Jump to content

Radiish

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Well, I did move all my stuff to an alternate user just in case and I deleted my old one. Now I did the scan from MalwareBytes. Nothing came up though. Here's the log: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Test :: HOMESERVER [limited] 6/26/2012 6:21:07 PM mbam-log-2012-06-26 (18-21-07).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 360222 Time elapsed: 51 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Should I still continue to the next step? It was a full scan too.
  2. I believe that when I switch user accounts on my computer, the threat doesn't affect the other accounts? I malware scanned while on the other user accounts for my computer and no malicious threats came up. Am I safe to use these other accounts? I don't use this computer for any financial or important things, only gaming.
  3. OTL logfile created on: 6/19/2012 8:50:19 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free 11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/18 23:07:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Downloads\OTL.exe PRC - [2012/06/11 15:11:43 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\alex\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2012/06/18 03:32:59 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1cb5f5d54ef9b24b90a51b006181fe71\IAStorUtil.ni.dll MOD - [2012/06/18 03:29:02 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/18 03:28:55 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll MOD - [2012/05/10 21:26:16 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll MOD - [2012/05/10 20:58:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 20:58:00 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/05/10 20:57:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/05/10 20:57:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/05/10 20:57:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/05/10 20:56:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/09/15 20:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel® SRV:64bit: - [2011/09/15 20:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011/09/15 20:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel® SRV:64bit: - [2011/09/15 11:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth® SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel® SRV:64bit: - [2010/11/11 16:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2010/11/11 16:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2010/11/11 15:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/04/27 11:27:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery) SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/18 04:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB) DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci) DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3) DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex) DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio) DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel® DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel® DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/02 17:16:19 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC) O4:64bit: - HKLM..\RunOnce: [*Restore] C:\windows\SysNative\rstrui.exe (Microsoft Corporation) ??? <moderator highlight> O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E61C7727-9135-4FA6-A469-5E0F8D1A2667}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F10BFBDE-BDBA-4FB4-8492-A45048F6E38E}: DhcpNameServer = 192.168.0.141 12.127.16.67 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/18 22:21:48 | 000,000,000 | ---D | C] -- C:\ARK [2012/06/18 22:12:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT [2012/06/18 22:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2012/06/18 22:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2012/06/18 03:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/06/18 03:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/06/18 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/06/18 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/06/18 03:00:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/06/18 03:00:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/06/18 03:00:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/06/18 03:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/06/18 03:00:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/06/18 03:00:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/06/18 03:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/06/18 03:00:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/06/18 03:00:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/06/18 01:30:59 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\jagexcache [2012/06/18 01:30:12 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\EpicBot [2012/06/17 23:14:22 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\Vindictus [2012/06/17 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\Malwarebytes [2012/06/17 22:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/17 22:53:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/06/17 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/17 22:17:34 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll [2012/06/17 22:17:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll [2012/06/17 22:16:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll [2012/06/17 22:16:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll [2012/06/17 22:16:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe [2012/06/17 22:16:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe [2012/06/17 22:16:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe [2012/06/17 22:16:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe [2012/06/17 22:16:02 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll [2012/06/17 22:15:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll [2012/06/17 20:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft [2012/06/17 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared [2012/06/17 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus [2012/06/17 10:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012/06/14 03:38:21 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\Google [2012/06/14 03:38:19 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\CRE [2012/06/08 16:56:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/06/08 16:56:37 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/06/08 16:56:37 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/06/08 16:56:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/06/08 16:56:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/06/08 16:56:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/06/08 16:56:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/06/08 16:56:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe [2012/06/06 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\ElevatedDiagnostics [2012/06/03 22:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/06/03 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/03 22:58:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll [2012/06/03 22:58:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe [2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012/06/03 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012/05/25 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2 ========== Files - Modified Within 30 Days ========== [2012/06/19 20:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/06/19 19:59:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009UA.job [2012/06/19 18:06:23 | 002,248,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/06/19 18:06:23 | 000,769,264 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/06/19 18:06:23 | 000,509,124 | ---- | M] () -- C:\windows\SysNative\prfh0404.dat [2012/06/19 18:06:23 | 000,492,022 | ---- | M] () -- C:\windows\SysNative\prfh0804.dat [2012/06/19 18:06:23 | 000,165,854 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/06/19 18:06:23 | 000,163,714 | ---- | M] () -- C:\windows\SysNative\prfc0804.dat [2012/06/19 18:06:23 | 000,158,800 | ---- | M] () -- C:\windows\SysNative\prfc0404.dat [2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job [2012/06/19 18:04:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/06/18 22:17:42 | 000,000,512 | ---- | M] () -- C:\Users\yuantaoli\Desktop\MBR.dat [2012/06/18 22:11:39 | 000,000,935 | ---- | M] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk [2012/06/18 22:11:39 | 000,000,916 | ---- | M] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk [2012/06/18 21:59:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009Core.job [2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/18 17:12:24 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys [2012/06/18 03:27:09 | 000,418,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/06/18 01:30:59 | 000,000,048 | ---- | M] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat [2012/06/17 22:53:39 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe [2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe [2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll [2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe [2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll [2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll [2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll [2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll [2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll [2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe ========== Files Created - No Company Name ========== [2012/06/18 22:17:42 | 000,000,512 | ---- | C] () -- C:\Users\yuantaoli\Desktop\MBR.dat [2012/06/18 22:11:39 | 000,000,935 | ---- | C] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk [2012/06/18 22:11:39 | 000,000,916 | ---- | C] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk [2012/06/18 01:30:59 | 000,000,048 | ---- | C] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat [2012/06/17 22:53:39 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/31 20:33:27 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/01/31 20:33:27 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/01/31 20:33:26 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [2012/01/31 20:33:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/01/31 20:33:25 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012/01/31 19:07:28 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll [2012/01/31 19:02:34 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011/11/16 16:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini [2011/11/16 16:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini [2011/11/16 16:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini [2011/11/16 16:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini [2011/11/16 16:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini [2011/11/16 16:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini [2011/11/16 16:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini [2011/11/16 16:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini [2011/11/16 15:25:01 | 002,291,324 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll [2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll ========== LOP Check ========== [2012/05/10 23:57:04 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Dropbox [2012/04/13 22:55:17 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Leadertech [2012/05/18 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient [2012/05/25 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2 [2012/05/12 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\ooVoo Details [2012/05/07 16:49:49 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job [2009/07/14 01:08:49 | 000,012,930 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT [2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/19/2012 8:50:19 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free 11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1EDD092A-B2AC-4CA4-AD9A-B5C551D4E256}" = lport=57044 | protocol=6 | dir=in | name=pando media booster | "{3C346DE0-5F39-492D-875A-02EFEFAB1E04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{647F61C1-BD51-4328-B496-01DB7CC204D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{89EA3FCA-040A-4FD3-B3FA-A5422E021A68}" = lport=57044 | protocol=6 | dir=in | name=pando media booster | "{CE4B5B3B-2CE2-42EA-AAE7-6DA8155E80BB}" = lport=57044 | protocol=17 | dir=in | name=pando media booster | "{D0D4CD9A-1A90-4E7C-B80E-773920D5A227}" = lport=57044 | protocol=17 | dir=in | name=pando media booster | "{D28ADBA5-F423-40C0-8CE1-A6BFFBFAC6CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03DCD9AD-1EFD-416A-9162-45811EC2C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{0A02483D-EE21-4D34-A539-D2C29045E149}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{12653244-317A-4B8C-80E8-9B1B246F62E0}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{14A81F58-4A2B-4D50-A1F7-D19EEC628AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{1DAED06C-D67A-4644-BFDB-4FD5327C0598}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{20A3AAAA-E4D4-4385-B7B1-6ABA083DDFBA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{2392A503-7129-452A-A081-911F890EFC60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{2E237CFF-76A4-4ABA-ACAD-88D001B20565}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe | "{31619217-BDBC-4572-A71D-A520CF454D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{3A3161F4-23ED-4145-9232-079E0233DC0D}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe | "{4B2903F2-AF0A-4234-ACC8-1771AB85EFF8}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe | "{4BAB8250-75AB-40FB-8669-2E57682B8504}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{591C19BA-7B95-4B13-B01D-C51B28F0687B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{6CD49074-6A92-476B-BA69-EBC292B3A479}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{7144C8E2-4057-44BC-95C9-88FED728D28E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{7AEBB167-9306-4EE6-A1A9-5CDA815E9B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | "{804F7894-9243-4E24-8D22-54C0F5B7E199}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{8A3F1BAF-9510-401B-B01F-B09FD3719C8B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe | "{915E5F8E-B18C-459F-9F60-05311467EAA3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{B3C6CD17-3F0D-4722-AF2E-AF44856B20B5}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "{B74F2D77-30A1-41DC-90AE-086BBB1AA96B}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{BCCB16CE-07E9-4B73-ADA9-DF0734F74AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | "{BD5A373B-71B1-4393-97D9-1CEE3264B622}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe | "{E1670D38-BE75-4829-8153-4372905CD06C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{E1F1EAF1-93F6-4A83-8772-37496A03FC0C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | "{E5011B55-D104-40A6-B833-EEAEA15FA834}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{F9EDF161-3B0E-488E-9234-FD9AC6D98938}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{03501815-C6CA-4D6F-A56A-973BB5E35D37}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "TCP Query User{78C76519-18D9-4B36-AC77-453AE19817E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "TCP Query User{C583ABEC-69F1-4D86-9FFF-0180EA037A9A}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{20778B9C-8ABA-4505-8F39-FEF1EBDB4C15}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe | "UDP Query User{38E794EF-D6D3-4E36-A5C7-514D4210A4FF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe | "UDP Query User{4D2EA545-969F-47FD-B1F1-9CB09CFB3C0F}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64) "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{1330309E-64D3-43F4-AA18-BC856182B5DB}" = SQL Server 2008 R2 BI Development Studio "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64) "{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files "{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services "{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit) "{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display "{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel® PROSet/Wireless WiFi Software "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools "{312E8540-0799-45D5-A02E-DFB8FCA93CCA}" = SQL Server 2008 R2 BI Development Studio "{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client "{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files "{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio "{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 Integration Services "{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English) "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology "{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64) "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared "{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 Integration Services "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files "{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0 "{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64 "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU "{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1 "{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64) "{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services "{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Dell Support Center" = Dell Support Center "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1 "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Microsoft Security Client" = Microsoft Security Essentials "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit) "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "ProInst" = Intel PROSet Wireless "WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit) "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK "{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1 "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86 "{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3612B0B9-F731-4B94-9356-E224AC552801}" = Dell Digital Delivery "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1 "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi "{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4 "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-2052-0000-7760-000000000005}" = Adobe Acrobat X Pro - ChineseS "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU "{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework "{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1 "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Advanced Audio FX Engine" = Advanced Audio FX Engine "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Dell Webcam Central" = Dell Webcam Central "ERUNT_is1" = ERUNT 1.1j "InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1 "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1 "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010 "ProInst" = Intel PROSet Wireless "Vindictus" = Vindictus "WinLiveSuite" = Windows Live Essentials "ZinioReader4" = Zinio Reader 4 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1 Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal -- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown Structed Exception Stack Trace: stack trace functionality is not implemented for 64 bit.(end stack trace) Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1 Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal -- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_5.dmp Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1 Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal -- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown Structed Exception Stack Trace: stack trace functionality is not implemented for 64 bit.(end stack trace) Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1 Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal -- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_6.dmp Error - 5/5/2012 10:43:43 AM | Computer Name = HomeServer | Source = Application Hang | ID = 1002 Description = The program CivilizationV_DX11.exe version 1.0.1.348 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 440c Start Time: 01cd2acd37ee0f6b Termination Time: 10 Application Path: E:\Civilization V\CivilizationV_DX11.exe Report Id: 9f04c2df-96c0-11e1-b77b-4ceb4204a4b0 Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1000 Description = Faulting application name: DragonAge2.exe, version: 1.0.5174.0, time stamp: 0x4d4b03e5 Faulting module name: PhysXCore.dll, version: 2.8.4.4, time stamp: 0x4cf3f39e Exception code: 0xc0000006 Fault offset: 0x0010a550 Faulting process id: 0x2f68 Faulting application start time: 0x01cd2c5af0b799ee Faulting application path: E:\Dragon Age 2\bin_ship\DragonAge2.exe Faulting module path: E:\Dragon Age 2\bin_ship\PhysXCore.dll Report Id: 541153fa-984e-11e1-b77b-4ceb4204a4b0 Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1005 Description = Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Dragon Age II because of this error. Program: Dragon Age II File: The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C000026E Disk type: 0 Error - 5/9/2012 5:13:05 PM | Computer Name = HomeServer | Source = Windows Search Service | ID = 3007 Description = Error - 5/9/2012 7:34:06 PM | Computer Name = HomeServer | Source = Application Error | ID = 1000 Description = Faulting application name: STacSV64.exe, version: 1.0.6324.0, time stamp: 0x4d3e867e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc000000d Fault offset: 0x00000000000737e2 Faulting process id: 0x2d0 Faulting application start time: 0x01cd266e09e8a664 Faulting application path: C:\Program Files\IDT\WDM\STacSV64.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll Report Id: 77606d48-9a2f-11e1-b77b-4ceb4204a4b0 Error - 5/10/2012 8:55:37 PM | Computer Name = HomeServer | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR6. Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155 Description = The driver detected a controller error on \Device\Harddisk1\DR6. Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SQL Server Integration Services 10.0 service to connect. Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000 Description = The SQL Server Integration Services 10.0 service failed to start due to the following error: %%1053 Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the SQL Server Reporting Services (MSSQLSERVER) service to connect. Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000 Description = The SQL Server Reporting Services (MSSQLSERVER) service failed to start due to the following error: %%1053 Error - 5/25/2012 10:44:35 AM | Computer Name = HomeServer | Source = DCOM | ID = 10010 Description = Error - 5/31/2012 3:11:09 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010 Description = Error - 6/5/2012 12:55:41 PM | Computer Name = HomeServer | Source = Tcpip | ID = 4199 Description = The system detected an address conflict for IP address 192.168.0.200 with the system having network hardware address 00-26-22-3A-B9-28. Network operations on this system may be disrupted as a result. Error - 6/8/2012 4:44:42 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010 Description = < End of report > Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: JavaFX 2.1.0 Java™ 7 Update 4 Out of date Java installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe ``````````End of Log````````````
  4. Here are the logs: aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-18 22:16:44 ----------------------------- 22:16:44.876 OS Version: Windows x64 6.1.7601 Service Pack 1 22:16:44.876 Number of processors: 8 586 0x2A07 22:16:44.876 ComputerName: HOMESERVER UserName: yuantaoli 22:16:45.454 Initialize success 22:16:59.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 22:16:59.651 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3 22:16:59.685 Disk 0 MBR read successfully 22:16:59.687 Disk 0 MBR scan 22:16:59.688 Disk 0 Windows 7 default MBR code 22:16:59.692 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048 22:16:59.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848 22:16:59.716 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848 22:16:59.724 Disk 0 scanning C:\windows\system32\drivers 22:17:04.901 Service scanning 22:17:23.376 Modules scanning 22:17:23.381 Scan finished successfully 22:17:42.669 Disk 0 MBR has been saved successfully to "C:\Users\yuantaoli\Desktop\MBR.dat" 22:17:42.670 The log file has been saved successfully to "C:\Users\yuantaoli\Desktop\aswMBR.txt" ___________________________________________________ 22:18:30.0763 6860 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 22:18:31.0048 6860 ============================================================ 22:18:31.0048 6860 Current date / time: 2012/06/18 22:18:31.0048 22:18:31.0048 6860 SystemInfo: 22:18:31.0048 6860 22:18:31.0048 6860 OS Version: 6.1.7601 ServicePack: 1.0 22:18:31.0048 6860 Product type: Workstation 22:18:31.0048 6860 ComputerName: HOMESERVER 22:18:31.0048 6860 UserName: yuantaoli 22:18:31.0049 6860 Windows directory: C:\windows 22:18:31.0049 6860 System windows directory: C:\windows 22:18:31.0049 6860 Running under WOW64 22:18:31.0049 6860 Processor architecture: Intel x64 22:18:31.0049 6860 Number of processors: 8 22:18:31.0049 6860 Page size: 0x1000 22:18:31.0049 6860 Boot type: Normal boot 22:18:31.0049 6860 ============================================================ 22:18:31.0404 6860 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 22:18:31.0408 6860 ============================================================ 22:18:31.0408 6860 \Device\Harddisk0\DR0: 22:18:31.0410 6860 MBR partitions: 22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030 22:18:31.0410 6860 ============================================================ 22:18:31.0521 6860 C: <-> \Device\Harddisk0\DR0\Partition1 22:18:31.0521 6860 ============================================================ 22:18:31.0521 6860 Initialize success 22:18:31.0521 6860 ============================================================ 22:18:54.0326 10248 ============================================================ 22:18:54.0326 10248 Scan started 22:18:54.0326 10248 Mode: Manual; SigCheck; TDLFS; 22:18:54.0326 10248 ============================================================ 22:18:54.0614 10248 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 22:18:54.0659 10248 1394ohci - ok 22:18:54.0700 10248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 22:18:54.0712 10248 ACPI - ok 22:18:54.0726 10248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 22:18:54.0753 10248 AcpiPmi - ok 22:18:54.0866 10248 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:18:54.0875 10248 AdobeFlashPlayerUpdateSvc - ok 22:18:54.0920 10248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys 22:18:54.0935 10248 adp94xx - ok 22:18:54.0982 10248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys 22:18:54.0995 10248 adpahci - ok 22:18:55.0002 10248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys 22:18:55.0011 10248 adpu320 - ok 22:18:55.0043 10248 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 22:18:55.0090 10248 AeLookupSvc - ok 22:18:55.0193 10248 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 22:18:55.0220 10248 AESTFilters - ok 22:18:55.0287 10248 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 22:18:55.0317 10248 AFD - ok 22:18:55.0379 10248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 22:18:55.0387 10248 agp440 - ok 22:18:55.0433 10248 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 22:18:55.0477 10248 ALG - ok 22:18:55.0506 10248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 22:18:55.0513 10248 aliide - ok 22:18:55.0516 10248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 22:18:55.0523 10248 amdide - ok 22:18:55.0557 10248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys 22:18:55.0574 10248 AmdK8 - ok 22:18:55.0578 10248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys 22:18:55.0593 10248 AmdPPM - ok 22:18:55.0627 10248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 22:18:55.0635 10248 amdsata - ok 22:18:55.0641 10248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys 22:18:55.0652 10248 amdsbs - ok 22:18:55.0664 10248 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 22:18:55.0671 10248 amdxata - ok 22:18:55.0724 10248 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys 22:18:55.0766 10248 AMPPAL - ok 22:18:55.0769 10248 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys 22:18:55.0778 10248 AMPPALP - ok 22:18:55.0898 10248 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe 22:18:55.0922 10248 AMPPALR3 - ok 22:18:56.0073 10248 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys 22:18:56.0086 10248 ApfiltrService - ok 22:18:56.0143 10248 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 22:18:56.0208 10248 AppID - ok 22:18:56.0235 10248 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 22:18:56.0279 10248 AppIDSvc - ok 22:18:56.0299 10248 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 22:18:56.0339 10248 Appinfo - ok 22:18:56.0405 10248 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll 22:18:56.0455 10248 AppMgmt - ok 22:18:56.0489 10248 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys 22:18:56.0497 10248 arc - ok 22:18:56.0508 10248 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys 22:18:56.0517 10248 arcsas - ok 22:18:56.0639 10248 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 22:18:56.0645 10248 aspnet_state - ok 22:18:56.0684 10248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 22:18:56.0724 10248 AsyncMac - ok 22:18:56.0768 10248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 22:18:56.0775 10248 atapi - ok 22:18:56.0826 10248 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 22:18:56.0881 10248 AudioEndpointBuilder - ok 22:18:56.0886 10248 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 22:18:56.0917 10248 AudioSrv - ok 22:18:56.0953 10248 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 22:18:56.0988 10248 AxInstSV - ok 22:18:57.0059 10248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys 22:18:57.0106 10248 b06bdrv - ok 22:18:57.0143 10248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 22:18:57.0170 10248 b57nd60a - ok 22:18:57.0321 10248 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 22:18:57.0331 10248 BBSvc - ok 22:18:57.0380 10248 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 22:18:57.0390 10248 BBUpdate - ok 22:18:57.0446 10248 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 22:18:57.0495 10248 BDESVC - ok 22:18:57.0533 10248 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 22:18:57.0578 10248 Beep - ok 22:18:57.0632 10248 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 22:18:57.0679 10248 BFE - ok 22:18:57.0730 10248 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 22:18:57.0783 10248 BITS - ok 22:18:57.0846 10248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 22:18:57.0868 10248 blbdrive - ok 22:18:58.0002 10248 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe 22:18:58.0042 10248 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning 22:18:58.0042 10248 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1) 22:18:58.0083 10248 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe 22:18:58.0124 10248 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning 22:18:58.0124 10248 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1) 22:18:58.0163 10248 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe 22:18:58.0205 10248 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning 22:18:58.0205 10248 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1) 22:18:58.0322 10248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 22:18:58.0353 10248 bowser - ok 22:18:58.0398 10248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys 22:18:58.0427 10248 BrFiltLo - ok 22:18:58.0429 10248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys 22:18:58.0463 10248 BrFiltUp - ok 22:18:58.0523 10248 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 22:18:58.0566 10248 Browser - ok 22:18:58.0585 10248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 22:18:58.0627 10248 Brserid - ok 22:18:58.0631 10248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 22:18:58.0659 10248 BrSerWdm - ok 22:18:58.0687 10248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 22:18:58.0711 10248 BrUsbMdm - ok 22:18:58.0719 10248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 22:18:58.0743 10248 BrUsbSer - ok 22:18:58.0773 10248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys 22:18:58.0794 10248 BthEnum - ok 22:18:58.0822 10248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 22:18:58.0851 10248 BTHMODEM - ok 22:18:58.0885 10248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 22:18:58.0911 10248 BthPan - ok 22:18:58.0937 10248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys 22:18:58.0952 10248 BTHPORT - ok 22:18:58.0994 10248 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 22:18:59.0020 10248 bthserv - ok 22:18:59.0094 10248 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe 22:18:59.0102 10248 BTHSSecurityMgr - ok 22:18:59.0134 10248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys 22:18:59.0165 10248 BTHUSB - ok 22:18:59.0198 10248 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys 22:18:59.0216 10248 btmaudio - ok 22:18:59.0250 10248 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys 22:18:59.0273 10248 btmaux - ok 22:18:59.0312 10248 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys 22:18:59.0343 10248 btmhsf - ok 22:18:59.0401 10248 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 22:18:59.0445 10248 cdfs - ok 22:18:59.0491 10248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 22:18:59.0514 10248 cdrom - ok 22:18:59.0565 10248 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 22:18:59.0607 10248 CertPropSvc - ok 22:18:59.0633 10248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys 22:18:59.0662 10248 circlass - ok 22:18:59.0697 10248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 22:18:59.0710 10248 CLFS - ok 22:18:59.0798 10248 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:18:59.0805 10248 clr_optimization_v2.0.50727_32 - ok 22:18:59.0857 10248 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:18:59.0863 10248 clr_optimization_v2.0.50727_64 - ok 22:18:59.0947 10248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:18:59.0954 10248 clr_optimization_v4.0.30319_32 - ok 22:18:59.0997 10248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:19:00.0020 10248 clr_optimization_v4.0.30319_64 - ok 22:19:00.0064 10248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 22:19:00.0087 10248 CmBatt - ok 22:19:00.0102 10248 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 22:19:00.0109 10248 cmdide - ok 22:19:00.0162 10248 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 22:19:00.0181 10248 CNG - ok 22:19:00.0229 10248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys 22:19:00.0236 10248 Compbatt - ok 22:19:00.0274 10248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys 22:19:00.0304 10248 CompositeBus - ok 22:19:00.0332 10248 COMSysApp - ok 22:19:00.0355 10248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys 22:19:00.0363 10248 crcdisk - ok 22:19:00.0389 10248 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll 22:19:00.0400 10248 CryptSvc - ok 22:19:00.0461 10248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys 22:19:00.0515 10248 CSC - ok 22:19:00.0574 10248 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll 22:19:00.0607 10248 CscService - ok 22:19:00.0678 10248 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys 22:19:00.0703 10248 CtClsFlt - ok 22:19:00.0751 10248 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys 22:19:00.0757 10248 dc3d - ok 22:19:00.0808 10248 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 22:19:00.0856 10248 DcomLaunch - ok 22:19:00.0905 10248 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 22:19:00.0952 10248 defragsvc - ok 22:19:01.0073 10248 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe 22:19:01.0098 10248 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning 22:19:01.0098 10248 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1) 22:19:01.0127 10248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 22:19:01.0167 10248 DfsC - ok 22:19:01.0213 10248 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 22:19:01.0259 10248 Dhcp - ok 22:19:01.0280 10248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 22:19:01.0320 10248 discache - ok 22:19:01.0361 10248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys 22:19:01.0368 10248 Disk - ok 22:19:01.0402 10248 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 22:19:01.0448 10248 Dnscache - ok 22:19:01.0456 10248 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 22:19:01.0498 10248 dot3svc - ok 22:19:01.0504 10248 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 22:19:01.0537 10248 DPS - ok 22:19:01.0626 10248 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 22:19:01.0653 10248 drmkaud - ok 22:19:01.0702 10248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 22:19:01.0724 10248 DXGKrnl - ok 22:19:01.0761 10248 EagleX64 - ok 22:19:01.0801 10248 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 22:19:01.0844 10248 EapHost - ok 22:19:01.0943 10248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys 22:19:02.0001 10248 ebdrv - ok 22:19:02.0085 10248 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 22:19:02.0130 10248 EFS - ok 22:19:02.0199 10248 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 22:19:02.0250 10248 ehRecvr - ok 22:19:02.0317 10248 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 22:19:02.0347 10248 ehSched - ok 22:19:02.0441 10248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys 22:19:02.0457 10248 elxstor - ok 22:19:02.0461 10248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 22:19:02.0491 10248 ErrDev - ok 22:19:02.0532 10248 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 22:19:02.0580 10248 EventSystem - ok 22:19:02.0728 10248 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe 22:19:02.0751 10248 EvtEng - ok 22:19:02.0874 10248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 22:19:02.0902 10248 exfat - ok 22:19:02.0918 10248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 22:19:02.0957 10248 fastfat - ok 22:19:03.0020 10248 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 22:19:03.0073 10248 Fax - ok 22:19:03.0120 10248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys 22:19:03.0150 10248 fdc - ok 22:19:03.0181 10248 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 22:19:03.0227 10248 fdPHost - ok 22:19:03.0245 10248 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 22:19:03.0288 10248 FDResPub - ok 22:19:03.0316 10248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 22:19:03.0324 10248 FileInfo - ok 22:19:03.0334 10248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 22:19:03.0379 10248 Filetrace - ok 22:19:03.0412 10248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys 22:19:03.0420 10248 flpydisk - ok 22:19:03.0429 10248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 22:19:03.0440 10248 FltMgr - ok 22:19:03.0484 10248 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 22:19:03.0540 10248 FontCache - ok 22:19:03.0634 10248 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:19:03.0640 10248 FontCache3.0.0.0 - ok 22:19:03.0701 10248 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 22:19:03.0709 10248 FsDepends - ok 22:19:03.0730 10248 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys 22:19:03.0737 10248 Fs_Rec - ok 22:19:03.0777 10248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 22:19:03.0790 10248 fvevol - ok 22:19:03.0826 10248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys 22:19:03.0834 10248 gagp30kx - ok 22:19:03.0876 10248 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 22:19:03.0911 10248 gpsvc - ok 22:19:03.0963 10248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 22:19:04.0003 10248 hcw85cir - ok 22:19:04.0042 10248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 22:19:04.0074 10248 HdAudAddService - ok 22:19:04.0113 10248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys 22:19:04.0145 10248 HDAudBus - ok 22:19:04.0148 10248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys 22:19:04.0159 10248 HidBatt - ok 22:19:04.0164 10248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys 22:19:04.0178 10248 HidBth - ok 22:19:04.0181 10248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys 22:19:04.0202 10248 HidIr - ok 22:19:04.0236 10248 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 22:19:04.0276 10248 hidserv - ok 22:19:04.0332 10248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 22:19:04.0341 10248 HidUsb - ok 22:19:04.0377 10248 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 22:19:04.0425 10248 hkmsvc - ok 22:19:04.0459 10248 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 22:19:04.0507 10248 HomeGroupListener - ok 22:19:04.0552 10248 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 22:19:04.0576 10248 HomeGroupProvider - ok 22:19:04.0602 10248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 22:19:04.0610 10248 HpSAMD - ok 22:19:04.0648 10248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 22:19:04.0682 10248 HTTP - ok 22:19:04.0695 10248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 22:19:04.0703 10248 hwpolicy - ok 22:19:04.0736 10248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys 22:19:04.0744 10248 i8042prt - ok 22:19:04.0789 10248 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys 22:19:04.0801 10248 iaStor - ok 22:19:04.0919 10248 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 22:19:04.0925 10248 IAStorDataMgrSvc - ok 22:19:04.0965 10248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 22:19:04.0979 10248 iaStorV - ok 22:19:05.0021 10248 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys 22:19:05.0045 10248 iBtFltCoex - ok 22:19:05.0166 10248 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:19:05.0182 10248 idsvc - ok 22:19:05.0453 10248 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys 22:19:05.0693 10248 igfx - ok 22:19:05.0816 10248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys 22:19:05.0824 10248 iirsp - ok 22:19:05.0861 10248 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 22:19:05.0912 10248 IKEEXT - ok 22:19:05.0966 10248 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys 22:19:05.0973 10248 intaud_WaveExtensible - ok 22:19:06.0028 10248 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 22:19:06.0056 10248 IntcDAud - ok 22:19:06.0093 10248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 22:19:06.0100 10248 intelide - ok 22:19:06.0149 10248 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 22:19:06.0169 10248 intelppm - ok 22:19:06.0207 10248 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 22:19:06.0246 10248 IPBusEnum - ok 22:19:06.0250 10248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 22:19:06.0289 10248 IpFilterDriver - ok 22:19:06.0317 10248 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 22:19:06.0372 10248 iphlpsvc - ok 22:19:06.0378 10248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 22:19:06.0405 10248 IPMIDRV - ok 22:19:06.0441 10248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 22:19:06.0482 10248 IPNAT - ok 22:19:06.0512 10248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 22:19:06.0524 10248 IRENUM - ok 22:19:06.0542 10248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 22:19:06.0549 10248 isapnp - ok 22:19:06.0575 10248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 22:19:06.0586 10248 iScsiPrt - ok 22:19:06.0635 10248 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys 22:19:06.0641 10248 iwdbus - ok 22:19:06.0647 10248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 22:19:06.0655 10248 kbdclass - ok 22:19:06.0680 10248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys 22:19:06.0702 10248 kbdhid - ok 22:19:06.0744 10248 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 22:19:06.0752 10248 KeyIso - ok 22:19:06.0768 10248 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 22:19:06.0777 10248 KSecDD - ok 22:19:06.0792 10248 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 22:19:06.0802 10248 KSecPkg - ok 22:19:06.0826 10248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 22:19:06.0873 10248 ksthunk - ok 22:19:06.0909 10248 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 22:19:06.0950 10248 KtmRm - ok 22:19:06.0995 10248 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 22:19:07.0041 10248 LanmanServer - ok 22:19:07.0076 10248 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 22:19:07.0126 10248 LanmanWorkstation - ok 22:19:07.0170 10248 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 22:19:07.0214 10248 lltdio - ok 22:19:07.0255 10248 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 22:19:07.0303 10248 lltdsvc - ok 22:19:07.0320 10248 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 22:19:07.0346 10248 lmhosts - ok 22:19:07.0451 10248 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 22:19:07.0460 10248 LMS - ok 22:19:07.0499 10248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys 22:19:07.0508 10248 LSI_FC - ok 22:19:07.0547 10248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys 22:19:07.0556 10248 LSI_SAS - ok 22:19:07.0560 10248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys 22:19:07.0568 10248 LSI_SAS2 - ok 22:19:07.0573 10248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys 22:19:07.0582 10248 LSI_SCSI - ok 22:19:07.0599 10248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 22:19:07.0645 10248 luafv - ok 22:19:07.0677 10248 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 22:19:07.0705 10248 Mcx2Svc - ok 22:19:07.0708 10248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys 22:19:07.0716 10248 megasas - ok 22:19:07.0735 10248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys 22:19:07.0746 10248 MegaSR - ok 22:19:07.0797 10248 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys 22:19:07.0803 10248 MEIx64 - ok 22:19:07.0893 10248 Microsoft SharePoint Workspace Audit Service - ok 22:19:07.0918 10248 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 22:19:07.0965 10248 MMCSS - ok 22:19:07.0986 10248 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 22:19:08.0035 10248 Modem - ok 22:19:08.0090 10248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 22:19:08.0121 10248 monitor - ok 22:19:08.0180 10248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 22:19:08.0188 10248 mouclass - ok 22:19:08.0229 10248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 22:19:08.0255 10248 mouhid - ok 22:19:08.0311 10248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 22:19:08.0319 10248 mountmgr - ok 22:19:08.0372 10248 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys 22:19:08.0383 10248 MpFilter - ok 22:19:08.0419 10248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 22:19:08.0429 10248 mpio - ok 22:19:08.0444 10248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 22:19:08.0470 10248 mpsdrv - ok 22:19:08.0510 10248 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 22:19:08.0564 10248 MpsSvc - ok 22:19:08.0588 10248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 22:19:08.0615 10248 MRxDAV - ok 22:19:08.0646 10248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 22:19:08.0667 10248 mrxsmb - ok 22:19:08.0675 10248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 22:19:08.0686 10248 mrxsmb10 - ok 22:19:08.0691 10248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 22:19:08.0700 10248 mrxsmb20 - ok 22:19:08.0710 10248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 22:19:08.0718 10248 msahci - ok 22:19:08.0731 10248 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 22:19:08.0741 10248 msdsm - ok 22:19:08.0766 10248 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 22:19:08.0794 10248 MSDTC - ok 22:19:08.0924 10248 MsDtsServer100 (7d0ac2859eeaccc5bd038b8cddcaff62) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe 22:19:08.0932 10248 MsDtsServer100 - ok 22:19:08.0951 10248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 22:19:08.0977 10248 Msfs - ok 22:19:08.0992 10248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 22:19:09.0032 10248 mshidkmdf - ok 22:19:09.0047 10248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 22:19:09.0055 10248 msisadrv - ok 22:19:09.0114 10248 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 22:19:09.0142 10248 MSiSCSI - ok 22:19:09.0145 10248 msiserver - ok 22:19:09.0189 10248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 22:19:09.0233 10248 MSKSSRV - ok 22:19:09.0332 10248 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 22:19:09.0339 10248 MsMpSvc - ok 22:19:09.0353 10248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 22:19:09.0394 10248 MSPCLOCK - ok 22:19:09.0408 10248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 22:19:09.0433 10248 MSPQM - ok 22:19:09.0453 10248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 22:19:09.0466 10248 MsRPC - ok 22:19:09.0506 10248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys 22:19:09.0514 10248 mssmbios - ok 22:19:09.0557 10248 MSSQLSERVER - ok 22:19:09.0629 10248 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 22:19:09.0635 10248 MSSQLServerADHelper100 - ok 22:19:09.0661 10248 MSSQLServerOLAPService - ok 22:19:09.0696 10248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 22:19:09.0746 10248 MSTEE - ok 22:19:09.0764 10248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys 22:19:09.0785 10248 MTConfig - ok 22:19:09.0809 10248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 22:19:09.0817 10248 Mup - ok 22:19:09.0903 10248 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe 22:19:09.0913 10248 MyWiFiDHCPDNS - ok 22:19:09.0953 10248 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 22:19:10.0004 10248 napagent - ok 22:19:10.0044 10248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 22:19:10.0078 10248 NativeWifiP - ok 22:19:10.0125 10248 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys 22:19:10.0147 10248 NDIS - ok 22:19:10.0192 10248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 22:19:10.0218 10248 NdisCap - ok 22:19:10.0277 10248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 22:19:10.0303 10248 NdisTapi - ok 22:19:10.0332 10248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 22:19:10.0368 10248 Ndisuio - ok 22:19:10.0405 10248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 22:19:10.0448 10248 NdisWan - ok 22:19:10.0469 10248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 22:19:10.0495 10248 NDProxy - ok 22:19:10.0525 10248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 22:19:10.0566 10248 NetBIOS - ok 22:19:10.0587 10248 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 22:19:10.0636 10248 NetBT - ok 22:19:10.0682 10248 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 22:19:10.0690 10248 Netlogon - ok 22:19:10.0753 10248 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 22:19:10.0800 10248 Netman - ok 22:19:10.0907 10248 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:19:10.0914 10248 NetMsmqActivator - ok 22:19:10.0937 10248 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:19:10.0944 10248 NetPipeActivator - ok 22:19:10.0986 10248 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 22:19:11.0034 10248 netprofm - ok 22:19:11.0036 10248 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:19:11.0043 10248 NetTcpActivator - ok 22:19:11.0045 10248 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 22:19:11.0052 10248 NetTcpPortSharing - ok 22:19:11.0280 10248 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys 22:19:11.0459 10248 NETwNs64 - ok 22:19:11.0586 10248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys 22:19:11.0594 10248 nfrd960 - ok 22:19:11.0651 10248 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys 22:19:11.0658 10248 NisDrv - ok 22:19:11.0731 10248 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 22:19:11.0742 10248 NisSrv - ok 22:19:11.0786 10248 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 22:19:11.0836 10248 NlaSvc - ok 22:19:11.0983 10248 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe 22:19:12.0021 10248 NOBU - ok 22:19:12.0115 10248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 22:19:12.0142 10248 Npfs - ok 22:19:12.0169 10248 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 22:19:12.0215 10248 nsi - ok 22:19:12.0233 10248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 22:19:12.0259 10248 nsiproxy - ok 22:19:12.0307 10248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 22:19:12.0340 10248 Ntfs - ok 22:19:12.0440 10248 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 22:19:12.0486 10248 Null - ok 22:19:12.0518 10248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 22:19:12.0527 10248 nvraid - ok 22:19:12.0554 10248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 22:19:12.0563 10248 nvstor - ok 22:19:12.0580 10248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 22:19:12.0589 10248 nv_agp - ok 22:19:12.0593 10248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 22:19:12.0610 10248 ohci1394 - ok 22:19:12.0692 10248 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 22:19:12.0699 10248 ose - ok 22:19:12.0860 10248 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 22:19:12.0925 10248 osppsvc - ok 22:19:13.0045 10248 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 22:19:13.0089 10248 p2pimsvc - ok 22:19:13.0112 10248 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 22:19:13.0127 10248 p2psvc - ok 22:19:13.0174 10248 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys 22:19:13.0183 10248 Parport - ok 22:19:13.0216 10248 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys 22:19:13.0225 10248 partmgr - ok 22:19:13.0255 10248 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 22:19:13.0283 10248 PcaSvc - ok 22:19:13.0318 10248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 22:19:13.0328 10248 pci - ok 22:19:13.0367 10248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 22:19:13.0375 10248 pciide - ok 22:19:13.0384 10248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys 22:19:13.0395 10248 pcmcia - ok 22:19:13.0410 10248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 22:19:13.0418 10248 pcw - ok 22:19:13.0451 10248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 22:19:13.0497 10248 PEAUTH - ok 22:19:13.0595 10248 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll 22:19:13.0655 10248 PeerDistSvc - ok 22:19:13.0713 10248 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 22:19:13.0736 10248 PerfHost - ok 22:19:13.0837 10248 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 22:19:13.0894 10248 pla - ok 22:19:13.0939 10248 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 22:19:13.0977 10248 PlugPlay - ok 22:19:14.0000 10248 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 22:19:14.0029 10248 PNRPAutoReg - ok 22:19:14.0066 10248 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 22:19:14.0077 10248 PNRPsvc - ok 22:19:14.0124 10248 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys 22:19:14.0130 10248 Point64 - ok 22:19:14.0168 10248 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 22:19:14.0213 10248 PolicyAgent - ok 22:19:14.0243 10248 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll 22:19:14.0289 10248 Power - ok 22:19:14.0350 10248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 22:19:14.0389 10248 PptpMiniport - ok 22:19:14.0405 10248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys 22:19:14.0434 10248 Processor - ok 22:19:14.0482 10248 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll 22:19:14.0531 10248 ProfSvc - ok 22:19:14.0553 10248 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 22:19:14.0561 10248 ProtectedStorage - ok 22:19:14.0601 10248 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 22:19:14.0645 10248 Psched - ok 22:19:14.0714 10248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys 22:19:14.0745 10248 ql2300 - ok 22:19:14.0833 10248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys 22:19:14.0842 10248 ql40xx - ok 22:19:14.0865 10248 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 22:19:14.0882 10248 QWAVE - ok 22:19:14.0895 10248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 22:19:14.0923 10248 QWAVEdrv - ok 22:19:14.0943 10248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 22:19:14.0989 10248 RasAcd - ok 22:19:15.0031 10248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 22:19:15.0058 10248 RasAgileVpn - ok 22:19:15.0083 10248 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 22:19:15.0126 10248 RasAuto - ok 22:19:15.0161 10248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 22:19:15.0208 10248 Rasl2tp - ok 22:19:15.0235 10248 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 22:19:15.0266 10248 RasMan - ok 22:19:15.0281 10248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 22:19:15.0328 10248 RasPppoe - ok 22:19:15.0369 10248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 22:19:15.0410 10248 RasSstp - ok 22:19:15.0431 10248 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 22:19:15.0474 10248 rdbss - ok 22:19:15.0488 10248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 22:19:15.0515 10248 rdpbus - ok 22:19:15.0531 10248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 22:19:15.0574 10248 RDPCDD - ok 22:19:15.0621 10248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys 22:19:15.0647 10248 RDPDR - ok 22:19:15.0687 10248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 22:19:15.0729 10248 RDPENCDD - ok 22:19:15.0754 10248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 22:19:15.0780 10248 RDPREFMP - ok 22:19:15.0841 10248 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\windows\system32\drivers\rdpvideominiport.sys 22:19:15.0885 10248 RdpVideoMiniport - ok 22:19:15.0917 10248 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys 22:19:15.0961 10248 RDPWD - ok 22:19:16.0000 10248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 22:19:16.0010 10248 rdyboost - ok 22:19:16.0130 10248 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 22:19:16.0146 10248 RegSrvc - ok 22:19:16.0175 10248 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 22:19:16.0217 10248 RemoteAccess - ok 22:19:16.0256 10248 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 22:19:16.0285 10248 RemoteRegistry - ok 22:19:16.0425 10248 ReportServer (499556b74a1022906de888fab0389bfa) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe 22:19:16.0457 10248 ReportServer - ok 22:19:16.0577 10248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 22:19:16.0601 10248 RFCOMM - ok 22:19:16.0629 10248 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 22:19:16.0668 10248 RpcEptMapper - ok 22:19:16.0698 10248 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 22:19:16.0708 10248 RpcLocator - ok 22:19:16.0727 10248 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 22:19:16.0756 10248 RpcSs - ok 22:19:16.0818 10248 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\windows\system32\DRIVERS\RsFx0150.sys 22:19:16.0829 10248 RsFx0150 - ok 22:19:16.0876 10248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 22:19:16.0903 10248 rspndr - ok 22:19:16.0969 10248 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys 22:19:16.0980 10248 RSUSBSTOR - ok 22:19:17.0012 10248 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys 22:19:17.0026 10248 RTL8167 - ok 22:19:17.0050 10248 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 22:19:17.0058 10248 SamSs - ok 22:19:17.0090 10248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 22:19:17.0098 10248 sbp2port - ok 22:19:17.0119 10248 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 22:19:17.0167 10248 SCardSvr - ok 22:19:17.0190 10248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 22:19:17.0235 10248 scfilter - ok 22:19:17.0275 10248 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 22:19:17.0330 10248 Schedule - ok 22:19:17.0370 10248 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 22:19:17.0395 10248 SCPolicySvc - ok 22:19:17.0425 10248 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 22:19:17.0465 10248 SDRSVC - ok 22:19:17.0536 10248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 22:19:17.0580 10248 secdrv - ok 22:19:17.0604 10248 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 22:19:17.0630 10248 seclogon - ok 22:19:17.0655 10248 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 22:19:17.0694 10248 SENS - ok 22:19:17.0731 10248 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 22:19:17.0786 10248 SensrSvc - ok 22:19:17.0836 10248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys 22:19:17.0862 10248 Serenum - ok 22:19:17.0898 10248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys 22:19:17.0931 10248 Serial - ok 22:19:17.0984 10248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys 22:19:18.0007 10248 sermouse - ok 22:19:18.0068 10248 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 22:19:18.0109 10248 SessionEnv - ok 22:19:18.0113 10248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 22:19:18.0144 10248 sffdisk - ok 22:19:18.0147 10248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 22:19:18.0174 10248 sffp_mmc - ok 22:19:18.0193 10248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 22:19:18.0222 10248 sffp_sd - ok 22:19:18.0273 10248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys 22:19:18.0303 10248 sfloppy - ok 22:19:18.0419 10248 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 22:19:18.0444 10248 SftService - ok 22:19:18.0567 10248 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 22:19:18.0598 10248 SharedAccess - ok 22:19:18.0656 10248 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 22:19:18.0700 10248 ShellHWDetection - ok 22:19:18.0784 10248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys 22:19:18.0792 10248 SiSRaid2 - ok 22:19:18.0797 10248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys 22:19:18.0805 10248 SiSRaid4 - ok 22:19:18.0919 10248 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe 22:19:18.0926 10248 SkypeUpdate - ok 22:19:18.0964 10248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 22:19:19.0004 10248 Smb - ok 22:19:19.0058 10248 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 22:19:19.0083 10248 SNMPTRAP - ok 22:19:19.0117 10248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 22:19:19.0125 10248 spldr - ok 22:19:19.0147 10248 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 22:19:19.0180 10248 Spooler - ok 22:19:19.0268 10248 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 22:19:19.0387 10248 sppsvc - ok 22:19:19.0471 10248 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 22:19:19.0499 10248 sppuinotify - ok 22:19:19.0612 10248 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 22:19:19.0620 10248 SQLBrowser - ok 22:19:19.0735 10248 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE 22:19:19.0745 10248 SQLSERVERAGENT - ok 22:19:19.0808 10248 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 22:19:19.0815 10248 SQLWriter - ok 22:19:19.0872 10248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 22:19:19.0906 10248 srv - ok 22:19:19.0917 10248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 22:19:19.0943 10248 srv2 - ok 22:19:19.0949 10248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 22:19:19.0958 10248 srvnet - ok 22:19:20.0010 10248 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 22:19:20.0055 10248 SSDPSRV - ok 22:19:20.0060 10248 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 22:19:20.0088 10248 SstpSvc - ok 22:19:20.0228 10248 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe 22:19:20.0238 10248 STacSV - ok 22:19:20.0258 10248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys 22:19:20.0265 10248 stexstor - ok 22:19:20.0311 10248 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys 22:19:20.0346 10248 STHDA - ok 22:19:20.0406 10248 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 22:19:20.0426 10248 stisvc - ok 22:19:20.0444 10248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys 22:19:20.0452 10248 swenum - ok 22:19:20.0487 10248 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 22:19:20.0541 10248 swprv - ok 22:19:20.0569 10248 Synth3dVsc - ok 22:19:20.0638 10248 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 22:19:20.0687 10248 SysMain - ok 22:19:20.0762 10248 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 22:19:20.0793 10248 TabletInputService - ok 22:19:20.0805 10248 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 22:19:20.0853 10248 TapiSrv - ok 22:19:20.0857 10248 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 22:19:20.0884 10248 TBS - ok 22:19:20.0989 10248 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys 22:19:21.0026 10248 Tcpip - ok 22:19:21.0187 10248 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys 22:19:21.0216 10248 TCPIP6 - ok 22:19:21.0260 10248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 22:19:21.0301 10248 tcpipreg - ok 22:19:21.0305 10248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 22:19:21.0325 10248 TDPIPE - ok 22:19:21.0356 10248 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 22:19:21.0383 10248 TDTCP - ok 22:19:21.0406 10248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 22:19:21.0433 10248 tdx - ok 22:19:21.0449 10248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys 22:19:21.0457 10248 TermDD - ok 22:19:21.0497 10248 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 22:19:21.0548 10248 TermService - ok 22:19:21.0573 10248 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 22:19:21.0586 10248 Themes - ok 22:19:21.0619 10248 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 22:19:21.0645 10248 THREADORDER - ok 22:19:21.0693 10248 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys 22:19:21.0702 10248 tihub3 - ok 22:19:21.0739 10248 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys 22:19:21.0751 10248 tixhci - ok 22:19:21.0776 10248 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 22:19:21.0826 10248 TrkWks - ok 22:19:21.0870 10248 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 22:19:21.0915 10248 TrustedInstaller - ok 22:19:21.0949 10248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 22:19:21.0995 10248 tssecsrv - ok 22:19:22.0021 10248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 22:19:22.0043 10248 TsUsbFlt - ok 22:19:22.0046 10248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys 22:19:22.0074 10248 TsUsbGD - ok 22:19:22.0076 10248 tsusbhub - ok 22:19:22.0107 10248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 22:19:22.0150 10248 tunnel - ok 22:19:22.0205 10248 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys 22:19:22.0211 10248 TurboB - ok 22:19:22.0270 10248 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 22:19:22.0278 10248 TurboBoost - ok 22:19:22.0302 10248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys 22:19:22.0310 10248 uagp35 - ok 22:19:22.0320 10248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 22:19:22.0365 10248 udfs - ok 22:19:22.0403 10248 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 22:19:22.0414 10248 UI0Detect - ok 22:19:22.0450 10248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 22:19:22.0458 10248 uliagpkx - ok 22:19:22.0502 10248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys 22:19:22.0530 10248 umbus - ok 22:19:22.0549 10248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys 22:19:22.0557 10248 UmPass - ok 22:19:22.0604 10248 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll 22:19:22.0615 10248 UmRdpService - ok 22:19:22.0791 10248 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 22:19:22.0827 10248 UNS - ok 22:19:22.0908 10248 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 22:19:22.0939 10248 upnphost - ok 22:19:23.0029 10248 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys 22:19:23.0053 10248 usbaudio - ok 22:19:23.0129 10248 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys 22:19:23.0181 10248 usbccgp - ok 22:19:23.0222 10248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 22:19:23.0234 10248 usbcir - ok 22:19:23.0242 10248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 22:19:23.0271 10248 usbehci - ok 22:19:23.0327 10248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 22:19:23.0354 10248 usbhub - ok 22:19:23.0389 10248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 22:19:23.0411 10248 usbohci - ok 22:19:23.0450 10248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys 22:19:23.0479 10248 usbprint - ok 22:19:23.0515 10248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 22:19:23.0563 10248 USBSTOR - ok 22:19:23.0605 10248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 22:19:23.0635 10248 usbuhci - ok 22:19:23.0668 10248 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 22:19:23.0680 10248 usbvideo - ok 22:19:23.0705 10248 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 22:19:23.0754 10248 UxSms - ok 22:19:23.0794 10248 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 22:19:23.0803 10248 VaultSvc - ok 22:19:23.0848 10248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 22:19:23.0855 10248 vdrvroot - ok 22:19:23.0875 10248 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 22:19:23.0921 10248 vds - ok 22:19:23.0957 10248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 22:19:23.0968 10248 vga - ok 22:19:23.0986 10248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 22:19:24.0029 10248 VgaSave - ok 22:19:24.0052 10248 VGPU - ok 22:19:24.0060 10248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 22:19:24.0070 10248 vhdmp - ok 22:19:24.0102 10248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 22:19:24.0109 10248 viaide - ok 22:19:24.0157 10248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 22:19:24.0165 10248 volmgr - ok 22:19:24.0186 10248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 22:19:24.0199 10248 volmgrx - ok 22:19:24.0208 10248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 22:19:24.0220 10248 volsnap - ok 22:19:24.0280 10248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys 22:19:24.0290 10248 vsmraid - ok 22:19:24.0439 10248 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys 22:19:24.0446 10248 VSPerfDrv100 - ok 22:19:24.0509 10248 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 22:19:24.0585 10248 VSS - ok 22:19:24.0689 10248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 22:19:24.0715 10248 vwifibus - ok 22:19:24.0733 10248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 22:19:24.0767 10248 vwififlt - ok 22:19:24.0793 10248 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys 22:19:24.0825 10248 vwifimp - ok 22:19:24.0866 10248 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 22:19:24.0918 10248 W32Time - ok 22:19:24.0957 10248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys 22:19:24.0982 10248 WacomPen - ok 22:19:25.0020 10248 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 22:19:25.0064 10248 WANARP - ok 22:19:25.0066 10248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 22:19:25.0092 10248 Wanarpv6 - ok 22:19:25.0151 10248 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 22:19:25.0178 10248 WatAdminSvc - ok 22:19:25.0235 10248 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 22:19:25.0300 10248 wbengine - ok 22:19:25.0382 10248 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 22:19:25.0397 10248 WbioSrvc - ok 22:19:25.0414 10248 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 22:19:25.0443 10248 wcncsvc - ok 22:19:25.0467 10248 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 22:19:25.0482 10248 WcsPlugInService - ok 22:19:25.0525 10248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys 22:19:25.0533 10248 Wd - ok 22:19:25.0575 10248 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys 22:19:25.0594 10248 WDC_SAM - ok 22:19:25.0620 10248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 22:19:25.0637 10248 Wdf01000 - ok 22:19:25.0660 10248 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 22:19:25.0697 10248 WdiServiceHost - ok 22:19:25.0699 10248 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 22:19:25.0713 10248 WdiSystemHost - ok 22:19:25.0735 10248 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 22:19:25.0772 10248 WebClient - ok 22:19:25.0780 10248 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 22:19:25.0812 10248 Wecsvc - ok 22:19:25.0836 10248 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 22:19:25.0864 10248 wercplsupport - ok 22:19:25.0903 10248 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 22:19:25.0930 10248 WerSvc - ok 22:19:25.0997 10248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 22:19:26.0023 10248 WfpLwf - ok 22:19:26.0079 10248 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys 22:19:26.0089 10248 WimFltr - ok 22:19:26.0108 10248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 22:19:26.0115 10248 WIMMount - ok 22:19:26.0167 10248 WinDefend - ok 22:19:26.0191 10248 WinHttpAutoProxySvc - ok 22:19:26.0262 10248 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 22:19:26.0291 10248 Winmgmt - ok 22:19:26.0359 10248 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 22:19:26.0410 10248 WinRM - ok 22:19:26.0547 10248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 22:19:26.0575 10248 WinUsb - ok 22:19:26.0624 10248 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 22:19:26.0666 10248 Wlansvc - ok 22:19:26.0757 10248 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 22:19:26.0763 10248 wlcrasvc - ok 22:19:26.0868 10248 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 22:19:26.0900 10248 wlidsvc - ok 22:19:27.0010 10248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys 22:19:27.0030 10248 WmiAcpi - ok 22:19:27.0098 10248 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 22:19:27.0122 10248 wmiApSrv - ok 22:19:27.0171 10248 WMPNetworkSvc - ok 22:19:27.0247 10248 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe 22:19:27.0258 10248 WMZuneComm - ok 22:19:27.0310 10248 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 22:19:27.0333 10248 WPCSvc - ok 22:19:27.0343 10248 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 22:19:27.0355 10248 WPDBusEnum - ok 22:19:27.0377 10248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 22:19:27.0403 10248 ws2ifsl - ok 22:19:27.0415 10248 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 22:19:27.0441 10248 wscsvc - ok 22:19:27.0444 10248 WSearch - ok 22:19:27.0534 10248 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll 22:19:27.0580 10248 wuauserv - ok 22:19:27.0667 10248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 22:19:27.0713 10248 WudfPf - ok 22:19:27.0746 10248 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 22:19:27.0784 10248 WUDFRd - ok 22:19:27.0819 10248 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 22:19:27.0846 10248 wudfsvc - ok 22:19:27.0859 10248 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 22:19:27.0889 10248 WwanSvc - ok 22:19:28.0137 10248 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe 22:19:28.0240 10248 ZuneNetworkSvc - ok 22:19:28.0323 10248 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe 22:19:28.0335 10248 ZuneWlanCfgSvc - ok 22:19:28.0369 10248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:19:28.0630 10248 \Device\Harddisk0\DR0 - ok 22:19:28.0633 10248 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0 22:19:28.0633 10248 \Device\Harddisk0\DR0\Partition0 - ok 22:19:28.0666 10248 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1 22:19:28.0667 10248 \Device\Harddisk0\DR0\Partition1 - ok 22:19:28.0668 10248 ============================================================ 22:19:28.0668 10248 Scan finished 22:19:28.0668 10248 ============================================================ 22:19:28.0675 14112 Detected object count: 4 22:19:28.0675 14112 Actual detected object count: 4 22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user 22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:20:13.0037 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:20:13.0038 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user 22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip ___________________________________________________ The GMER log was empty as it said that it did not find any system changes.
  5. Hi, I've already downloaded Malwarebytes Anti-Malware and although it detects the trojan and prompts me to restart, the trojan keeps recurring in groups of 3 instances. I have already uninstalled utorrent and posted the log of the quick scan below: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 alex :: HOMESERVER [limited] 6/17/2012 11:13:42 PM mbam-log-2012-06-17 (23-13-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 182014 Time elapsed: 2 minute(s), 53 second(s) Memory Processes Detected: 1 C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> 11388 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\alex\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully. Files Detected: 9 C:\$Recycle.Bin\S-1-5-21-3863715708-3900006494-3946961991-1009\$RNN7OX8.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\yuantaoli\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully. C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> Delete on reboot. (end) Thanks in advance!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.