1f90  tunnel - ok
00:28:15.0861 0x1f90  [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB          C:\Windows\system32\DRIVERS\TurboB.sys
00:28:15.0877 0x1f90  TurboB - ok
00:28:15.0908 0x1f90  [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost      C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:28:15.0924 0x1f90  TurboBoost - ok
00:28:15.0939 0x1f90  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:28:15.0970 0x1f90  uagp35 - ok
00:28:15.0986 0x1f90  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:28:16.0048 0x1f90  udfs - ok
00:28:16.0064 0x1f90  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:28:16.0080 0x1f90  UI0Detect - ok
00:28:16.0095 0x1f90  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:28:16.0111 0x1f90  uliagpkx - ok
00:28:16.0126 0x1f90  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
00:28:16.0158 0x1f90  umbus - ok
00:28:16.0173 0x1f90  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
00:28:16.0204 0x1f90  UmPass - ok
00:28:16.0282 0x1f90  [ 0DFC9713D117B349E41A2A477448107A ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:28:16.0298 0x1f90  UNS - ok
00:28:16.0329 0x1f90  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
00:28:16.0386 0x1f90  upnphost - ok
00:28:16.0441 0x1f90  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:28:16.0463 0x1f90  USBAAPL64 - ok
00:28:16.0504 0x1f90  [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:28:16.0544 0x1f90  usbccgp - ok
00:28:16.0575 0x1f90  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:28:16.0599 0x1f90  usbcir - ok
00:28:16.0622 0x1f90  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:28:16.0641 0x1f90  usbehci - ok
00:28:16.0688 0x1f90  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:28:16.0719 0x1f90  usbhub - ok
00:28:16.0735 0x1f90  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:28:16.0766 0x1f90  usbohci - ok
00:28:16.0797 0x1f90  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:28:16.0844 0x1f90  usbprint - ok
00:28:16.0875 0x1f90  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:28:16.0875 0x1f90  usbscan - ok
00:28:16.0891 0x1f90  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:28:16.0922 0x1f90  USBSTOR - ok
00:28:16.0953 0x1f90  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
00:28:16.0984 0x1f90  usbuhci - ok
00:28:17.0015 0x1f90  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
00:28:17.0047 0x1f90  usbvideo - ok
00:28:17.0062 0x1f90  [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
00:28:17.0078 0x1f90  usb_rndisx - ok
00:28:17.0109 0x1f90  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
00:28:17.0187 0x1f90  UxSms - ok
00:28:17.0203 0x1f90  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
00:28:17.0203 0x1f90  VaultSvc - ok
00:28:17.0234 0x1f90  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:28:17.0234 0x1f90  vdrvroot - ok
00:28:17.0249 0x1f90  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
00:28:17.0296 0x1f90  vds - ok
00:28:17.0312 0x1f90  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:28:17.0312 0x1f90  vga - ok
00:28:17.0327 0x1f90  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:28:17.0359 0x1f90  VgaSave - ok
00:28:17.0376 0x1f90  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:28:17.0385 0x1f90  vhdmp - ok
00:28:17.0415 0x1f90  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:28:17.0428 0x1f90  viaide - ok
00:28:17.0452 0x1f90  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:28:17.0468 0x1f90  volmgr - ok
00:28:17.0491 0x1f90  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:28:17.0501 0x1f90  volmgrx - ok
00:28:17.0511 0x1f90  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:28:17.0520 0x1f90  volsnap - ok
00:28:17.0536 0x1f90  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:28:17.0544 0x1f90  vsmraid - ok
00:28:17.0583 0x1f90  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
00:28:17.0658 0x1f90  VSS - ok
00:28:17.0689 0x1f90  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:28:17.0705 0x1f90  vwifibus - ok
00:28:17.0736 0x1f90  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:28:17.0783 0x1f90  vwififlt - ok
00:28:17.0829 0x1f90  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:28:17.0845 0x1f90  vwifimp - ok
00:28:17.0876 0x1f90  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
00:28:17.0939 0x1f90  W32Time - ok
00:28:17.0954 0x1f90  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
00:28:17.0970 0x1f90  WacomPen - ok
00:28:18.0001 0x1f90  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:28:18.0048 0x1f90  WANARP - ok
00:28:18.0063 0x1f90  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:28:18.0079 0x1f90  Wanarpv6 - ok
00:28:18.0157 0x1f90  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:28:18.0219 0x1f90  WatAdminSvc - ok
00:28:18.0251 0x1f90  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
00:28:18.0313 0x1f90  wbengine - ok
00:28:18.0329 0x1f90  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:28:18.0344 0x1f90  WbioSrvc - ok
00:28:18.0360 0x1f90  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:28:18.0403 0x1f90  wcncsvc - ok
00:28:18.0419 0x1f90  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:28:18.0435 0x1f90  WcsPlugInService - ok
00:28:18.0462 0x1f90  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
00:28:18.0471 0x1f90  Wd - ok
00:28:18.0502 0x1f90  [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM         C:\Windows\system32\DRIVERS\wdcsam64.sys
00:28:18.0521 0x1f90  WDC_SAM - ok
00:28:18.0551 0x1f90  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:28:18.0589 0x1f90  Wdf01000 - ok
00:28:18.0613 0x1f90  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:28:18.0692 0x1f90  WdiServiceHost - ok
00:28:18.0692 0x1f90  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:28:18.0708 0x1f90  WdiSystemHost - ok
00:28:18.0723 0x1f90  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
00:28:18.0739 0x1f90  WebClient - ok
00:28:18.0770 0x1f90  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:28:18.0833 0x1f90  Wecsvc - ok
00:28:18.0833 0x1f90  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:28:18.0895 0x1f90  wercplsupport - ok
00:28:18.0926 0x1f90  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:28:18.0957 0x1f90  WerSvc - ok
00:28:18.0989 0x1f90  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:28:19.0004 0x1f90  WfpLwf - ok
00:28:19.0051 0x1f90  [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
00:28:19.0067 0x1f90  WimFltr - ok
00:28:19.0082 0x1f90  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:28:19.0082 0x1f90  WIMMount - ok
00:28:19.0113 0x1f90  WinDefend - ok
00:28:19.0113 0x1f90  WinHttpAutoProxySvc - ok
00:28:19.0176 0x1f90  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:28:19.0223 0x1f90  Winmgmt - ok
00:28:19.0254 0x1f90  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
00:28:19.0332 0x1f90  WinRM - ok
00:28:19.0363 0x1f90  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:28:19.0405 0x1f90  WinUsb - ok
00:28:19.0429 0x1f90  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:28:19.0465 0x1f90  Wlansvc - ok
00:28:19.0493 0x1f90  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:28:19.0507 0x1f90  wlcrasvc - ok
00:28:19.0598 0x1f90  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:28:19.0634 0x1f90  wlidsvc - ok
00:28:19.0648 0x1f90  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
00:28:19.0663 0x1f90  WmiAcpi - ok
00:28:19.0694 0x1f90  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:28:19.0726 0x1f90  wmiApSrv - ok
00:28:19.0757 0x1f90  WMPNetworkSvc - ok
00:28:19.0788 0x1f90  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:28:19.0819 0x1f90  WPCSvc - ok
00:28:19.0835 0x1f90  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:28:19.0866 0x1f90  WPDBusEnum - ok
00:28:19.0882 0x1f90  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:28:19.0913 0x1f90  ws2ifsl - ok
00:28:19.0928 0x1f90  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
00:28:19.0960 0x1f90  wscsvc - ok
00:28:19.0960 0x1f90  WSearch - ok
00:28:20.0038 0x1f90  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:28:20.0100 0x1f90  wuauserv - ok
00:28:20.0116 0x1f90  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:28:20.0178 0x1f90  WudfPf - ok
00:28:20.0194 0x1f90  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:28:20.0225 0x1f90  WUDFRd - ok
00:28:20.0256 0x1f90  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:28:20.0287 0x1f90  wudfsvc - ok
00:28:20.0303 0x1f90  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:28:20.0334 0x1f90  WwanSvc - ok
00:28:20.0391 0x1f90  [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
00:28:20.0412 0x1f90  ZeroConfigService - ok
00:28:20.0450 0x1f90  ================ Scan global ===============================
00:28:20.0476 0x1f90  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:28:20.0512 0x1f90  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:28:20.0524 0x1f90  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
00:28:20.0548 0x1f90  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:28:20.0578 0x1f90  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:28:20.0583 0x1f90  [Global] - ok
00:28:20.0584 0x1f90  ================ Scan MBR ==================================
00:28:20.0601 0x1f90  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
00:28:20.0915 0x1f90  \Device\Harddisk0\DR0 - ok
00:28:20.0915 0x1f90  ================ Scan VBR ==================================
00:28:20.0915 0x1f90  [ 207F8CB2B83DBCE4F7580B0DCCC88F19 ] \Device\Harddisk0\DR0\Partition1
00:28:20.0915 0x1f90  \Device\Harddisk0\DR0\Partition1 - ok
00:28:20.0946 0x1f90  [ 1C9C6E3738419C79648FDABE7D15EB4B ] \Device\Harddisk0\DR0\Partition2
00:28:20.0946 0x1f90  \Device\Harddisk0\DR0\Partition2 - ok
00:28:20.0946 0x1f90  ============================================================
00:28:20.0946 0x1f90  Scan finished
00:28:20.0946 0x1f90  ============================================================
00:28:20.0962 0x12a8  Detected object count: 4
00:28:20.0962 0x12a8  Actual detected object count: 4
00:30:08.0992 0x12a8  FAService ( UnsignedFile.Multi.Generic ) - skipped by user
00:30:08.0992 0x12a8  FAService ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:30:08.0992 0x12a8  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
00:30:08.0992 0x12a8  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:30:08.0992 0x12a8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:30:08.0992 0x12a8  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:30:08.0992 0x12a8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:30:08.0992 0x12a8  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:30:19.0631 0x147c  Deinitialize success
 

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-05 14:44:22
-----------------------------
14:44:22.334    OS Version: Windows x64 6.1.7601 Service Pack 1
14:44:22.334    Number of processors: 8 586 0x3A09
14:44:22.334    ComputerName: KATHY-PC  UserName: kathy
14:44:23.457    Initialize success
14:45:02.161    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:45:02.161    Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3
14:45:02.271    Disk 0 MBR read successfully
14:45:02.271    Disk 0 MBR scan
14:45:02.286    Disk 0 Windows VISTA default MBR code
14:45:02.286    Disk 0 Partition 1 00     DE Dell Utility DELL 4.1       39 MB offset 63
14:45:02.286    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        14142 MB offset 81920
14:45:02.302    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       939686 MB offset 29044736
14:45:02.427    Disk 0 scanning C:\Windows\system32\drivers
14:45:08.491    Service scanning
14:46:01.230    Modules scanning
14:46:01.230    Disk 0 trace - called modules:
14:46:01.246    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:46:01.262    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005afb790]
14:46:01.262    3 CLASSPNP.SYS[fffff88001d9c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006b73050]
14:46:01.277    Scan finished successfully
14:48:24.568    Disk 0 MBR has been saved successfully to "C:\Users\kathy\Desktop\MBR.dat"
14:48:24.568    The log file has been saved successfully to "C:\Users\kathy\Desktop\aswMBR.txt"

Thank you

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 05 September 2013 - 09:43 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: Turorial
Link 1
Link 2

IMPORTANT !!! Save ComboFix.exe to your Desktop

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe and follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note: Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#5 ari7

ari7
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 06 September 2013 - 11:14 AM

Hello,

I'm posting all logs as instructed. The only trouble I had was with RogueKiller. It downloaded and I got as far as run as administrator and then a RK quarantine file would save on my desktop with debug info. I never got to scan finished or delete. Scan was greyed out and on subsequent attempts the quarantine file would save on my desktop and that's it.

 

Thank you for your assistance; Ari

 

[00:00:0000] ***** Global Init *****
[00:00:0000] Has crashed before : 1
[00:00:0000] Create mutex : RogueKiller
[00:00:0015] Mutex Created : 0x258
[00:00:0015] Fill lists
 

 

 

# AdwCleaner v3.002 - Report created 07/09/2013 at 01:21:42
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kathy - KATHY-PC
# Running from : C:\Users\kathy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\53edcd8e16de540
Key Deleted : HKLM\SOFTWARE\53edcd8e16de540
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

*************************

AdwCleaner[R0].txt - [1602 octets] - [07/09/2013 01:06:31]
AdwCleaner[S0].txt - [1405 octets] - [07/09/2013 01:21:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1465 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by kathy on Sat 07/09/2013 at  1:32:53.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1496028657-4070073059-2549184218-1000\Software\SweetIM

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{49BAA5C9-3FEA-4C6C-B4CC-A6176B7EA195}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{551E850F-375E-4023-8F1A-07A6D6FECE08}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{5ED5F92E-EB03-4651-9A32-63AC56B3C4F2}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{66F6F3E7-D7F9-48A7-B20D-A67BF9AECAC9}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{75097894-0513-45D2-A055-C20472FDB8D7}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{81B9D67B-1747-4DD6-9ED3-DD2F4574DC69}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{86851F46-85DD-475F-A95C-F36D75B38B7C}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{A1790C0B-D0DA-4872-9F50-1C2AC867BF6B}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{D18CC432-E720-4119-9AEC-EF7FF790B632}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{F14AC1AA-5103-45B2-88B1-B6A90189EF9C}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/09/2013 at  1:39:28.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-09-06.01 - kathy 07/09/2013   1:58.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.6046.3851 [GMT 10:00]
Running from: c:\users\kathy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-06 to 2013-09-06  )))))))))))))))))))))))))))))))
.
.
2013-09-06 16:02 . 2013-09-06 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-06 15:32 . 2013-09-06 15:32 -------- d-----w- c:\windows\ERUNT
2013-09-06 15:23 . 2013-09-06 15:23 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{764177D3-5A21-49F2-97F4-588D7E46A96E}\offreg.dll
2013-09-06 15:06 . 2013-09-06 15:21 -------- d-----w- C:\AdwCleaner
2013-09-06 14:49 . 2013-09-06 14:49 965008 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113FCCC9-087E-459E-8C4A-142116B8C79E}\gapaengine.dll
2013-09-06 14:49 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{764177D3-5A21-49F2-97F4-588D7E46A96E}\mpengine.dll
2013-09-04 14:13 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 08:34 . 2013-08-23 08:33 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-20 08:46 . 2013-08-20 08:46 -------- d-----w- c:\users\kathy\AppData\Roaming\Malwarebytes
2013-08-20 08:46 . 2013-08-20 08:46 -------- d-----w- c:\programdata\Malwarebytes
2013-08-20 08:46 . 2013-08-27 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-20 08:46 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-18 11:05 . 2013-08-18 11:05 -------- d-----w- c:\users\kathy\AppData\Local\Programs
2013-08-17 12:00 . 2013-08-17 12:00 -------- d-----w- c:\users\kathy\AppData\Roaming\Python-Eggs
2013-08-17 12:00 . 2013-08-17 12:08 -------- d-----w- c:\users\kathy\AppData\Roaming\BitLord
2013-08-17 11:52 . 2013-08-18 11:04 -------- d-----w- c:\windows\SysWow64\Extensions
2013-08-17 11:52 . 2013-08-17 11:52 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-08-17 11:41 . 2013-08-17 11:45 -------- d-----w- c:\programdata\InstallMate
2013-08-17 11:26 . 2013-08-17 11:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-17 11:26 . 2013-08-17 11:26 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-15 09:24 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 09:23 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 09:23 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 09:23 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-15 09:23 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-15 09:23 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 09:23 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-15 09:23 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-15 09:23 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-15 09:23 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-15 09:23 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-15 09:23 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-15 09:23 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 09:23 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 04:45 . 2013-08-15 09:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-18 11:50 . 2013-06-18 11:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 11:50 . 2013-06-18 11:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem" [X]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-08-19 96240]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"FAStartup"="" [BU]
.
c:\users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-19 110592]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-08-19 16:34 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:33]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 01:05]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 01:05]
.
2013-09-06 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-24 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-01-17 2895656]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-09-08 1628288]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-19 440600]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.smh.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Dot_marks_the_spot Screen Saver - c:\windows\system32\DOT_MA~1.SCR
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07  02:03:51
ComboFix-quarantined-files.txt  2013-09-06 16:03
ComboFix2.txt  2013-08-27 10:17
.
Pre-Run: 906,400,047,104 bytes free
Post-Run: 906,331,754,496 bytes free
.
- - End Of File - - E3B95096820F6FE73541D6F82D3AAA4F
 

 



#6 ari7

ari7
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 06 September 2013 - 11:15 AM

Hello,

I'm posting all logs as instructed. The only trouble I had was with RogueKiller. It downloaded and I got as far as run as administrator and then a RK quarantine file would save on my desktop with debug info. I never got to scan finished or delete. Scan was greyed out and on subsequent attempts the quarantine file would save on my desktop and that's it.

 

Thank you for your assistance; Ari

 

[00:00:0000] ***** Global Init *****
[00:00:0000] Has crashed before : 1
[00:00:0000] Create mutex : RogueKiller
[00:00:0015] Mutex Created : 0x258
[00:00:0015] Fill lists
 

 

 

# AdwCleaner v3.002 - Report created 07/09/2013 at 01:21:42
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : kathy - KATHY-PC
# Running from : C:\Users\kathy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\53edcd8e16de540
Key Deleted : HKLM\SOFTWARE\53edcd8e16de540
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

*************************

AdwCleaner[R0].txt - [1602 octets] - [07/09/2013 01:06:31]
AdwCleaner[S0].txt - [1405 octets] - [07/09/2013 01:21:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1465 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by kathy on Sat 07/09/2013 at  1:32:53.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyrics_fan
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1496028657-4070073059-2549184218-1000\Software\SweetIM

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{49BAA5C9-3FEA-4C6C-B4CC-A6176B7EA195}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{551E850F-375E-4023-8F1A-07A6D6FECE08}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{5ED5F92E-EB03-4651-9A32-63AC56B3C4F2}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{66F6F3E7-D7F9-48A7-B20D-A67BF9AECAC9}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{75097894-0513-45D2-A055-C20472FDB8D7}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{81B9D67B-1747-4DD6-9ED3-DD2F4574DC69}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{86851F46-85DD-475F-A95C-F36D75B38B7C}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{A1790C0B-D0DA-4872-9F50-1C2AC867BF6B}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{D18CC432-E720-4119-9AEC-EF7FF790B632}
Successfully deleted: [Empty Folder] C:\Users\kathy\appdata\local\{F14AC1AA-5103-45B2-88B1-B6A90189EF9C}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/09/2013 at  1:39:28.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 13-09-06.01 - kathy 07/09/2013   1:58.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.6046.3851 [GMT 10:00]
Running from: c:\users\kathy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-06 to 2013-09-06  )))))))))))))))))))))))))))))))
.
.
2013-09-06 16:02 . 2013-09-06 16:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-06 15:32 . 2013-09-06 15:32 -------- d-----w- c:\windows\ERUNT
2013-09-06 15:23 . 2013-09-06 15:23 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{764177D3-5A21-49F2-97F4-588D7E46A96E}\offreg.dll
2013-09-06 15:06 . 2013-09-06 15:21 -------- d-----w- C:\AdwCleaner
2013-09-06 14:49 . 2013-09-06 14:49 965008 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113FCCC9-087E-459E-8C4A-142116B8C79E}\gapaengine.dll
2013-09-06 14:49 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{764177D3-5A21-49F2-97F4-588D7E46A96E}\mpengine.dll
2013-09-04 14:13 . 2013-08-06 08:58 9515512 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-08-23 08:34 . 2013-08-23 08:33 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-20 08:46 . 2013-08-20 08:46 -------- d-----w- c:\users\kathy\AppData\Roaming\Malwarebytes
2013-08-20 08:46 . 2013-08-20 08:46 -------- d-----w- c:\programdata\Malwarebytes
2013-08-20 08:46 . 2013-08-27 09:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-08-20 08:46 . 2013-04-04 04:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-18 11:05 . 2013-08-18 11:05 -------- d-----w- c:\users\kathy\AppData\Local\Programs
2013-08-17 12:00 . 2013-08-17 12:00 -------- d-----w- c:\users\kathy\AppData\Roaming\Python-Eggs
2013-08-17 12:00 . 2013-08-17 12:08 -------- d-----w- c:\users\kathy\AppData\Roaming\BitLord
2013-08-17 11:52 . 2013-08-18 11:04 -------- d-----w- c:\windows\SysWow64\Extensions
2013-08-17 11:52 . 2013-08-17 11:52 -------- d-----w- c:\windows\SysWow64\searchplugins
2013-08-17 11:41 . 2013-08-17 11:45 -------- d-----w- c:\programdata\InstallMate
2013-08-17 11:26 . 2013-08-17 11:26 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-08-17 11:26 . 2013-08-17 11:26 -------- d-----w- c:\program files\Microsoft Security Client
2013-08-15 09:24 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-15 09:23 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-15 09:23 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-15 09:23 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-15 09:23 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-15 09:23 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-15 09:23 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-15 09:23 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-15 09:23 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-15 09:23 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-15 09:23 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-15 09:23 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-15 09:23 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-15 09:23 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-09 04:45 . 2013-08-15 09:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-06-18 11:50 . 2013-06-18 11:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-18 11:50 . 2013-06-18 11:50 139616 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="c:\program files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem" [X]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
"MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2013-05-23 455608]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-23 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-08-19 96240]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-12-18 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-11-03 957440]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-12-14 383544]
"FAStartup"="" [BU]
.
c:\users\kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-30 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-19 110592]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-08-19 16:34 153584 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ    scecli FAPassSync
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys;c:\windows\SYSNATIVE\DRIVERS\facap.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys;c:\windows\SYSNATIVE\DRIVERS\s0016bus.sys [x]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdfl.sys [x]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mdm.sys [x]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s0016mgmt.sys [x]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s0016nd5.sys [x]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys;c:\windows\SYSNATIVE\DRIVERS\s0016obex.sys [x]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys;c:\windows\SYSNATIVE\DRIVERS\s0016unic.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 ETD;Dell Touchpad;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 16:33]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 01:05]
.
2013-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 01:05]
.
2013-09-06 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2013-02-24 15:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\kathy\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-01-17 2895656]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2011-09-08 1628288]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-02-17 177936]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2012-02-22 11406608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-19 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-19 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-19 440600]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-11-03 2190704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 1356240]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.smh.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = proxy.det.nsw.edu.au:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Dot_marks_the_spot Screen Saver - c:\windows\system32\DOT_MA~1.SCR
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07  02:03:51
ComboFix-quarantined-files.txt  2013-09-06 16:03
ComboFix2.txt  2013-08-27 10:17
.
Pre-Run: 906,400,047,104 bytes free
Post-Run: 906,331,754,496 bytes free
.
- - End Of File - - E3B95096820F6FE73541D6F82D3AAA4F
 

 



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 07 September 2013 - 07:17 AM

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.list]
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.
===

Please let me know what problem persists.

#8 ari7

ari7
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:57 AM

Posted 09 September 2013 - 04:55 PM

I will deal with any outstanding logs or follow up you may suggest tonight or tomorrow Autralian time when you have had a look at how my machine is looking. With thanks, sorry about confusion.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:57 PM

Posted 10 September 2013 - 08:33 AM

I do not see any malware in your logs.

If the problem persists execute the instructions in my post No 7.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users