Radiish
-
Posts
5 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Radiish
-
-
I believe that when I switch user accounts on my computer, the threat doesn't affect the other accounts? I malware scanned while on the other user accounts for my computer and no malicious threats came up. Am I safe to use these other accounts? I don't use this computer for any financial or important things, only gaming.
-
OTL logfile created on: 6/19/2012 8:50:19 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free
11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS
Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/06/18 23:07:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Downloads\OTL.exe
PRC - [2012/06/11 15:11:43 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\alex\AppData\Roaming\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/18 03:32:59 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1cb5f5d54ef9b24b90a51b006181fe71\IAStorUtil.ni.dll
MOD - [2012/06/18 03:29:02 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/18 03:28:55 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2012/05/10 21:26:16 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll
MOD - [2012/05/10 20:58:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 20:58:00 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/10 20:57:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/10 20:57:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/10 20:57:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/10 20:56:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/15 20:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®
SRV:64bit: - [2011/09/15 20:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/09/15 20:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®
SRV:64bit: - [2011/09/15 11:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®
SRV:64bit: - [2010/11/11 16:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:64bit: - [2010/11/11 16:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:64bit: - [2010/11/11 15:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/04/27 11:27:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/18 04:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/02 17:16:19 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4:64bit: - HKLM..\RunOnce: [*Restore] C:\windows\SysNative\rstrui.exe (Microsoft Corporation) ??? <moderator highlight>
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E61C7727-9135-4FA6-A469-5E0F8D1A2667}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F10BFBDE-BDBA-4FB4-8492-A45048F6E38E}: DhcpNameServer = 192.168.0.141 12.127.16.67
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/06/18 22:21:48 | 000,000,000 | ---D | C] -- C:\ARK
[2012/06/18 22:12:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/06/18 22:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/06/18 22:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/06/18 03:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/06/18 03:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/06/18 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/06/18 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/06/18 03:00:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/06/18 03:00:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/06/18 03:00:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/06/18 03:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/06/18 03:00:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/06/18 03:00:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/06/18 03:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/06/18 03:00:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/06/18 03:00:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/06/18 01:30:59 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\jagexcache
[2012/06/18 01:30:12 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\EpicBot
[2012/06/17 23:14:22 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\Vindictus
[2012/06/17 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\Malwarebytes
[2012/06/17 22:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/17 22:53:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/06/17 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/17 22:17:34 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2012/06/17 22:17:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2012/06/17 22:16:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll
[2012/06/17 22:16:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll
[2012/06/17 22:16:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe
[2012/06/17 22:16:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/06/17 22:16:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/06/17 22:16:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/06/17 22:16:02 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll
[2012/06/17 22:15:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2012/06/17 20:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft
[2012/06/17 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012/06/17 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus
[2012/06/17 10:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012/06/14 03:38:21 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\Google
[2012/06/14 03:38:19 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\CRE
[2012/06/08 16:56:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/08 16:56:37 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/08 16:56:37 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/08 16:56:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/08 16:56:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/08 16:56:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/08 16:56:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/08 16:56:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2012/06/06 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\ElevatedDiagnostics
[2012/06/03 22:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/06/03 22:58:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll
[2012/06/03 22:58:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/06/03 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/25 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2
========== Files - Modified Within 30 Days ==========
[2012/06/19 20:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/06/19 19:59:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009UA.job
[2012/06/19 18:06:23 | 002,248,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/06/19 18:06:23 | 000,769,264 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/06/19 18:06:23 | 000,509,124 | ---- | M] () -- C:\windows\SysNative\prfh0404.dat
[2012/06/19 18:06:23 | 000,492,022 | ---- | M] () -- C:\windows\SysNative\prfh0804.dat
[2012/06/19 18:06:23 | 000,165,854 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/06/19 18:06:23 | 000,163,714 | ---- | M] () -- C:\windows\SysNative\prfc0804.dat
[2012/06/19 18:06:23 | 000,158,800 | ---- | M] () -- C:\windows\SysNative\prfc0404.dat
[2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012/06/19 18:04:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/06/18 22:17:42 | 000,000,512 | ---- | M] () -- C:\Users\yuantaoli\Desktop\MBR.dat
[2012/06/18 22:11:39 | 000,000,935 | ---- | M] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk
[2012/06/18 22:11:39 | 000,000,916 | ---- | M] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk
[2012/06/18 21:59:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009Core.job
[2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/18 17:12:24 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/18 03:27:09 | 000,418,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/06/18 01:30:59 | 000,000,048 | ---- | M] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat
[2012/06/17 22:53:39 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
========== Files Created - No Company Name ==========
[2012/06/18 22:17:42 | 000,000,512 | ---- | C] () -- C:\Users\yuantaoli\Desktop\MBR.dat
[2012/06/18 22:11:39 | 000,000,935 | ---- | C] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk
[2012/06/18 22:11:39 | 000,000,916 | ---- | C] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk
[2012/06/18 01:30:59 | 000,000,048 | ---- | C] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat
[2012/06/17 22:53:39 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/31 20:33:27 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/01/31 20:33:27 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/01/31 20:33:26 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/01/31 20:33:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/01/31 20:33:25 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/01/31 19:07:28 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/01/31 19:02:34 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/16 16:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/16 16:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/16 16:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/16 16:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/11/16 16:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/11/16 16:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/16 16:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/16 16:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/16 15:25:01 | 002,291,324 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll
[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll
========== LOP Check ==========
[2012/05/10 23:57:04 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Dropbox
[2012/04/13 22:55:17 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Leadertech
[2012/05/18 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient
[2012/05/25 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2
[2012/05/12 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\ooVoo Details
[2012/05/07 16:49:49 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2009/07/14 01:08:49 | 000,012,930 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 6/19/2012 8:50:19 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free
11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS
Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1EDD092A-B2AC-4CA4-AD9A-B5C551D4E256}" = lport=57044 | protocol=6 | dir=in | name=pando media booster |
"{3C346DE0-5F39-492D-875A-02EFEFAB1E04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{647F61C1-BD51-4328-B496-01DB7CC204D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{89EA3FCA-040A-4FD3-B3FA-A5422E021A68}" = lport=57044 | protocol=6 | dir=in | name=pando media booster |
"{CE4B5B3B-2CE2-42EA-AAE7-6DA8155E80BB}" = lport=57044 | protocol=17 | dir=in | name=pando media booster |
"{D0D4CD9A-1A90-4E7C-B80E-773920D5A227}" = lport=57044 | protocol=17 | dir=in | name=pando media booster |
"{D28ADBA5-F423-40C0-8CE1-A6BFFBFAC6CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DCD9AD-1EFD-416A-9162-45811EC2C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{0A02483D-EE21-4D34-A539-D2C29045E149}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{12653244-317A-4B8C-80E8-9B1B246F62E0}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{14A81F58-4A2B-4D50-A1F7-D19EEC628AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1DAED06C-D67A-4644-BFDB-4FD5327C0598}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{20A3AAAA-E4D4-4385-B7B1-6ABA083DDFBA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{2392A503-7129-452A-A081-911F890EFC60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{2E237CFF-76A4-4ABA-ACAD-88D001B20565}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{31619217-BDBC-4572-A71D-A520CF454D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A3161F4-23ED-4145-9232-079E0233DC0D}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{4B2903F2-AF0A-4234-ACC8-1771AB85EFF8}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{4BAB8250-75AB-40FB-8669-2E57682B8504}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{591C19BA-7B95-4B13-B01D-C51B28F0687B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6CD49074-6A92-476B-BA69-EBC292B3A479}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{7144C8E2-4057-44BC-95C9-88FED728D28E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AEBB167-9306-4EE6-A1A9-5CDA815E9B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{804F7894-9243-4E24-8D22-54C0F5B7E199}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{8A3F1BAF-9510-401B-B01F-B09FD3719C8B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{915E5F8E-B18C-459F-9F60-05311467EAA3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B3C6CD17-3F0D-4722-AF2E-AF44856B20B5}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"{B74F2D77-30A1-41DC-90AE-086BBB1AA96B}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{BCCB16CE-07E9-4B73-ADA9-DF0734F74AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BD5A373B-71B1-4393-97D9-1CEE3264B622}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{E1670D38-BE75-4829-8153-4372905CD06C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{E1F1EAF1-93F6-4A83-8772-37496A03FC0C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{E5011B55-D104-40A6-B833-EEAEA15FA834}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F9EDF161-3B0E-488E-9234-FD9AC6D98938}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{03501815-C6CA-4D6F-A56A-973BB5E35D37}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{78C76519-18D9-4B36-AC77-453AE19817E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{C583ABEC-69F1-4D86-9FFF-0180EA037A9A}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{20778B9C-8ABA-4505-8F39-FEF1EBDB4C15}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"UDP Query User{38E794EF-D6D3-4E36-A5C7-514D4210A4FF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{4D2EA545-969F-47FD-B1F1-9CB09CFB3C0F}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1330309E-64D3-43F4-AA18-BC856182B5DB}" = SQL Server 2008 R2 BI Development Studio
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files
"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel® PROSet/Wireless WiFi Software
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools
"{312E8540-0799-45D5-A02E-DFB8FCA93CCA}" = SQL Server 2008 R2 BI Development Studio
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio
"{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 Integration Services
"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared
"{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 Integration Services
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0
"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"ProInst" = Intel PROSet Wireless
"WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit)
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK
"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3612B0B9-F731-4B94-9356-E224AC552801}" = Dell Digital Delivery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi
"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-2052-0000-7760-000000000005}" = Adobe Acrobat X Pro - ChineseS
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Dell Webcam Central" = Dell Webcam Central
"ERUNT_is1" = ERUNT 1.1j
"InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1
Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal
-- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown
Structed Exception Stack Trace: stack trace functionality is not implemented for
64 bit.(end stack trace)
Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1
Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal
-- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_5.dmp
Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1
Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal
-- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown
Structed Exception Stack Trace: stack trace functionality is not implemented for
64 bit.(end stack trace)
Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1
Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal
-- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_6.dmp
Error - 5/5/2012 10:43:43 AM | Computer Name = HomeServer | Source = Application Hang | ID = 1002
Description = The program CivilizationV_DX11.exe version 1.0.1.348 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 440c Start
Time: 01cd2acd37ee0f6b Termination Time: 10 Application Path: E:\Civilization V\CivilizationV_DX11.exe
Report
Id: 9f04c2df-96c0-11e1-b77b-4ceb4204a4b0
Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1000
Description = Faulting application name: DragonAge2.exe, version: 1.0.5174.0, time
stamp: 0x4d4b03e5 Faulting module name: PhysXCore.dll, version: 2.8.4.4, time stamp:
0x4cf3f39e Exception code: 0xc0000006 Fault offset: 0x0010a550 Faulting process id:
0x2f68 Faulting application start time: 0x01cd2c5af0b799ee Faulting application path:
E:\Dragon Age 2\bin_ship\DragonAge2.exe Faulting module path: E:\Dragon Age 2\bin_ship\PhysXCore.dll
Report
Id: 541153fa-984e-11e1-b77b-4ceb4204a4b0
Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Dragon Age II because of this error. Program: Dragon Age II File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: C000026E
Disk
type: 0
Error - 5/9/2012 5:13:05 PM | Computer Name = HomeServer | Source = Windows Search Service | ID = 3007
Description =
Error - 5/9/2012 7:34:06 PM | Computer Name = HomeServer | Source = Application Error | ID = 1000
Description = Faulting application name: STacSV64.exe, version: 1.0.6324.0, time
stamp: 0x4d3e867e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec4aa8e Exception code: 0xc000000d Fault offset: 0x00000000000737e2 Faulting
process id: 0x2d0 Faulting application start time: 0x01cd266e09e8a664 Faulting application
path: C:\Program Files\IDT\WDM\STacSV64.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
Id: 77606d48-9a2f-11e1-b77b-4ceb4204a4b0
Error - 5/10/2012 8:55:37 PM | Computer Name = HomeServer | Source = WinMgmt | ID = 10
Description =
[ Dell Events ]
Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.
[ System Events ]
Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.
Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\DR6.
Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
Server Integration Services 10.0 service to connect.
Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000
Description = The SQL Server Integration Services 10.0 service failed to start due
to the following error: %%1053
Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the SQL
Server Reporting Services (MSSQLSERVER) service to connect.
Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000
Description = The SQL Server Reporting Services (MSSQLSERVER) service failed to
start due to the following error: %%1053
Error - 5/25/2012 10:44:35 AM | Computer Name = HomeServer | Source = DCOM | ID = 10010
Description =
Error - 5/31/2012 3:11:09 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010
Description =
Error - 6/5/2012 12:55:41 PM | Computer Name = HomeServer | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.0.200
with the system having network hardware address 00-26-22-3A-B9-28. Network operations
on this system may be disrupted as a result.
Error - 6/8/2012 4:44:42 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010
Description =
< End of report >
Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.0
Java™ 7 Update 4
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
-
Here are the logs:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-18 22:16:44
-----------------------------
22:16:44.876 OS Version: Windows x64 6.1.7601 Service Pack 1
22:16:44.876 Number of processors: 8 586 0x2A07
22:16:44.876 ComputerName: HOMESERVER UserName: yuantaoli
22:16:45.454 Initialize success
22:16:59.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:16:59.651 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3
22:16:59.685 Disk 0 MBR read successfully
22:16:59.687 Disk 0 MBR scan
22:16:59.688 Disk 0 Windows 7 default MBR code
22:16:59.692 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
22:16:59.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
22:16:59.716 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
22:16:59.724 Disk 0 scanning C:\windows\system32\drivers
22:17:04.901 Service scanning
22:17:23.376 Modules scanning
22:17:23.381 Scan finished successfully
22:17:42.669 Disk 0 MBR has been saved successfully to "C:\Users\yuantaoli\Desktop\MBR.dat"
22:17:42.670 The log file has been saved successfully to "C:\Users\yuantaoli\Desktop\aswMBR.txt"
___________________________________________________
22:18:30.0763 6860 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
22:18:31.0048 6860 ============================================================
22:18:31.0048 6860 Current date / time: 2012/06/18 22:18:31.0048
22:18:31.0048 6860 SystemInfo:
22:18:31.0048 6860
22:18:31.0048 6860 OS Version: 6.1.7601 ServicePack: 1.0
22:18:31.0048 6860 Product type: Workstation
22:18:31.0048 6860 ComputerName: HOMESERVER
22:18:31.0048 6860 UserName: yuantaoli
22:18:31.0049 6860 Windows directory: C:\windows
22:18:31.0049 6860 System windows directory: C:\windows
22:18:31.0049 6860 Running under WOW64
22:18:31.0049 6860 Processor architecture: Intel x64
22:18:31.0049 6860 Number of processors: 8
22:18:31.0049 6860 Page size: 0x1000
22:18:31.0049 6860 Boot type: Normal boot
22:18:31.0049 6860 ============================================================
22:18:31.0404 6860 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:18:31.0408 6860 ============================================================
22:18:31.0408 6860 \Device\Harddisk0\DR0:
22:18:31.0410 6860 MBR partitions:
22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
22:18:31.0410 6860 ============================================================
22:18:31.0521 6860 C: <-> \Device\Harddisk0\DR0\Partition1
22:18:31.0521 6860 ============================================================
22:18:31.0521 6860 Initialize success
22:18:31.0521 6860 ============================================================
22:18:54.0326 10248 ============================================================
22:18:54.0326 10248 Scan started
22:18:54.0326 10248 Mode: Manual; SigCheck; TDLFS;
22:18:54.0326 10248 ============================================================
22:18:54.0614 10248 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:18:54.0659 10248 1394ohci - ok
22:18:54.0700 10248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:18:54.0712 10248 ACPI - ok
22:18:54.0726 10248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:18:54.0753 10248 AcpiPmi - ok
22:18:54.0866 10248 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:18:54.0875 10248 AdobeFlashPlayerUpdateSvc - ok
22:18:54.0920 10248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:18:54.0935 10248 adp94xx - ok
22:18:54.0982 10248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:18:54.0995 10248 adpahci - ok
22:18:55.0002 10248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:18:55.0011 10248 adpu320 - ok
22:18:55.0043 10248 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:18:55.0090 10248 AeLookupSvc - ok
22:18:55.0193 10248 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
22:18:55.0220 10248 AESTFilters - ok
22:18:55.0287 10248 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:18:55.0317 10248 AFD - ok
22:18:55.0379 10248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:18:55.0387 10248 agp440 - ok
22:18:55.0433 10248 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:18:55.0477 10248 ALG - ok
22:18:55.0506 10248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:18:55.0513 10248 aliide - ok
22:18:55.0516 10248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:18:55.0523 10248 amdide - ok
22:18:55.0557 10248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:18:55.0574 10248 AmdK8 - ok
22:18:55.0578 10248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:18:55.0593 10248 AmdPPM - ok
22:18:55.0627 10248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:18:55.0635 10248 amdsata - ok
22:18:55.0641 10248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:18:55.0652 10248 amdsbs - ok
22:18:55.0664 10248 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:18:55.0671 10248 amdxata - ok
22:18:55.0724 10248 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys
22:18:55.0766 10248 AMPPAL - ok
22:18:55.0769 10248 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys
22:18:55.0778 10248 AMPPALP - ok
22:18:55.0898 10248 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
22:18:55.0922 10248 AMPPALR3 - ok
22:18:56.0073 10248 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
22:18:56.0086 10248 ApfiltrService - ok
22:18:56.0143 10248 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:18:56.0208 10248 AppID - ok
22:18:56.0235 10248 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:18:56.0279 10248 AppIDSvc - ok
22:18:56.0299 10248 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:18:56.0339 10248 Appinfo - ok
22:18:56.0405 10248 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
22:18:56.0455 10248 AppMgmt - ok
22:18:56.0489 10248 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:18:56.0497 10248 arc - ok
22:18:56.0508 10248 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:18:56.0517 10248 arcsas - ok
22:18:56.0639 10248 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:18:56.0645 10248 aspnet_state - ok
22:18:56.0684 10248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:18:56.0724 10248 AsyncMac - ok
22:18:56.0768 10248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:18:56.0775 10248 atapi - ok
22:18:56.0826 10248 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:18:56.0881 10248 AudioEndpointBuilder - ok
22:18:56.0886 10248 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:18:56.0917 10248 AudioSrv - ok
22:18:56.0953 10248 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:18:56.0988 10248 AxInstSV - ok
22:18:57.0059 10248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:18:57.0106 10248 b06bdrv - ok
22:18:57.0143 10248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:18:57.0170 10248 b57nd60a - ok
22:18:57.0321 10248 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
22:18:57.0331 10248 BBSvc - ok
22:18:57.0380 10248 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
22:18:57.0390 10248 BBUpdate - ok
22:18:57.0446 10248 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:18:57.0495 10248 BDESVC - ok
22:18:57.0533 10248 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:18:57.0578 10248 Beep - ok
22:18:57.0632 10248 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:18:57.0679 10248 BFE - ok
22:18:57.0730 10248 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
22:18:57.0783 10248 BITS - ok
22:18:57.0846 10248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
22:18:57.0868 10248 blbdrive - ok
22:18:58.0002 10248 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
22:18:58.0042 10248 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
22:18:58.0042 10248 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
22:18:58.0083 10248 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
22:18:58.0124 10248 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
22:18:58.0124 10248 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
22:18:58.0163 10248 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
22:18:58.0205 10248 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
22:18:58.0205 10248 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
22:18:58.0322 10248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:18:58.0353 10248 bowser - ok
22:18:58.0398 10248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:18:58.0427 10248 BrFiltLo - ok
22:18:58.0429 10248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:18:58.0463 10248 BrFiltUp - ok
22:18:58.0523 10248 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:18:58.0566 10248 Browser - ok
22:18:58.0585 10248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:18:58.0627 10248 Brserid - ok
22:18:58.0631 10248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:18:58.0659 10248 BrSerWdm - ok
22:18:58.0687 10248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:18:58.0711 10248 BrUsbMdm - ok
22:18:58.0719 10248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:18:58.0743 10248 BrUsbSer - ok
22:18:58.0773 10248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
22:18:58.0794 10248 BthEnum - ok
22:18:58.0822 10248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
22:18:58.0851 10248 BTHMODEM - ok
22:18:58.0885 10248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
22:18:58.0911 10248 BthPan - ok
22:18:58.0937 10248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
22:18:58.0952 10248 BTHPORT - ok
22:18:58.0994 10248 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:18:59.0020 10248 bthserv - ok
22:18:59.0094 10248 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
22:18:59.0102 10248 BTHSSecurityMgr - ok
22:18:59.0134 10248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
22:18:59.0165 10248 BTHUSB - ok
22:18:59.0198 10248 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
22:18:59.0216 10248 btmaudio - ok
22:18:59.0250 10248 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
22:18:59.0273 10248 btmaux - ok
22:18:59.0312 10248 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys
22:18:59.0343 10248 btmhsf - ok
22:18:59.0401 10248 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:18:59.0445 10248 cdfs - ok
22:18:59.0491 10248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:18:59.0514 10248 cdrom - ok
22:18:59.0565 10248 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:18:59.0607 10248 CertPropSvc - ok
22:18:59.0633 10248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:18:59.0662 10248 circlass - ok
22:18:59.0697 10248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:18:59.0710 10248 CLFS - ok
22:18:59.0798 10248 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:18:59.0805 10248 clr_optimization_v2.0.50727_32 - ok
22:18:59.0857 10248 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:18:59.0863 10248 clr_optimization_v2.0.50727_64 - ok
22:18:59.0947 10248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:18:59.0954 10248 clr_optimization_v4.0.30319_32 - ok
22:18:59.0997 10248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:19:00.0020 10248 clr_optimization_v4.0.30319_64 - ok
22:19:00.0064 10248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
22:19:00.0087 10248 CmBatt - ok
22:19:00.0102 10248 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:19:00.0109 10248 cmdide - ok
22:19:00.0162 10248 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
22:19:00.0181 10248 CNG - ok
22:19:00.0229 10248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:19:00.0236 10248 Compbatt - ok
22:19:00.0274 10248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
22:19:00.0304 10248 CompositeBus - ok
22:19:00.0332 10248 COMSysApp - ok
22:19:00.0355 10248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:19:00.0363 10248 crcdisk - ok
22:19:00.0389 10248 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:19:00.0400 10248 CryptSvc - ok
22:19:00.0461 10248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
22:19:00.0515 10248 CSC - ok
22:19:00.0574 10248 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
22:19:00.0607 10248 CscService - ok
22:19:00.0678 10248 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys
22:19:00.0703 10248 CtClsFlt - ok
22:19:00.0751 10248 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
22:19:00.0757 10248 dc3d - ok
22:19:00.0808 10248 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:19:00.0856 10248 DcomLaunch - ok
22:19:00.0905 10248 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:19:00.0952 10248 defragsvc - ok
22:19:01.0073 10248 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
22:19:01.0098 10248 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
22:19:01.0098 10248 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
22:19:01.0127 10248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:19:01.0167 10248 DfsC - ok
22:19:01.0213 10248 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:19:01.0259 10248 Dhcp - ok
22:19:01.0280 10248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:19:01.0320 10248 discache - ok
22:19:01.0361 10248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:19:01.0368 10248 Disk - ok
22:19:01.0402 10248 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:19:01.0448 10248 Dnscache - ok
22:19:01.0456 10248 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:19:01.0498 10248 dot3svc - ok
22:19:01.0504 10248 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:19:01.0537 10248 DPS - ok
22:19:01.0626 10248 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:19:01.0653 10248 drmkaud - ok
22:19:01.0702 10248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
22:19:01.0724 10248 DXGKrnl - ok
22:19:01.0761 10248 EagleX64 - ok
22:19:01.0801 10248 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:19:01.0844 10248 EapHost - ok
22:19:01.0943 10248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:19:02.0001 10248 ebdrv - ok
22:19:02.0085 10248 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:19:02.0130 10248 EFS - ok
22:19:02.0199 10248 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:19:02.0250 10248 ehRecvr - ok
22:19:02.0317 10248 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:19:02.0347 10248 ehSched - ok
22:19:02.0441 10248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:19:02.0457 10248 elxstor - ok
22:19:02.0461 10248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:19:02.0491 10248 ErrDev - ok
22:19:02.0532 10248 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:19:02.0580 10248 EventSystem - ok
22:19:02.0728 10248 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:19:02.0751 10248 EvtEng - ok
22:19:02.0874 10248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:19:02.0902 10248 exfat - ok
22:19:02.0918 10248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:19:02.0957 10248 fastfat - ok
22:19:03.0020 10248 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:19:03.0073 10248 Fax - ok
22:19:03.0120 10248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:19:03.0150 10248 fdc - ok
22:19:03.0181 10248 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:19:03.0227 10248 fdPHost - ok
22:19:03.0245 10248 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:19:03.0288 10248 FDResPub - ok
22:19:03.0316 10248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:19:03.0324 10248 FileInfo - ok
22:19:03.0334 10248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:19:03.0379 10248 Filetrace - ok
22:19:03.0412 10248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:19:03.0420 10248 flpydisk - ok
22:19:03.0429 10248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:19:03.0440 10248 FltMgr - ok
22:19:03.0484 10248 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:19:03.0540 10248 FontCache - ok
22:19:03.0634 10248 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:19:03.0640 10248 FontCache3.0.0.0 - ok
22:19:03.0701 10248 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:19:03.0709 10248 FsDepends - ok
22:19:03.0730 10248 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:19:03.0737 10248 Fs_Rec - ok
22:19:03.0777 10248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:19:03.0790 10248 fvevol - ok
22:19:03.0826 10248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:19:03.0834 10248 gagp30kx - ok
22:19:03.0876 10248 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:19:03.0911 10248 gpsvc - ok
22:19:03.0963 10248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:19:04.0003 10248 hcw85cir - ok
22:19:04.0042 10248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:19:04.0074 10248 HdAudAddService - ok
22:19:04.0113 10248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
22:19:04.0145 10248 HDAudBus - ok
22:19:04.0148 10248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:19:04.0159 10248 HidBatt - ok
22:19:04.0164 10248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:19:04.0178 10248 HidBth - ok
22:19:04.0181 10248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:19:04.0202 10248 HidIr - ok
22:19:04.0236 10248 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
22:19:04.0276 10248 hidserv - ok
22:19:04.0332 10248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:19:04.0341 10248 HidUsb - ok
22:19:04.0377 10248 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:19:04.0425 10248 hkmsvc - ok
22:19:04.0459 10248 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:19:04.0507 10248 HomeGroupListener - ok
22:19:04.0552 10248 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:19:04.0576 10248 HomeGroupProvider - ok
22:19:04.0602 10248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:19:04.0610 10248 HpSAMD - ok
22:19:04.0648 10248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:19:04.0682 10248 HTTP - ok
22:19:04.0695 10248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:19:04.0703 10248 hwpolicy - ok
22:19:04.0736 10248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
22:19:04.0744 10248 i8042prt - ok
22:19:04.0789 10248 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
22:19:04.0801 10248 iaStor - ok
22:19:04.0919 10248 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
22:19:04.0925 10248 IAStorDataMgrSvc - ok
22:19:04.0965 10248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:19:04.0979 10248 iaStorV - ok
22:19:05.0021 10248 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys
22:19:05.0045 10248 iBtFltCoex - ok
22:19:05.0166 10248 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:19:05.0182 10248 idsvc - ok
22:19:05.0453 10248 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
22:19:05.0693 10248 igfx - ok
22:19:05.0816 10248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:19:05.0824 10248 iirsp - ok
22:19:05.0861 10248 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:19:05.0912 10248 IKEEXT - ok
22:19:05.0966 10248 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
22:19:05.0973 10248 intaud_WaveExtensible - ok
22:19:06.0028 10248 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:19:06.0056 10248 IntcDAud - ok
22:19:06.0093 10248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:19:06.0100 10248 intelide - ok
22:19:06.0149 10248 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:19:06.0169 10248 intelppm - ok
22:19:06.0207 10248 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:19:06.0246 10248 IPBusEnum - ok
22:19:06.0250 10248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:19:06.0289 10248 IpFilterDriver - ok
22:19:06.0317 10248 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:19:06.0372 10248 iphlpsvc - ok
22:19:06.0378 10248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:19:06.0405 10248 IPMIDRV - ok
22:19:06.0441 10248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:19:06.0482 10248 IPNAT - ok
22:19:06.0512 10248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:19:06.0524 10248 IRENUM - ok
22:19:06.0542 10248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:19:06.0549 10248 isapnp - ok
22:19:06.0575 10248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:19:06.0586 10248 iScsiPrt - ok
22:19:06.0635 10248 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
22:19:06.0641 10248 iwdbus - ok
22:19:06.0647 10248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:19:06.0655 10248 kbdclass - ok
22:19:06.0680 10248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:19:06.0702 10248 kbdhid - ok
22:19:06.0744 10248 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:06.0752 10248 KeyIso - ok
22:19:06.0768 10248 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
22:19:06.0777 10248 KSecDD - ok
22:19:06.0792 10248 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
22:19:06.0802 10248 KSecPkg - ok
22:19:06.0826 10248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:19:06.0873 10248 ksthunk - ok
22:19:06.0909 10248 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:19:06.0950 10248 KtmRm - ok
22:19:06.0995 10248 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
22:19:07.0041 10248 LanmanServer - ok
22:19:07.0076 10248 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:19:07.0126 10248 LanmanWorkstation - ok
22:19:07.0170 10248 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:19:07.0214 10248 lltdio - ok
22:19:07.0255 10248 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:19:07.0303 10248 lltdsvc - ok
22:19:07.0320 10248 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:19:07.0346 10248 lmhosts - ok
22:19:07.0451 10248 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
22:19:07.0460 10248 LMS - ok
22:19:07.0499 10248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:19:07.0508 10248 LSI_FC - ok
22:19:07.0547 10248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:19:07.0556 10248 LSI_SAS - ok
22:19:07.0560 10248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:19:07.0568 10248 LSI_SAS2 - ok
22:19:07.0573 10248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:19:07.0582 10248 LSI_SCSI - ok
22:19:07.0599 10248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:19:07.0645 10248 luafv - ok
22:19:07.0677 10248 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:19:07.0705 10248 Mcx2Svc - ok
22:19:07.0708 10248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:19:07.0716 10248 megasas - ok
22:19:07.0735 10248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:19:07.0746 10248 MegaSR - ok
22:19:07.0797 10248 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
22:19:07.0803 10248 MEIx64 - ok
22:19:07.0893 10248 Microsoft SharePoint Workspace Audit Service - ok
22:19:07.0918 10248 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:19:07.0965 10248 MMCSS - ok
22:19:07.0986 10248 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:19:08.0035 10248 Modem - ok
22:19:08.0090 10248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:19:08.0121 10248 monitor - ok
22:19:08.0180 10248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:19:08.0188 10248 mouclass - ok
22:19:08.0229 10248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:19:08.0255 10248 mouhid - ok
22:19:08.0311 10248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:19:08.0319 10248 mountmgr - ok
22:19:08.0372 10248 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
22:19:08.0383 10248 MpFilter - ok
22:19:08.0419 10248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:19:08.0429 10248 mpio - ok
22:19:08.0444 10248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:19:08.0470 10248 mpsdrv - ok
22:19:08.0510 10248 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:19:08.0564 10248 MpsSvc - ok
22:19:08.0588 10248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:19:08.0615 10248 MRxDAV - ok
22:19:08.0646 10248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:19:08.0667 10248 mrxsmb - ok
22:19:08.0675 10248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:19:08.0686 10248 mrxsmb10 - ok
22:19:08.0691 10248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:19:08.0700 10248 mrxsmb20 - ok
22:19:08.0710 10248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
22:19:08.0718 10248 msahci - ok
22:19:08.0731 10248 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:19:08.0741 10248 msdsm - ok
22:19:08.0766 10248 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:19:08.0794 10248 MSDTC - ok
22:19:08.0924 10248 MsDtsServer100 (7d0ac2859eeaccc5bd038b8cddcaff62) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
22:19:08.0932 10248 MsDtsServer100 - ok
22:19:08.0951 10248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:19:08.0977 10248 Msfs - ok
22:19:08.0992 10248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:19:09.0032 10248 mshidkmdf - ok
22:19:09.0047 10248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:19:09.0055 10248 msisadrv - ok
22:19:09.0114 10248 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:19:09.0142 10248 MSiSCSI - ok
22:19:09.0145 10248 msiserver - ok
22:19:09.0189 10248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:19:09.0233 10248 MSKSSRV - ok
22:19:09.0332 10248 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:19:09.0339 10248 MsMpSvc - ok
22:19:09.0353 10248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:19:09.0394 10248 MSPCLOCK - ok
22:19:09.0408 10248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:19:09.0433 10248 MSPQM - ok
22:19:09.0453 10248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:19:09.0466 10248 MsRPC - ok
22:19:09.0506 10248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
22:19:09.0514 10248 mssmbios - ok
22:19:09.0557 10248 MSSQLSERVER - ok
22:19:09.0629 10248 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
22:19:09.0635 10248 MSSQLServerADHelper100 - ok
22:19:09.0661 10248 MSSQLServerOLAPService - ok
22:19:09.0696 10248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:19:09.0746 10248 MSTEE - ok
22:19:09.0764 10248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:19:09.0785 10248 MTConfig - ok
22:19:09.0809 10248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:19:09.0817 10248 Mup - ok
22:19:09.0903 10248 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:19:09.0913 10248 MyWiFiDHCPDNS - ok
22:19:09.0953 10248 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:19:10.0004 10248 napagent - ok
22:19:10.0044 10248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:19:10.0078 10248 NativeWifiP - ok
22:19:10.0125 10248 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
22:19:10.0147 10248 NDIS - ok
22:19:10.0192 10248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:19:10.0218 10248 NdisCap - ok
22:19:10.0277 10248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:19:10.0303 10248 NdisTapi - ok
22:19:10.0332 10248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:19:10.0368 10248 Ndisuio - ok
22:19:10.0405 10248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:19:10.0448 10248 NdisWan - ok
22:19:10.0469 10248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:19:10.0495 10248 NDProxy - ok
22:19:10.0525 10248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:19:10.0566 10248 NetBIOS - ok
22:19:10.0587 10248 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:19:10.0636 10248 NetBT - ok
22:19:10.0682 10248 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:10.0690 10248 Netlogon - ok
22:19:10.0753 10248 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:19:10.0800 10248 Netman - ok
22:19:10.0907 10248 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:10.0914 10248 NetMsmqActivator - ok
22:19:10.0937 10248 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:10.0944 10248 NetPipeActivator - ok
22:19:10.0986 10248 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:19:11.0034 10248 netprofm - ok
22:19:11.0036 10248 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:11.0043 10248 NetTcpActivator - ok
22:19:11.0045 10248 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:19:11.0052 10248 NetTcpPortSharing - ok
22:19:11.0280 10248 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys
22:19:11.0459 10248 NETwNs64 - ok
22:19:11.0586 10248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:19:11.0594 10248 nfrd960 - ok
22:19:11.0651 10248 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:19:11.0658 10248 NisDrv - ok
22:19:11.0731 10248 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:19:11.0742 10248 NisSrv - ok
22:19:11.0786 10248 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:19:11.0836 10248 NlaSvc - ok
22:19:11.0983 10248 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
22:19:12.0021 10248 NOBU - ok
22:19:12.0115 10248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:19:12.0142 10248 Npfs - ok
22:19:12.0169 10248 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:19:12.0215 10248 nsi - ok
22:19:12.0233 10248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:19:12.0259 10248 nsiproxy - ok
22:19:12.0307 10248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:19:12.0340 10248 Ntfs - ok
22:19:12.0440 10248 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:19:12.0486 10248 Null - ok
22:19:12.0518 10248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:19:12.0527 10248 nvraid - ok
22:19:12.0554 10248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:19:12.0563 10248 nvstor - ok
22:19:12.0580 10248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:19:12.0589 10248 nv_agp - ok
22:19:12.0593 10248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:19:12.0610 10248 ohci1394 - ok
22:19:12.0692 10248 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:19:12.0699 10248 ose - ok
22:19:12.0860 10248 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:19:12.0925 10248 osppsvc - ok
22:19:13.0045 10248 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:19:13.0089 10248 p2pimsvc - ok
22:19:13.0112 10248 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:19:13.0127 10248 p2psvc - ok
22:19:13.0174 10248 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:19:13.0183 10248 Parport - ok
22:19:13.0216 10248 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:19:13.0225 10248 partmgr - ok
22:19:13.0255 10248 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:19:13.0283 10248 PcaSvc - ok
22:19:13.0318 10248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:19:13.0328 10248 pci - ok
22:19:13.0367 10248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
22:19:13.0375 10248 pciide - ok
22:19:13.0384 10248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:19:13.0395 10248 pcmcia - ok
22:19:13.0410 10248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:19:13.0418 10248 pcw - ok
22:19:13.0451 10248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:19:13.0497 10248 PEAUTH - ok
22:19:13.0595 10248 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
22:19:13.0655 10248 PeerDistSvc - ok
22:19:13.0713 10248 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:19:13.0736 10248 PerfHost - ok
22:19:13.0837 10248 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:19:13.0894 10248 pla - ok
22:19:13.0939 10248 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:19:13.0977 10248 PlugPlay - ok
22:19:14.0000 10248 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:19:14.0029 10248 PNRPAutoReg - ok
22:19:14.0066 10248 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:19:14.0077 10248 PNRPsvc - ok
22:19:14.0124 10248 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
22:19:14.0130 10248 Point64 - ok
22:19:14.0168 10248 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:19:14.0213 10248 PolicyAgent - ok
22:19:14.0243 10248 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll
22:19:14.0289 10248 Power - ok
22:19:14.0350 10248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:19:14.0389 10248 PptpMiniport - ok
22:19:14.0405 10248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:19:14.0434 10248 Processor - ok
22:19:14.0482 10248 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:19:14.0531 10248 ProfSvc - ok
22:19:14.0553 10248 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:14.0561 10248 ProtectedStorage - ok
22:19:14.0601 10248 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:19:14.0645 10248 Psched - ok
22:19:14.0714 10248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:19:14.0745 10248 ql2300 - ok
22:19:14.0833 10248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:19:14.0842 10248 ql40xx - ok
22:19:14.0865 10248 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:19:14.0882 10248 QWAVE - ok
22:19:14.0895 10248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:19:14.0923 10248 QWAVEdrv - ok
22:19:14.0943 10248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:19:14.0989 10248 RasAcd - ok
22:19:15.0031 10248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:19:15.0058 10248 RasAgileVpn - ok
22:19:15.0083 10248 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:19:15.0126 10248 RasAuto - ok
22:19:15.0161 10248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:19:15.0208 10248 Rasl2tp - ok
22:19:15.0235 10248 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:19:15.0266 10248 RasMan - ok
22:19:15.0281 10248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:19:15.0328 10248 RasPppoe - ok
22:19:15.0369 10248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:19:15.0410 10248 RasSstp - ok
22:19:15.0431 10248 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:19:15.0474 10248 rdbss - ok
22:19:15.0488 10248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
22:19:15.0515 10248 rdpbus - ok
22:19:15.0531 10248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:19:15.0574 10248 RDPCDD - ok
22:19:15.0621 10248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
22:19:15.0647 10248 RDPDR - ok
22:19:15.0687 10248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:19:15.0729 10248 RDPENCDD - ok
22:19:15.0754 10248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:19:15.0780 10248 RDPREFMP - ok
22:19:15.0841 10248 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\windows\system32\drivers\rdpvideominiport.sys
22:19:15.0885 10248 RdpVideoMiniport - ok
22:19:15.0917 10248 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:19:15.0961 10248 RDPWD - ok
22:19:16.0000 10248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:19:16.0010 10248 rdyboost - ok
22:19:16.0130 10248 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:19:16.0146 10248 RegSrvc - ok
22:19:16.0175 10248 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:19:16.0217 10248 RemoteAccess - ok
22:19:16.0256 10248 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:19:16.0285 10248 RemoteRegistry - ok
22:19:16.0425 10248 ReportServer (499556b74a1022906de888fab0389bfa) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
22:19:16.0457 10248 ReportServer - ok
22:19:16.0577 10248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
22:19:16.0601 10248 RFCOMM - ok
22:19:16.0629 10248 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:19:16.0668 10248 RpcEptMapper - ok
22:19:16.0698 10248 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:19:16.0708 10248 RpcLocator - ok
22:19:16.0727 10248 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:19:16.0756 10248 RpcSs - ok
22:19:16.0818 10248 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\windows\system32\DRIVERS\RsFx0150.sys
22:19:16.0829 10248 RsFx0150 - ok
22:19:16.0876 10248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:19:16.0903 10248 rspndr - ok
22:19:16.0969 10248 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
22:19:16.0980 10248 RSUSBSTOR - ok
22:19:17.0012 10248 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
22:19:17.0026 10248 RTL8167 - ok
22:19:17.0050 10248 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:17.0058 10248 SamSs - ok
22:19:17.0090 10248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:19:17.0098 10248 sbp2port - ok
22:19:17.0119 10248 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:19:17.0167 10248 SCardSvr - ok
22:19:17.0190 10248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:19:17.0235 10248 scfilter - ok
22:19:17.0275 10248 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:19:17.0330 10248 Schedule - ok
22:19:17.0370 10248 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:19:17.0395 10248 SCPolicySvc - ok
22:19:17.0425 10248 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:19:17.0465 10248 SDRSVC - ok
22:19:17.0536 10248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:19:17.0580 10248 secdrv - ok
22:19:17.0604 10248 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:19:17.0630 10248 seclogon - ok
22:19:17.0655 10248 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
22:19:17.0694 10248 SENS - ok
22:19:17.0731 10248 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:19:17.0786 10248 SensrSvc - ok
22:19:17.0836 10248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:19:17.0862 10248 Serenum - ok
22:19:17.0898 10248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:19:17.0931 10248 Serial - ok
22:19:17.0984 10248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:19:18.0007 10248 sermouse - ok
22:19:18.0068 10248 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:19:18.0109 10248 SessionEnv - ok
22:19:18.0113 10248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:19:18.0144 10248 sffdisk - ok
22:19:18.0147 10248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:19:18.0174 10248 sffp_mmc - ok
22:19:18.0193 10248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:19:18.0222 10248 sffp_sd - ok
22:19:18.0273 10248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:19:18.0303 10248 sfloppy - ok
22:19:18.0419 10248 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
22:19:18.0444 10248 SftService - ok
22:19:18.0567 10248 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:19:18.0598 10248 SharedAccess - ok
22:19:18.0656 10248 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:19:18.0700 10248 ShellHWDetection - ok
22:19:18.0784 10248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:19:18.0792 10248 SiSRaid2 - ok
22:19:18.0797 10248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:19:18.0805 10248 SiSRaid4 - ok
22:19:18.0919 10248 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:19:18.0926 10248 SkypeUpdate - ok
22:19:18.0964 10248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:19:19.0004 10248 Smb - ok
22:19:19.0058 10248 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:19:19.0083 10248 SNMPTRAP - ok
22:19:19.0117 10248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:19:19.0125 10248 spldr - ok
22:19:19.0147 10248 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:19:19.0180 10248 Spooler - ok
22:19:19.0268 10248 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:19:19.0387 10248 sppsvc - ok
22:19:19.0471 10248 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:19:19.0499 10248 sppuinotify - ok
22:19:19.0612 10248 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
22:19:19.0620 10248 SQLBrowser - ok
22:19:19.0735 10248 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
22:19:19.0745 10248 SQLSERVERAGENT - ok
22:19:19.0808 10248 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
22:19:19.0815 10248 SQLWriter - ok
22:19:19.0872 10248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:19:19.0906 10248 srv - ok
22:19:19.0917 10248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:19:19.0943 10248 srv2 - ok
22:19:19.0949 10248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:19:19.0958 10248 srvnet - ok
22:19:20.0010 10248 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:19:20.0055 10248 SSDPSRV - ok
22:19:20.0060 10248 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:19:20.0088 10248 SstpSvc - ok
22:19:20.0228 10248 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
22:19:20.0238 10248 STacSV - ok
22:19:20.0258 10248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:19:20.0265 10248 stexstor - ok
22:19:20.0311 10248 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
22:19:20.0346 10248 STHDA - ok
22:19:20.0406 10248 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:19:20.0426 10248 stisvc - ok
22:19:20.0444 10248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
22:19:20.0452 10248 swenum - ok
22:19:20.0487 10248 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:19:20.0541 10248 swprv - ok
22:19:20.0569 10248 Synth3dVsc - ok
22:19:20.0638 10248 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:19:20.0687 10248 SysMain - ok
22:19:20.0762 10248 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:19:20.0793 10248 TabletInputService - ok
22:19:20.0805 10248 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:19:20.0853 10248 TapiSrv - ok
22:19:20.0857 10248 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:19:20.0884 10248 TBS - ok
22:19:20.0989 10248 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:19:21.0026 10248 Tcpip - ok
22:19:21.0187 10248 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:19:21.0216 10248 TCPIP6 - ok
22:19:21.0260 10248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:19:21.0301 10248 tcpipreg - ok
22:19:21.0305 10248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:19:21.0325 10248 TDPIPE - ok
22:19:21.0356 10248 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:19:21.0383 10248 TDTCP - ok
22:19:21.0406 10248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:19:21.0433 10248 tdx - ok
22:19:21.0449 10248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
22:19:21.0457 10248 TermDD - ok
22:19:21.0497 10248 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:19:21.0548 10248 TermService - ok
22:19:21.0573 10248 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:19:21.0586 10248 Themes - ok
22:19:21.0619 10248 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:19:21.0645 10248 THREADORDER - ok
22:19:21.0693 10248 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
22:19:21.0702 10248 tihub3 - ok
22:19:21.0739 10248 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
22:19:21.0751 10248 tixhci - ok
22:19:21.0776 10248 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:19:21.0826 10248 TrkWks - ok
22:19:21.0870 10248 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:19:21.0915 10248 TrustedInstaller - ok
22:19:21.0949 10248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:19:21.0995 10248 tssecsrv - ok
22:19:22.0021 10248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:19:22.0043 10248 TsUsbFlt - ok
22:19:22.0046 10248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:19:22.0074 10248 TsUsbGD - ok
22:19:22.0076 10248 tsusbhub - ok
22:19:22.0107 10248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:19:22.0150 10248 tunnel - ok
22:19:22.0205 10248 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
22:19:22.0211 10248 TurboB - ok
22:19:22.0270 10248 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
22:19:22.0278 10248 TurboBoost - ok
22:19:22.0302 10248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:19:22.0310 10248 uagp35 - ok
22:19:22.0320 10248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:19:22.0365 10248 udfs - ok
22:19:22.0403 10248 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:19:22.0414 10248 UI0Detect - ok
22:19:22.0450 10248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:19:22.0458 10248 uliagpkx - ok
22:19:22.0502 10248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:19:22.0530 10248 umbus - ok
22:19:22.0549 10248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:19:22.0557 10248 UmPass - ok
22:19:22.0604 10248 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
22:19:22.0615 10248 UmRdpService - ok
22:19:22.0791 10248 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
22:19:22.0827 10248 UNS - ok
22:19:22.0908 10248 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:19:22.0939 10248 upnphost - ok
22:19:23.0029 10248 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
22:19:23.0053 10248 usbaudio - ok
22:19:23.0129 10248 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
22:19:23.0181 10248 usbccgp - ok
22:19:23.0222 10248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:19:23.0234 10248 usbcir - ok
22:19:23.0242 10248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
22:19:23.0271 10248 usbehci - ok
22:19:23.0327 10248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
22:19:23.0354 10248 usbhub - ok
22:19:23.0389 10248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:19:23.0411 10248 usbohci - ok
22:19:23.0450 10248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
22:19:23.0479 10248 usbprint - ok
22:19:23.0515 10248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:19:23.0563 10248 USBSTOR - ok
22:19:23.0605 10248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:19:23.0635 10248 usbuhci - ok
22:19:23.0668 10248 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:19:23.0680 10248 usbvideo - ok
22:19:23.0705 10248 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:19:23.0754 10248 UxSms - ok
22:19:23.0794 10248 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:19:23.0803 10248 VaultSvc - ok
22:19:23.0848 10248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:19:23.0855 10248 vdrvroot - ok
22:19:23.0875 10248 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:19:23.0921 10248 vds - ok
22:19:23.0957 10248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:19:23.0968 10248 vga - ok
22:19:23.0986 10248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:19:24.0029 10248 VgaSave - ok
22:19:24.0052 10248 VGPU - ok
22:19:24.0060 10248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:19:24.0070 10248 vhdmp - ok
22:19:24.0102 10248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:19:24.0109 10248 viaide - ok
22:19:24.0157 10248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:19:24.0165 10248 volmgr - ok
22:19:24.0186 10248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:19:24.0199 10248 volmgrx - ok
22:19:24.0208 10248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
22:19:24.0220 10248 volsnap - ok
22:19:24.0280 10248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:19:24.0290 10248 vsmraid - ok
22:19:24.0439 10248 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys
22:19:24.0446 10248 VSPerfDrv100 - ok
22:19:24.0509 10248 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:19:24.0585 10248 VSS - ok
22:19:24.0689 10248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:19:24.0715 10248 vwifibus - ok
22:19:24.0733 10248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:19:24.0767 10248 vwififlt - ok
22:19:24.0793 10248 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:19:24.0825 10248 vwifimp - ok
22:19:24.0866 10248 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:19:24.0918 10248 W32Time - ok
22:19:24.0957 10248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:19:24.0982 10248 WacomPen - ok
22:19:25.0020 10248 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:19:25.0064 10248 WANARP - ok
22:19:25.0066 10248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:19:25.0092 10248 Wanarpv6 - ok
22:19:25.0151 10248 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:19:25.0178 10248 WatAdminSvc - ok
22:19:25.0235 10248 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:19:25.0300 10248 wbengine - ok
22:19:25.0382 10248 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:19:25.0397 10248 WbioSrvc - ok
22:19:25.0414 10248 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:19:25.0443 10248 wcncsvc - ok
22:19:25.0467 10248 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:19:25.0482 10248 WcsPlugInService - ok
22:19:25.0525 10248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:19:25.0533 10248 Wd - ok
22:19:25.0575 10248 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
22:19:25.0594 10248 WDC_SAM - ok
22:19:25.0620 10248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:19:25.0637 10248 Wdf01000 - ok
22:19:25.0660 10248 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:19:25.0697 10248 WdiServiceHost - ok
22:19:25.0699 10248 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:19:25.0713 10248 WdiSystemHost - ok
22:19:25.0735 10248 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:19:25.0772 10248 WebClient - ok
22:19:25.0780 10248 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:19:25.0812 10248 Wecsvc - ok
22:19:25.0836 10248 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:19:25.0864 10248 wercplsupport - ok
22:19:25.0903 10248 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:19:25.0930 10248 WerSvc - ok
22:19:25.0997 10248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:19:26.0023 10248 WfpLwf - ok
22:19:26.0079 10248 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
22:19:26.0089 10248 WimFltr - ok
22:19:26.0108 10248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:19:26.0115 10248 WIMMount - ok
22:19:26.0167 10248 WinDefend - ok
22:19:26.0191 10248 WinHttpAutoProxySvc - ok
22:19:26.0262 10248 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:19:26.0291 10248 Winmgmt - ok
22:19:26.0359 10248 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:19:26.0410 10248 WinRM - ok
22:19:26.0547 10248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
22:19:26.0575 10248 WinUsb - ok
22:19:26.0624 10248 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:19:26.0666 10248 Wlansvc - ok
22:19:26.0757 10248 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:19:26.0763 10248 wlcrasvc - ok
22:19:26.0868 10248 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:19:26.0900 10248 wlidsvc - ok
22:19:27.0010 10248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
22:19:27.0030 10248 WmiAcpi - ok
22:19:27.0098 10248 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:19:27.0122 10248 wmiApSrv - ok
22:19:27.0171 10248 WMPNetworkSvc - ok
22:19:27.0247 10248 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe
22:19:27.0258 10248 WMZuneComm - ok
22:19:27.0310 10248 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:19:27.0333 10248 WPCSvc - ok
22:19:27.0343 10248 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:19:27.0355 10248 WPDBusEnum - ok
22:19:27.0377 10248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:19:27.0403 10248 ws2ifsl - ok
22:19:27.0415 10248 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
22:19:27.0441 10248 wscsvc - ok
22:19:27.0444 10248 WSearch - ok
22:19:27.0534 10248 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:19:27.0580 10248 wuauserv - ok
22:19:27.0667 10248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:19:27.0713 10248 WudfPf - ok
22:19:27.0746 10248 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:19:27.0784 10248 WUDFRd - ok
22:19:27.0819 10248 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:19:27.0846 10248 wudfsvc - ok
22:19:27.0859 10248 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:19:27.0889 10248 WwanSvc - ok
22:19:28.0137 10248 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe
22:19:28.0240 10248 ZuneNetworkSvc - ok
22:19:28.0323 10248 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
22:19:28.0335 10248 ZuneWlanCfgSvc - ok
22:19:28.0369 10248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:19:28.0630 10248 \Device\Harddisk0\DR0 - ok
22:19:28.0633 10248 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
22:19:28.0633 10248 \Device\Harddisk0\DR0\Partition0 - ok
22:19:28.0666 10248 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
22:19:28.0667 10248 \Device\Harddisk0\DR0\Partition1 - ok
22:19:28.0668 10248 ============================================================
22:19:28.0668 10248 Scan finished
22:19:28.0668 10248 ============================================================
22:19:28.0675 14112 Detected object count: 4
22:19:28.0675 14112 Actual detected object count: 4
22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:13.0037 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:13.0038 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
___________________________________________________
The GMER log was empty as it said that it did not find any system changes.
-
Hi,
I've already downloaded Malwarebytes Anti-Malware and although it detects the trojan and prompts me to restart, the trojan keeps recurring in groups of 3 instances. I have already uninstalled utorrent and posted the log of the quick scan below:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.18.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
alex :: HOMESERVER [limited]
6/17/2012 11:13:42 PM
mbam-log-2012-06-17 (23-13-42).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182014
Time elapsed: 2 minute(s), 53 second(s)
Memory Processes Detected: 1
C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> 11388 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\alex\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.
Files Detected: 9
C:\$Recycle.Bin\S-1-5-21-3863715708-3900006494-3946961991-1009\$RNN7OX8.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.
C:\Users\yuantaoli\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully.
C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> Delete on reboot.
(end)
Thanks in advance!
Help me remove recurring Backdoor:Win32/Fynloski.A /Backdoor.Messa
in Resolved Malware Removal Logs
Posted
Well, I did move all my stuff to an alternate user just in case and I deleted my old one. Now I did the scan from MalwareBytes. Nothing came up though. Here's the log:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.18.01
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Test :: HOMESERVER [limited]
6/26/2012 6:21:07 PM
mbam-log-2012-06-26 (18-21-07).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 360222
Time elapsed: 51 minute(s), 35 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Should I still continue to the next step? It was a full scan too.