Jump to content

suchek

Honorary Members
 View Profile  See their activity

  • Posts

    30

  • Joined

  • Last visited

 Content Type 

Everything posted by suchek

  1. suchek
    Thank you, Maniac. I've done the following: 1. Run the TDSS Killer. It found 2 suspicious objects, which I skipped, but no malicious objects. 2. Run the OTL Custom Fix that you provided, then rebooted. 3. Run a MBAM Quick Scan. No malicious items were detected, and I wasn't prompted to reboot. The logs for all three processes are below. ------------------------------------------------------- 16:28:27.0293 2852 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 16:28:27.0324 2852 ============================================================ 16:28:27.0324 2852 Current date / time: 2012/06/19 16:28:27.0324 16:28:27.0324 2852 SystemInfo: 16:28:27.0324 2852 16:28:27.0324 2852 OS Version: 6.1.7600 ServicePack: 0.0 16:28:27.0324 2852 Product type: Workstation 16:28:27.0324 2852 ComputerName: V-PC 16:28:27.0324 2852 UserName: v 16:28:27.0324 2852 Windows directory: C:\Windows 16:28:27.0324 2852 System windows directory: C:\Windows 16:28:27.0324 2852 Running under WOW64 16:28:27.0324 2852 Processor architecture: Intel x64 16:28:27.0324 2852 Number of processors: 4 16:28:27.0324 2852 Page size: 0x1000 16:28:27.0324 2852 Boot type: Normal boot 16:28:27.0324 2852 ============================================================ 16:28:27.0636 2852 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:28:27.0652 2852 Drive \Device\Harddisk1\DR5 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:28:27.0652 2852 ============================================================ 16:28:27.0652 2852 \Device\Harddisk0\DR0: 16:28:27.0652 2852 MBR partitions: 16:28:27.0652 2852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000 16:28:27.0652 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0 16:28:27.0652 2852 \Device\Harddisk1\DR5: 16:28:27.0652 2852 MBR partitions: 16:28:27.0652 2852 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x775080 16:28:27.0652 2852 ============================================================ 16:28:27.0683 2852 C: <-> \Device\Harddisk0\DR0\Partition1 16:28:27.0683 2852 ============================================================ 16:28:27.0683 2852 Initialize success 16:28:27.0683 2852 ============================================================ 16:29:21.0737 4044 ============================================================ 16:29:21.0737 4044 Scan started 16:29:21.0737 4044 Mode: Manual; SigCheck; TDLFS; 16:29:21.0737 4044 ============================================================ 16:29:22.0252 4044 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys 16:29:22.0361 4044 1394ohci - ok 16:29:22.0424 4044 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys 16:29:22.0455 4044 ACPI - ok 16:29:22.0502 4044 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 16:29:22.0533 4044 AcpiPmi - ok 16:29:22.0580 4044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:29:22.0611 4044 adp94xx - ok 16:29:22.0658 4044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:29:22.0689 4044 adpahci - ok 16:29:22.0720 4044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:29:22.0736 4044 adpu320 - ok 16:29:22.0798 4044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 16:29:22.0923 4044 AeLookupSvc - ok 16:29:23.0048 4044 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 16:29:23.0079 4044 AESTFilters - ok 16:29:23.0126 4044 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 16:29:23.0157 4044 AFD - ok 16:29:23.0188 4044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 16:29:23.0219 4044 agp440 - ok 16:29:23.0250 4044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 16:29:23.0282 4044 ALG - ok 16:29:23.0313 4044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 16:29:23.0328 4044 aliide - ok 16:29:23.0360 4044 AMD External Events Utility (388e79af1c9e4d84a8559fa77f804cf6) C:\Windows\system32\atiesrxx.exe 16:29:23.0406 4044 AMD External Events Utility - ok 16:29:23.0438 4044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 16:29:23.0453 4044 amdide - ok 16:29:23.0484 4044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:29:23.0500 4044 AmdK8 - ok 16:29:23.0812 4044 amdkmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys 16:29:23.0968 4044 amdkmdag - ok 16:29:24.0093 4044 amdkmdap (6f6d47246fbb0cf65619684a0f89179e) C:\Windows\system32\DRIVERS\atikmpag.sys 16:29:24.0124 4044 amdkmdap - ok 16:29:24.0155 4044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:29:24.0186 4044 AmdPPM - ok 16:29:24.0218 4044 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys 16:29:24.0233 4044 amdsata - ok 16:29:24.0280 4044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:29:24.0296 4044 amdsbs - ok 16:29:24.0327 4044 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys 16:29:24.0342 4044 amdxata - ok 16:29:24.0389 4044 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 16:29:24.0483 4044 AppID - ok 16:29:24.0530 4044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 16:29:24.0592 4044 AppIDSvc - ok 16:29:24.0623 4044 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 16:29:24.0639 4044 Appinfo - ok 16:29:24.0779 4044 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:29:24.0779 4044 Apple Mobile Device - ok 16:29:24.0826 4044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:29:24.0826 4044 arc - ok 16:29:24.0857 4044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:29:24.0873 4044 arcsas - ok 16:29:24.0904 4044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:29:24.0935 4044 AsyncMac - ok 16:29:24.0998 4044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 16:29:25.0013 4044 atapi - ok 16:29:25.0122 4044 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 16:29:25.0154 4044 AtiHdmiService - ok 16:29:25.0403 4044 atikmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys 16:29:25.0481 4044 atikmdag - ok 16:29:25.0590 4044 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 16:29:25.0653 4044 AudioEndpointBuilder - ok 16:29:25.0653 4044 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 16:29:25.0700 4044 AudioSrv - ok 16:29:25.0731 4044 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 16:29:25.0793 4044 AxInstSV - ok 16:29:25.0856 4044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:29:25.0887 4044 b06bdrv - ok 16:29:25.0934 4044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:29:25.0949 4044 b57nd60a - ok 16:29:25.0996 4044 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys 16:29:25.0996 4044 BCM42RLY - ok 16:29:26.0121 4044 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys 16:29:26.0199 4044 BCM43XX - ok 16:29:26.0339 4044 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys 16:29:26.0355 4044 BcmVWL - ok 16:29:26.0386 4044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 16:29:26.0417 4044 BDESVC - ok 16:29:26.0448 4044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:29:26.0511 4044 Beep - ok 16:29:26.0542 4044 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 16:29:26.0589 4044 BITS - ok 16:29:26.0620 4044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:29:26.0636 4044 blbdrive - ok 16:29:26.0714 4044 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 16:29:26.0729 4044 Bonjour Service - ok 16:29:26.0776 4044 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 16:29:26.0807 4044 bowser - ok 16:29:26.0838 4044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:29:26.0854 4044 BrFiltLo - ok 16:29:26.0870 4044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:29:26.0885 4044 BrFiltUp - ok 16:29:26.0932 4044 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 16:29:26.0979 4044 Browser - ok 16:29:26.0995 4044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:29:27.0026 4044 Brserid - ok 16:29:27.0041 4044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:29:27.0057 4044 BrSerWdm - ok 16:29:27.0088 4044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:29:27.0104 4044 BrUsbMdm - ok 16:29:27.0135 4044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:29:27.0151 4044 BrUsbSer - ok 16:29:27.0182 4044 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 16:29:27.0197 4044 BthEnum - ok 16:29:27.0213 4044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:29:27.0229 4044 BTHMODEM - ok 16:29:27.0244 4044 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 16:29:27.0260 4044 BthPan - ok 16:29:27.0322 4044 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\System32\Drivers\BTHport.sys 16:29:27.0369 4044 BTHPORT - ok 16:29:27.0400 4044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 16:29:27.0447 4044 bthserv - ok 16:29:27.0478 4044 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\System32\Drivers\BTHUSB.sys 16:29:27.0509 4044 BTHUSB - ok 16:29:27.0541 4044 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys 16:29:27.0541 4044 btusbflt - ok 16:29:27.0572 4044 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys 16:29:27.0587 4044 btwaudio - ok 16:29:27.0619 4044 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys 16:29:27.0619 4044 btwavdt - ok 16:29:27.0712 4044 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 16:29:27.0743 4044 btwdins - ok 16:29:27.0775 4044 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 16:29:27.0790 4044 btwl2cap - ok 16:29:27.0806 4044 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys 16:29:27.0806 4044 btwrchid - ok 16:29:27.0837 4044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:29:27.0868 4044 cdfs - ok 16:29:27.0899 4044 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 16:29:27.0899 4044 cdrom - ok 16:29:27.0946 4044 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 16:29:27.0993 4044 CertPropSvc - ok 16:29:28.0009 4044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:29:28.0024 4044 circlass - ok 16:29:28.0055 4044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:29:28.0087 4044 CLFS - ok 16:29:28.0165 4044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:29:28.0180 4044 clr_optimization_v2.0.50727_32 - ok 16:29:28.0227 4044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:29:28.0243 4044 clr_optimization_v2.0.50727_64 - ok 16:29:28.0274 4044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:29:28.0289 4044 CmBatt - ok 16:29:28.0305 4044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 16:29:28.0321 4044 cmdide - ok 16:29:28.0383 4044 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 16:29:28.0430 4044 CNG - ok 16:29:28.0477 4044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:29:28.0477 4044 Compbatt - ok 16:29:28.0508 4044 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 16:29:28.0555 4044 CompositeBus - ok 16:29:28.0570 4044 COMSysApp - ok 16:29:28.0570 4044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:29:28.0586 4044 crcdisk - ok 16:29:28.0617 4044 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 16:29:28.0679 4044 CryptSvc - ok 16:29:28.0711 4044 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 16:29:28.0742 4044 CtClsFlt - ok 16:29:28.0804 4044 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 16:29:28.0851 4044 DcomLaunch - ok 16:29:28.0898 4044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 16:29:28.0945 4044 defragsvc - ok 16:29:28.0960 4044 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 16:29:28.0976 4044 DfsC - ok 16:29:29.0023 4044 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 16:29:29.0085 4044 Dhcp - ok 16:29:29.0132 4044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:29:29.0179 4044 discache - ok 16:29:29.0210 4044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:29:29.0225 4044 Disk - ok 16:29:29.0272 4044 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 16:29:29.0288 4044 Dnscache - ok 16:29:29.0397 4044 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 16:29:29.0413 4044 DockLoginService ( UnsignedFile.Multi.Generic ) - warning 16:29:29.0413 4044 DockLoginService - detected UnsignedFile.Multi.Generic (1) 16:29:29.0428 4044 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 16:29:29.0506 4044 dot3svc - ok 16:29:29.0537 4044 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 16:29:29.0569 4044 DPS - ok 16:29:29.0600 4044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:29:29.0615 4044 drmkaud - ok 16:29:29.0662 4044 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 16:29:29.0678 4044 dtsoftbus01 - ok 16:29:29.0725 4044 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 16:29:29.0756 4044 DXGKrnl - ok 16:29:29.0787 4044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 16:29:29.0834 4044 EapHost - ok 16:29:29.0943 4044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:29:30.0005 4044 ebdrv - ok 16:29:30.0083 4044 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 16:29:30.0115 4044 EFS - ok 16:29:30.0193 4044 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 16:29:30.0224 4044 ehRecvr - ok 16:29:30.0255 4044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 16:29:30.0286 4044 ehSched - ok 16:29:30.0380 4044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:29:30.0395 4044 elxstor - ok 16:29:30.0427 4044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 16:29:30.0427 4044 ErrDev - ok 16:29:30.0473 4044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 16:29:30.0505 4044 EventSystem - ok 16:29:30.0551 4044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:29:30.0583 4044 exfat - ok 16:29:30.0614 4044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:29:30.0645 4044 fastfat - ok 16:29:30.0692 4044 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 16:29:30.0739 4044 Fax - ok 16:29:30.0770 4044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:29:30.0785 4044 fdc - ok 16:29:30.0817 4044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 16:29:30.0863 4044 fdPHost - ok 16:29:30.0879 4044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 16:29:30.0910 4044 FDResPub - ok 16:29:30.0926 4044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:29:30.0941 4044 FileInfo - ok 16:29:30.0957 4044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:29:30.0988 4044 Filetrace - ok 16:29:31.0082 4044 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:29:31.0113 4044 FLEXnet Licensing Service - ok 16:29:31.0144 4044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:29:31.0160 4044 flpydisk - ok 16:29:31.0175 4044 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 16:29:31.0191 4044 FltMgr - ok 16:29:31.0238 4044 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 16:29:31.0300 4044 FontCache - ok 16:29:31.0409 4044 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:29:31.0425 4044 FontCache3.0.0.0 - ok 16:29:31.0472 4044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:29:31.0487 4044 FsDepends - ok 16:29:31.0534 4044 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 16:29:31.0550 4044 Fs_Rec - ok 16:29:31.0597 4044 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:29:31.0612 4044 fvevol - ok 16:29:31.0659 4044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:29:31.0675 4044 gagp30kx - ok 16:29:31.0768 4044 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe 16:29:31.0784 4044 GameConsoleService - ok 16:29:31.0831 4044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:29:31.0846 4044 GEARAspiWDM - ok 16:29:31.0877 4044 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe 16:29:31.0893 4044 GoToAssist - ok 16:29:31.0955 4044 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 16:29:32.0002 4044 gpsvc - ok 16:29:32.0033 4044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:29:32.0049 4044 hcw85cir - ok 16:29:32.0096 4044 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 16:29:32.0127 4044 HdAudAddService - ok 16:29:32.0189 4044 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 16:29:32.0205 4044 HDAudBus - ok 16:29:32.0236 4044 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 16:29:32.0252 4044 HECIx64 - ok 16:29:32.0283 4044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:29:32.0283 4044 HidBatt - ok 16:29:32.0299 4044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:29:32.0314 4044 HidBth - ok 16:29:32.0330 4044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:29:32.0345 4044 HidIr - ok 16:29:32.0361 4044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 16:29:32.0392 4044 hidserv - ok 16:29:32.0439 4044 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 16:29:32.0470 4044 HidUsb - ok 16:29:32.0501 4044 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 16:29:32.0564 4044 hkmsvc - ok 16:29:32.0564 4044 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 16:29:32.0579 4044 HomeGroupListener - ok 16:29:32.0611 4044 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 16:29:32.0626 4044 HomeGroupProvider - ok 16:29:32.0673 4044 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 16:29:32.0689 4044 HpSAMD - ok 16:29:32.0720 4044 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 16:29:32.0782 4044 HTTP - ok 16:29:32.0798 4044 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 16:29:32.0798 4044 hwpolicy - ok 16:29:32.0829 4044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 16:29:32.0845 4044 i8042prt - ok 16:29:32.0891 4044 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys 16:29:32.0907 4044 iaStor - ok 16:29:33.0001 4044 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 16:29:33.0016 4044 IAStorDataMgrSvc - ok 16:29:33.0063 4044 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys 16:29:33.0094 4044 iaStorV - ok 16:29:33.0203 4044 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:29:33.0235 4044 idsvc - ok 16:29:33.0437 4044 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys 16:29:33.0593 4044 igfx - ok 16:29:33.0703 4044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:29:33.0718 4044 iirsp - ok 16:29:33.0765 4044 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 16:29:33.0827 4044 IKEEXT - ok 16:29:33.0843 4044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 16:29:33.0859 4044 intelide - ok 16:29:33.0905 4044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:29:33.0905 4044 intelppm - ok 16:29:33.0937 4044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 16:29:33.0968 4044 IPBusEnum - ok 16:29:33.0983 4044 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:29:34.0015 4044 IpFilterDriver - ok 16:29:34.0015 4044 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 16:29:34.0030 4044 IPMIDRV - ok 16:29:34.0046 4044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:29:34.0077 4044 IPNAT - ok 16:29:34.0155 4044 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe 16:29:34.0186 4044 iPod Service - ok 16:29:34.0233 4044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:29:34.0249 4044 IRENUM - ok 16:29:34.0249 4044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 16:29:34.0264 4044 isapnp - ok 16:29:34.0280 4044 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 16:29:34.0295 4044 iScsiPrt - ok 16:29:34.0311 4044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 16:29:34.0311 4044 kbdclass - ok 16:29:34.0342 4044 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 16:29:34.0342 4044 kbdhid - ok 16:29:34.0405 4044 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 16:29:34.0420 4044 KeyIso - ok 16:29:34.0436 4044 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 16:29:34.0451 4044 KSecDD - ok 16:29:34.0467 4044 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 16:29:34.0483 4044 KSecPkg - ok 16:29:34.0514 4044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:29:34.0545 4044 ksthunk - ok 16:29:34.0576 4044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 16:29:34.0623 4044 KtmRm - ok 16:29:34.0654 4044 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 16:29:34.0670 4044 LanmanServer - ok 16:29:34.0717 4044 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 16:29:34.0748 4044 LanmanWorkstation - ok 16:29:34.0795 4044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:29:34.0841 4044 lltdio - ok 16:29:34.0888 4044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 16:29:34.0935 4044 lltdsvc - ok 16:29:34.0951 4044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 16:29:34.0982 4044 lmhosts - ok 16:29:35.0107 4044 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 16:29:35.0122 4044 LMS - ok 16:29:35.0169 4044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:29:35.0185 4044 LSI_FC - ok 16:29:35.0216 4044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:29:35.0231 4044 LSI_SAS - ok 16:29:35.0247 4044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:29:35.0247 4044 LSI_SAS2 - ok 16:29:35.0263 4044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:29:35.0278 4044 LSI_SCSI - ok 16:29:35.0294 4044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:29:35.0341 4044 luafv - ok 16:29:35.0387 4044 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 16:29:35.0403 4044 Mcx2Svc - ok 16:29:35.0434 4044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:29:35.0450 4044 megasas - ok 16:29:35.0465 4044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:29:35.0481 4044 MegaSR - ok 16:29:35.0512 4044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:29:35.0559 4044 MMCSS - ok 16:29:35.0590 4044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:29:35.0621 4044 Modem - ok 16:29:35.0653 4044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:29:35.0653 4044 monitor - ok 16:29:35.0684 4044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 16:29:35.0699 4044 mouclass - ok 16:29:35.0715 4044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:29:35.0731 4044 mouhid - ok 16:29:35.0762 4044 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 16:29:35.0777 4044 mountmgr - ok 16:29:35.0855 4044 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:29:35.0871 4044 MozillaMaintenance - ok 16:29:35.0887 4044 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 16:29:35.0902 4044 mpio - ok 16:29:35.0933 4044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:29:35.0980 4044 mpsdrv - ok 16:29:35.0996 4044 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 16:29:36.0011 4044 MRxDAV - ok 16:29:36.0043 4044 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:29:36.0074 4044 mrxsmb - ok 16:29:36.0089 4044 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:29:36.0105 4044 mrxsmb10 - ok 16:29:36.0136 4044 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:29:36.0152 4044 mrxsmb20 - ok 16:29:36.0183 4044 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys 16:29:36.0183 4044 msahci - ok 16:29:36.0230 4044 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 16:29:36.0245 4044 msdsm - ok 16:29:36.0261 4044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 16:29:36.0277 4044 MSDTC - ok 16:29:36.0292 4044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:29:36.0339 4044 Msfs - ok 16:29:36.0355 4044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:29:36.0386 4044 mshidkmdf - ok 16:29:36.0401 4044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 16:29:36.0401 4044 msisadrv - ok 16:29:36.0448 4044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 16:29:36.0495 4044 MSiSCSI - ok 16:29:36.0511 4044 msiserver - ok 16:29:36.0542 4044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:29:36.0573 4044 MSKSSRV - ok 16:29:36.0573 4044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:29:36.0604 4044 MSPCLOCK - ok 16:29:36.0620 4044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:29:36.0651 4044 MSPQM - ok 16:29:36.0667 4044 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 16:29:36.0682 4044 MsRPC - ok 16:29:36.0713 4044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 16:29:36.0729 4044 mssmbios - ok 16:29:36.0760 4044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:29:36.0791 4044 MSTEE - ok 16:29:36.0807 4044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:29:36.0807 4044 MTConfig - ok 16:29:36.0854 4044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:29:36.0869 4044 Mup - ok 16:29:36.0916 4044 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 16:29:36.0963 4044 napagent - ok 16:29:37.0025 4044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:29:37.0057 4044 NativeWifiP - ok 16:29:37.0119 4044 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 16:29:37.0166 4044 NDIS - ok 16:29:37.0181 4044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:29:37.0213 4044 NdisCap - ok 16:29:37.0244 4044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:29:37.0275 4044 NdisTapi - ok 16:29:37.0322 4044 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 16:29:37.0369 4044 Ndisuio - ok 16:29:37.0384 4044 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 16:29:37.0431 4044 NdisWan - ok 16:29:37.0431 4044 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 16:29:37.0462 4044 NDProxy - ok 16:29:37.0493 4044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:29:37.0525 4044 NetBIOS - ok 16:29:37.0556 4044 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 16:29:37.0587 4044 NetBT - ok 16:29:37.0618 4044 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 16:29:37.0634 4044 Netlogon - ok 16:29:37.0665 4044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 16:29:37.0727 4044 Netman - ok 16:29:37.0743 4044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 16:29:37.0774 4044 netprofm - ok 16:29:37.0868 4044 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:29:37.0883 4044 NetTcpPortSharing - ok 16:29:37.0930 4044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:29:37.0946 4044 nfrd960 - ok 16:29:37.0993 4044 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 16:29:38.0039 4044 NlaSvc - ok 16:29:38.0055 4044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:29:38.0086 4044 Npfs - ok 16:29:38.0117 4044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 16:29:38.0149 4044 nsi - ok 16:29:38.0180 4044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:29:38.0211 4044 nsiproxy - ok 16:29:38.0289 4044 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys 16:29:38.0336 4044 Ntfs - ok 16:29:38.0429 4044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:29:38.0492 4044 Null - ok 16:29:38.0523 4044 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys 16:29:38.0523 4044 nvraid - ok 16:29:38.0539 4044 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys 16:29:38.0554 4044 nvstor - ok 16:29:38.0570 4044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 16:29:38.0585 4044 nv_agp - ok 16:29:38.0601 4044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 16:29:38.0617 4044 ohci1394 - ok 16:29:38.0679 4044 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:29:38.0695 4044 ose - ok 16:29:38.0741 4044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:29:38.0788 4044 p2pimsvc - ok 16:29:38.0819 4044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 16:29:38.0835 4044 p2psvc - ok 16:29:38.0866 4044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:29:38.0882 4044 Parport - ok 16:29:38.0929 4044 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 16:29:38.0944 4044 partmgr - ok 16:29:38.0975 4044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 16:29:39.0022 4044 PcaSvc - ok 16:29:39.0053 4044 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 16:29:39.0069 4044 pci - ok 16:29:39.0100 4044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 16:29:39.0100 4044 pciide - ok 16:29:39.0116 4044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:29:39.0131 4044 pcmcia - ok 16:29:39.0147 4044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:29:39.0163 4044 pcw - ok 16:29:39.0194 4044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:29:39.0241 4044 PEAUTH - ok 16:29:39.0319 4044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 16:29:39.0334 4044 PerfHost - ok 16:29:39.0397 4044 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 16:29:39.0459 4044 pla - ok 16:29:39.0537 4044 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 16:29:39.0599 4044 PlugPlay - ok 16:29:39.0615 4044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 16:29:39.0631 4044 PNRPAutoReg - ok 16:29:39.0646 4044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 16:29:39.0662 4044 PNRPsvc - ok 16:29:39.0709 4044 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 16:29:39.0755 4044 PolicyAgent - ok 16:29:39.0787 4044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 16:29:39.0818 4044 Power - ok 16:29:39.0880 4044 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 16:29:39.0927 4044 PptpMiniport - ok 16:29:39.0943 4044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:29:39.0943 4044 Processor - ok 16:29:39.0989 4044 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 16:29:40.0021 4044 ProfSvc - ok 16:29:40.0052 4044 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 16:29:40.0052 4044 ProtectedStorage - ok 16:29:40.0099 4044 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 16:29:40.0145 4044 Psched - ok 16:29:40.0177 4044 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 16:29:40.0192 4044 PxHlpa64 - ok 16:29:40.0255 4044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:29:40.0301 4044 ql2300 - ok 16:29:40.0411 4044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:29:40.0426 4044 ql40xx - ok 16:29:40.0457 4044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 16:29:40.0489 4044 QWAVE - ok 16:29:40.0504 4044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:29:40.0520 4044 QWAVEdrv - ok 16:29:40.0535 4044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:29:40.0567 4044 RasAcd - ok 16:29:40.0613 4044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:29:40.0660 4044 RasAgileVpn - ok 16:29:40.0691 4044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 16:29:40.0754 4044 RasAuto - ok 16:29:40.0769 4044 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:29:40.0801 4044 Rasl2tp - ok 16:29:40.0832 4044 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 16:29:40.0863 4044 RasMan - ok 16:29:40.0894 4044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:29:40.0925 4044 RasPppoe - ok 16:29:40.0957 4044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:29:40.0988 4044 RasSstp - ok 16:29:41.0003 4044 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 16:29:41.0050 4044 rdbss - ok 16:29:41.0066 4044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:29:41.0081 4044 rdpbus - ok 16:29:41.0097 4044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:29:41.0128 4044 RDPCDD - ok 16:29:41.0159 4044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:29:41.0237 4044 RDPENCDD - ok 16:29:41.0269 4044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:29:41.0300 4044 RDPREFMP - ok 16:29:41.0315 4044 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 16:29:41.0347 4044 RDPWD - ok 16:29:41.0362 4044 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 16:29:41.0378 4044 rdyboost - ok 16:29:41.0409 4044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 16:29:41.0440 4044 RemoteAccess - ok 16:29:41.0471 4044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 16:29:41.0503 4044 RemoteRegistry - ok 16:29:41.0549 4044 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 16:29:41.0581 4044 RFCOMM - ok 16:29:41.0612 4044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 16:29:41.0659 4044 RpcEptMapper - ok 16:29:41.0674 4044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 16:29:41.0690 4044 RpcLocator - ok 16:29:41.0705 4044 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 16:29:41.0752 4044 RpcSs - ok 16:29:41.0783 4044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:29:41.0815 4044 rspndr - ok 16:29:41.0861 4044 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys 16:29:41.0877 4044 RSUSBSTOR - ok 16:29:41.0924 4044 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys 16:29:41.0939 4044 RTL8167 - ok 16:29:41.0986 4044 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 16:29:42.0002 4044 SamSs - ok 16:29:42.0017 4044 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 16:29:42.0033 4044 sbp2port - ok 16:29:42.0064 4044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 16:29:42.0111 4044 SCardSvr - ok 16:29:42.0127 4044 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 16:29:42.0158 4044 scfilter - ok 16:29:42.0205 4044 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 16:29:42.0251 4044 Schedule - ok 16:29:42.0283 4044 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 16:29:42.0314 4044 SCPolicySvc - ok 16:29:42.0345 4044 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 16:29:42.0361 4044 SDRSVC - ok 16:29:42.0454 4044 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 16:29:42.0470 4044 SeaPort - ok 16:29:42.0548 4044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:29:42.0595 4044 secdrv - ok 16:29:42.0626 4044 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 16:29:42.0657 4044 seclogon - ok 16:29:42.0688 4044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 16:29:42.0719 4044 SENS - ok 16:29:42.0735 4044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 16:29:42.0766 4044 SensrSvc - ok 16:29:42.0797 4044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:29:42.0797 4044 Serenum - ok 16:29:42.0829 4044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:29:42.0844 4044 Serial - ok 16:29:42.0875 4044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:29:42.0875 4044 sermouse - ok 16:29:42.0922 4044 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 16:29:42.0953 4044 SessionEnv - ok 16:29:42.0985 4044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 16:29:43.0000 4044 sffdisk - ok 16:29:43.0031 4044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 16:29:43.0047 4044 sffp_mmc - ok 16:29:43.0063 4044 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 16:29:43.0078 4044 sffp_sd - ok 16:29:43.0094 4044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:29:43.0109 4044 sfloppy - ok 16:29:43.0187 4044 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 16:29:43.0219 4044 SftService - ok 16:29:43.0265 4044 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 16:29:43.0281 4044 ShellHWDetection - ok 16:29:43.0312 4044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:29:43.0328 4044 SiSRaid2 - ok 16:29:43.0343 4044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:29:43.0359 4044 SiSRaid4 - ok 16:29:43.0375 4044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:29:43.0421 4044 Smb - ok 16:29:43.0453 4044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 16:29:43.0468 4044 SNMPTRAP - ok 16:29:43.0499 4044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:29:43.0499 4044 spldr - ok 16:29:43.0546 4044 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 16:29:43.0577 4044 Spooler - ok 16:29:43.0687 4044 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 16:29:43.0780 4044 sppsvc - ok 16:29:43.0889 4044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 16:29:43.0936 4044 sppuinotify - ok 16:29:44.0045 4044 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe 16:29:44.0061 4044 sprtsvc_DellSupportCenter - ok 16:29:44.0123 4044 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 16:29:44.0155 4044 srv - ok 16:29:44.0170 4044 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 16:29:44.0201 4044 srv2 - ok 16:29:44.0233 4044 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 16:29:44.0248 4044 srvnet - ok 16:29:44.0279 4044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 16:29:44.0326 4044 SSDPSRV - ok 16:29:44.0342 4044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 16:29:44.0373 4044 SstpSvc - ok 16:29:44.0467 4044 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe 16:29:44.0482 4044 STacSV - ok 16:29:44.0513 4044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:29:44.0529 4044 stexstor - ok 16:29:44.0591 4044 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys 16:29:44.0607 4044 STHDA - ok 16:29:44.0654 4044 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 16:29:44.0701 4044 stisvc - ok 16:29:44.0716 4044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 16:29:44.0732 4044 swenum - ok 16:29:44.0794 4044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 16:29:44.0841 4044 swprv - ok 16:29:44.0888 4044 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys 16:29:44.0903 4044 SynTP - ok 16:29:44.0981 4044 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 16:29:45.0028 4044 SysMain - ok 16:29:45.0122 4044 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 16:29:45.0137 4044 TabletInputService - ok 16:29:45.0169 4044 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 16:29:45.0215 4044 TapiSrv - ok 16:29:45.0231 4044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 16:29:45.0262 4044 TBS - ok 16:29:45.0371 4044 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 16:29:45.0434 4044 Tcpip - ok 16:29:45.0605 4044 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 16:29:45.0637 4044 TCPIP6 - ok 16:29:45.0683 4044 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 16:29:45.0730 4044 tcpipreg - ok 16:29:45.0746 4044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:29:45.0761 4044 TDPIPE - ok 16:29:45.0793 4044 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 16:29:45.0808 4044 TDTCP - ok 16:29:45.0824 4044 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 16:29:45.0871 4044 tdx - ok 16:29:45.0902 4044 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 16:29:45.0917 4044 TermDD - ok 16:29:45.0964 4044 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 16:29:46.0027 4044 TermService - ok 16:29:46.0042 4044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 16:29:46.0058 4044 Themes - ok 16:29:46.0089 4044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 16:29:46.0120 4044 THREADORDER - ok 16:29:46.0151 4044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 16:29:46.0183 4044 TrkWks - ok 16:29:46.0245 4044 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 16:29:46.0261 4044 TrustedInstaller - ok 16:29:46.0292 4044 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:29:46.0323 4044 tssecsrv - ok 16:29:46.0354 4044 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 16:29:46.0417 4044 tunnel - ok 16:29:46.0448 4044 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 16:29:46.0448 4044 TurboB - ok 16:29:46.0510 4044 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 16:29:46.0526 4044 TurboBoost - ok 16:29:46.0541 4044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:29:46.0557 4044 uagp35 - ok 16:29:46.0588 4044 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys 16:29:46.0604 4044 udfs - ok 16:29:46.0651 4044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 16:29:46.0666 4044 UI0Detect - ok 16:29:46.0682 4044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 16:29:46.0697 4044 uliagpkx - ok 16:29:46.0713 4044 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 16:29:46.0729 4044 umbus - ok 16:29:46.0744 4044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:29:46.0744 4044 UmPass - ok 16:29:46.0931 4044 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 16:29:46.0978 4044 UNS - ok 16:29:47.0072 4044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 16:29:47.0119 4044 upnphost - ok 16:29:47.0165 4044 usbccgp (945bfba692c0f3cdf5a9d824972188f6) C:\Windows\system32\DRIVERS\usbccgp.sys 16:29:47.0197 4044 usbccgp - ok 16:29:47.0228 4044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 16:29:47.0243 4044 usbcir - ok 16:29:47.0275 4044 usbehci (b6942800840c9466223aefd4d9a74fbf) C:\Windows\system32\DRIVERS\usbehci.sys 16:29:47.0290 4044 usbehci - ok 16:29:47.0321 4044 usbhub (85bc7b6ee233b4e979e024a3cd15cd49) C:\Windows\system32\DRIVERS\usbhub.sys 16:29:47.0337 4044 usbhub - ok 16:29:47.0353 4044 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 16:29:47.0384 4044 usbohci - ok 16:29:47.0399 4044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:29:47.0431 4044 usbprint - ok 16:29:47.0462 4044 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:29:47.0477 4044 USBSTOR - ok 16:29:47.0477 4044 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 16:29:47.0493 4044 usbuhci - ok 16:29:47.0540 4044 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 16:29:47.0587 4044 usbvideo - ok 16:29:47.0618 4044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 16:29:47.0665 4044 UxSms - ok 16:29:47.0696 4044 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 16:29:47.0696 4044 VaultSvc - ok 16:29:47.0727 4044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 16:29:47.0727 4044 vdrvroot - ok 16:29:47.0758 4044 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 16:29:47.0774 4044 vds - ok 16:29:47.0805 4044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:29:47.0821 4044 vga - ok 16:29:47.0836 4044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:29:47.0867 4044 VgaSave - ok 16:29:47.0883 4044 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 16:29:47.0899 4044 vhdmp - ok 16:29:47.0914 4044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 16:29:47.0930 4044 viaide - ok 16:29:47.0945 4044 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 16:29:47.0945 4044 volmgr - ok 16:29:47.0977 4044 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 16:29:47.0992 4044 volmgrx - ok 16:29:48.0023 4044 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 16:29:48.0039 4044 volsnap - ok 16:29:48.0070 4044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:29:48.0070 4044 vsmraid - ok 16:29:48.0148 4044 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 16:29:48.0195 4044 VSS - ok 16:29:48.0304 4044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:29:48.0320 4044 vwifibus - ok 16:29:48.0351 4044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:29:48.0367 4044 vwififlt - ok 16:29:48.0413 4044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 16:29:48.0445 4044 W32Time - ok 16:29:48.0460 4044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:29:48.0476 4044 WacomPen - ok 16:29:48.0507 4044 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:29:48.0538 4044 WANARP - ok 16:29:48.0538 4044 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 16:29:48.0569 4044 Wanarpv6 - ok 16:29:48.0632 4044 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 16:29:48.0679 4044 wbengine - ok 16:29:48.0772 4044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 16:29:48.0788 4044 WbioSrvc - ok 16:29:48.0803 4044 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 16:29:48.0819 4044 wcncsvc - ok 16:29:48.0835 4044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 16:29:48.0881 4044 WcsPlugInService - ok 16:29:48.0928 4044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:29:48.0944 4044 Wd - ok 16:29:48.0975 4044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:29:49.0006 4044 Wdf01000 - ok 16:29:49.0037 4044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:29:49.0053 4044 WdiServiceHost - ok 16:29:49.0053 4044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 16:29:49.0069 4044 WdiSystemHost - ok 16:29:49.0100 4044 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 16:29:49.0115 4044 WebClient - ok 16:29:49.0131 4044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 16:29:49.0178 4044 Wecsvc - ok 16:29:49.0178 4044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 16:29:49.0209 4044 wercplsupport - ok 16:29:49.0271 4044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 16:29:49.0318 4044 WerSvc - ok 16:29:49.0365 4044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:29:49.0412 4044 WfpLwf - ok 16:29:49.0443 4044 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 16:29:49.0459 4044 WimFltr - ok 16:29:49.0459 4044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:29:49.0474 4044 WIMMount - ok 16:29:49.0474 4044 WinHttpAutoProxySvc - ok 16:29:49.0537 4044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 16:29:49.0599 4044 Winmgmt - ok 16:29:49.0661 4044 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 16:29:49.0724 4044 WinRM - ok 16:29:49.0864 4044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 16:29:49.0895 4044 Wlansvc - ok 16:29:49.0973 4044 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 16:29:49.0989 4044 wltrysvc ( UnsignedFile.Multi.Generic ) - warning 16:29:49.0989 4044 wltrysvc - detected UnsignedFile.Multi.Generic (1) 16:29:50.0051 4044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 16:29:50.0067 4044 WmiAcpi - ok 16:29:50.0129 4044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 16:29:50.0161 4044 wmiApSrv - ok 16:29:50.0207 4044 WMPNetworkSvc - ok 16:29:50.0254 4044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 16:29:50.0285 4044 WPCSvc - ok 16:29:50.0301 4044 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 16:29:50.0317 4044 WPDBusEnum - ok 16:29:50.0348 4044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:29:50.0379 4044 ws2ifsl - ok 16:29:50.0410 4044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 16:29:50.0441 4044 wscsvc - ok 16:29:50.0441 4044 WSearch - ok 16:29:50.0535 4044 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 16:29:50.0613 4044 wuauserv - ok 16:29:50.0707 4044 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys 16:29:50.0738 4044 WudfPf - ok 16:29:50.0769 4044 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:29:50.0785 4044 WUDFRd - ok 16:29:50.0800 4044 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll 16:29:50.0816 4044 wudfsvc - ok 16:29:50.0847 4044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 16:29:50.0863 4044 WwanSvc - ok 16:29:50.0894 4044 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 16:29:50.0909 4044 yukonw7 - ok 16:29:50.0941 4044 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0 16:29:51.0221 4044 \Device\Harddisk0\DR0 - ok 16:29:51.0237 4044 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5 16:29:51.0736 4044 \Device\Harddisk1\DR5 - ok 16:29:51.0736 4044 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0 16:29:51.0752 4044 \Device\Harddisk0\DR0\Partition0 - ok 16:29:51.0767 4044 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1 16:29:51.0767 4044 \Device\Harddisk0\DR0\Partition1 - ok 16:29:51.0783 4044 Boot (0x1200) (abc797e2965be197cd01f47e78623aec) \Device\Harddisk1\DR5\Partition0 16:29:51.0783 4044 \Device\Harddisk1\DR5\Partition0 - ok 16:29:51.0783 4044 ============================================================ 16:29:51.0783 4044 Scan finished 16:29:51.0783 4044 ============================================================ 16:29:51.0799 2928 Detected object count: 2 16:29:51.0799 2928 Actual detected object count: 2 16:30:25.0853 2928 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user 16:30:25.0853 2928 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:30:25.0853 2928 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user 16:30:25.0853 2928 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. Registry value HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found. Registry key HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found. C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully. C:\Program Files (x86)\Conduit folder moved successfully. C:\Users\v\AppData\Local\Conduit folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully. C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully. C:\Users\v\AppData\Roaming\Azureus\torrents folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\tmp\AZU847548663690459923.tmp folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\tmp folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\subs folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\shares folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\rss folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\mlab folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\azutp folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\plugins folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\net folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\logs folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\dht folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\devices folder moved successfully. C:\Users\v\AppData\Roaming\Azureus\active folder moved successfully. C:\Users\v\AppData\Roaming\Azureus folder moved successfully. ========== FILES ========== C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. Folder move failed. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} scheduled to be moved on reboot. C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully. C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\v\Desktop\cmd.bat deleted successfully. C:\Users\v\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: v ->Temp folder emptied: 596479825 bytes ->Temporary Internet Files folder emptied: 60448439 bytes ->Java cache emptied: 326347 bytes ->FireFox cache emptied: 508975819 bytes ->Google Chrome cache emptied: 13810545 bytes ->Flash cache emptied: 7458 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18542660 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes %systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes RecycleBin emptied: 170329912 bytes Total Files Cleaned = 1,306.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.50.0 log created on 06192012_171202 Files\Folders moved on Reboot... C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully. C:\Users\v\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.19.03 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 v :: V-PC [administrator] 6/19/2012 5:26:54 PM mbam-log-2012-06-19 (17-26-54).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203747 Time elapsed: 1 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. suchek
    Hello, Maniac. Thank you so much for your quick reply. I've been reading through all the help you've been able to provide other users w. this same BCMiner problem. Many thank yous for donating your time and expertise to help people like me who can't do this on our own. 1. I've uninstalled Vuze. I didn't reboot after uninstall; let me know if I need to. 2. OTL text logs are pasted below. ------------------------------------------------------- OTL logfile created on: 6/19/2012 3:49:20 PM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\v\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.87 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 78.61% Memory free 11.73 Gb Paging File | 10.18 Gb Available in Paging File | 86.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 468.85 Gb Free Space | 80.64% Space Free | Partition Type: NTFS Drive E: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.42% Space Free | Partition Type: FAT32 Computer Name: V-PC | User Name: v | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/19 15:37:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe PRC - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe PRC - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ========== Modules (No Company Name) ========== MOD - [2012/06/19 02:09:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/19 02:09:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/06/15 21:19:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll MOD - [2012/05/20 13:33:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll MOD - [2012/05/20 13:33:15 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll MOD - [2012/05/20 12:01:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/20 12:00:55 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll MOD - [2012/05/20 12:00:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/20 12:00:45 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/20 12:00:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/20 12:00:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2010/08/11 17:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll MOD - [2010/08/11 17:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll MOD - [2010/08/11 17:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll MOD - [2010/08/11 17:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll MOD - [2010/08/11 17:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll MOD - [2010/08/11 17:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll MOD - [2010/08/11 17:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll MOD - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV) SRV:64bit: - [2010/06/01 23:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/02/02 21:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters) SRV - [2012/05/05 00:20:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/03/31 14:53:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/12/29 18:35:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel® SRV - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel® SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/31 15:01:36 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/06/01 22:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/05/12 01:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010/05/12 01:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/17 14:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010/02/02 21:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY) DRV:64bit: - [2010/02/02 21:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL) DRV:64bit: - [2010/02/02 21:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel® DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt) DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/ IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 00:20:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/24 19:15:50 | 000,000,000 | ---D | M] [2011/05/01 21:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v\AppData\Roaming\Mozilla\Extensions [2012/05/28 19:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\extensions [2012/05/05 00:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/05/05 00:20:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/12/08 10:11:04 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll [2012/04/20 19:51:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012/04/20 19:36:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/20 19:36:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\v\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe () O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell) O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..Trusted Domains: alohaenterprise.com ([nextstudent] http in Trusted sites) O15 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..Trusted Domains: nextstudent.com ([exchange] https in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77690690-0FDD-488C-A672-5196682B4345}: DhcpNameServer = 10.10.1.77 10.10.1.83 O18:64bit: - Protocol\Handler\cozi - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (MACHINE BootExecut) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/19 15:48:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe [2012/06/19 13:15:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\v\Desktop\dds.scr [2012/06/19 04:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky [2012/06/19 02:42:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/15 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Macromedia [2012/05/28 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\v\.swt [2012/05/28 19:01:08 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\CRE [2012/05/28 19:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012/05/28 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Conduit ========== Files - Modified Within 30 Days ========== [2012/06/19 15:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/19 15:37:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe [2012/06/19 15:13:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000UA.job [2012/06/19 13:16:15 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/19 13:16:15 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/19 13:16:15 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/19 13:01:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\v\Desktop\dds.scr [2012/06/19 12:57:43 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000Core.job [2012/06/19 10:22:01 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/19 10:22:01 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/19 09:37:49 | 428,879,871 | -HS- | M] () -- C:\hiberfil.sys [2012/06/19 08:54:59 | 000,001,058 | ---- | M] () -- C:\Windows\DCEBOOT.RST [2012/06/19 08:53:55 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe [2012/06/19 08:53:41 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe [2012/06/19 08:28:48 | 006,134,495 | ---- | M] () -- C:\Users\v\AppData\Local\census.cache [2012/06/19 08:24:39 | 000,097,048 | ---- | M] () -- C:\Users\v\AppData\Local\ars.cache [2012/06/18 21:47:45 | 000,197,252 | ---- | M] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2147.jpg [2012/06/18 20:36:26 | 000,183,977 | ---- | M] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2036.jpg [2012/06/13 09:08:24 | 000,000,407 | ---- | M] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-13_-_bad_emails_fixed_results0.csv [2012/06/13 09:03:56 | 000,002,745 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13 - bad emails fixed.csv [2012/06/13 08:42:55 | 000,214,329 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13_results.csv [2012/06/12 23:30:51 | 000,032,562 | ---- | M] () -- C:\Users\v\Documents\Af231b163-4fda-4423-9f71-efd89fa1f46c.pdf [2012/06/09 15:09:52 | 000,009,501 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 35 - dupe updates.csv [2012/06/09 02:01:44 | 000,048,306 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_35_06092012.csv [2012/06/09 01:39:14 | 000,007,004 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 34 - dupe updates.csv [2012/06/09 00:48:43 | 000,050,811 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_34_06092012.csv [2012/06/09 00:37:55 | 000,005,107 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 33 - dupe updates.csv [2012/06/08 21:49:14 | 000,051,170 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_33_06082012.csv [2012/06/08 21:34:45 | 000,000,164 | ---- | M] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-05_Group_32_-_dupe_updates_results0.csv [2012/06/08 21:30:57 | 000,003,453 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 32 - dupe updates.csv [2012/06/08 20:46:52 | 000,051,919 | ---- | M] () -- C:\Users\v\Documents\export_2102-06-05_Import_-_Group_32_06082012.csv [2012/06/08 13:01:01 | 000,870,540 | ---- | M] () -- C:\Users\v\Documents\ET Export Results - thru 2012-06-08.zip [2012/06/08 12:51:54 | 000,003,708 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 29 - dupe updates.csv [2012/06/08 12:24:42 | 000,038,987 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_29_06082012.csv [2012/06/06 11:01:19 | 000,060,336 | ---- | M] () -- C:\Users\v\g2mdlhlpx.exe [2012/06/05 10:31:19 | 000,001,577 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05 - bad emails fixed.csv [2012/06/05 10:08:28 | 000,063,605 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_results.csv [2012/06/03 22:58:11 | 000,009,222 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-05-31_results.csv [2012/05/26 16:41:54 | 000,737,319 | ---- | M] () -- C:\Users\v\Documents\found beagle - Speedway Kolb - 2012-05-26.jpg [2012/05/21 11:52:17 | 000,363,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012/06/19 10:19:01 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ [2012/06/19 08:55:28 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ [2012/06/19 08:55:28 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ [2012/06/19 08:55:27 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ [2012/06/19 08:55:27 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ [2012/06/19 08:54:59 | 000,001,058 | ---- | C] () -- C:\Windows\DCEBOOT.RST [2012/06/19 08:53:34 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe [2012/06/19 08:53:32 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe [2012/06/19 02:31:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ [2012/06/19 02:30:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ [2012/06/18 21:47:45 | 000,197,252 | ---- | C] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2147.jpg [2012/06/18 20:36:26 | 000,183,977 | ---- | C] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2036.jpg [2012/06/13 09:08:26 | 000,000,407 | ---- | C] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-13_-_bad_emails_fixed_results0.csv [2012/06/13 09:03:47 | 000,002,745 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13 - bad emails fixed.csv [2012/06/13 08:42:54 | 000,214,329 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13_results.csv [2012/06/12 23:30:51 | 000,032,562 | ---- | C] () -- C:\Users\v\Documents\Af231b163-4fda-4423-9f71-efd89fa1f46c.pdf [2012/06/09 14:35:05 | 000,009,501 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 35 - dupe updates.csv [2012/06/09 02:01:43 | 000,048,306 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_35_06092012.csv [2012/06/09 00:48:43 | 000,050,811 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_34_06092012.csv [2012/06/09 00:48:28 | 000,007,004 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 34 - dupe updates.csv [2012/06/08 21:58:34 | 000,005,107 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 33 - dupe updates.csv [2012/06/08 21:49:14 | 000,051,170 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_33_06082012.csv [2012/06/08 21:34:47 | 000,000,164 | ---- | C] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-05_Group_32_-_dupe_updates_results0.csv [2012/06/08 20:46:52 | 000,051,919 | ---- | C] () -- C:\Users\v\Documents\export_2102-06-05_Import_-_Group_32_06082012.csv [2012/06/08 20:35:41 | 000,003,453 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 32 - dupe updates.csv [2012/06/08 13:01:00 | 000,870,540 | ---- | C] () -- C:\Users\v\Documents\ET Export Results - thru 2012-06-08.zip [2012/06/08 12:24:42 | 000,038,987 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_29_06082012.csv [2012/06/08 12:15:58 | 000,003,708 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 29 - dupe updates.csv [2012/06/05 10:31:13 | 000,001,577 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05 - bad emails fixed.csv [2012/06/05 10:08:28 | 000,063,605 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_results.csv [2012/06/03 22:58:34 | 000,009,222 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-05-31_results.csv [2012/05/26 16:41:54 | 000,737,319 | ---- | C] () -- C:\Users\v\Documents\found beagle - Speedway Kolb - 2012-05-26.jpg [2012/02/27 22:59:32 | 000,157,184 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ [2011/11/10 21:12:06 | 006,134,495 | ---- | C] () -- C:\Users\v\AppData\Local\census.cache [2011/11/10 21:08:46 | 000,097,048 | ---- | C] () -- C:\Users\v\AppData\Local\ars.cache [2011/05/13 20:12:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat [2011/05/08 15:25:43 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe [2011/05/08 15:25:43 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat [2011/05/07 13:09:43 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/05/07 11:50:07 | 000,000,036 | ---- | C] () -- C:\Users\v\AppData\Local\housecall.guid.cache [2011/05/01 21:01:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011/01/22 12:56:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2010/12/29 19:21:44 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/12/29 19:18:46 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini [2010/12/29 19:18:46 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini [2010/12/29 19:18:46 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini [2010/12/29 19:18:46 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini [2010/12/29 19:18:46 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini [2010/12/29 19:18:46 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2010/12/29 19:18:46 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini [2010/12/29 18:42:01 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin [2010/12/29 17:33:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011/05/14 13:46:01 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Across Lite 2.0 [2012/05/28 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Azureus [2012/03/31 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\DAEMON Tools Lite [2011/05/08 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\PDF Writer [2011/12/08 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\webex [2011/05/13 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\WildTangent [2012/06/12 20:17:15 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/19/2012 3:49:20 PM - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\v\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.87 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 78.61% Memory free 11.73 Gb Paging File | 10.18 Gb Available in Paging File | 86.81% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 581.42 Gb Total Space | 468.85 Gb Free Space | 80.64% Space Free | Partition Type: NTFS Drive E: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.42% Space Free | Partition Type: FAT32 Computer Name: V-PC | User Name: v | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour "{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support "{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock "{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501) "Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304 "DW WLAN Card Utility" = DW WLAN Card Utility "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinRAR archiver" = WinRAR 4.00 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3 "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer "{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese "{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31 "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker "{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding "{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy "{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{975EA987-5D79-4A1C-AD71-D27B28347B48}" = Across Lite "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar "{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista "{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack "{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean "{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery "{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call "{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center "{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English "{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian "ActiveTouchMeetingClient" = WebEx "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Audio FX Engine" = Advanced Audio FX Engine "DAEMON Tools Lite" = DAEMON Tools Lite "dBpoweramp Music Converter" = dBpoweramp Music Converter "Dell Dock" = Dell Dock "Dell Webcam Central" = Dell Webcam Central "GoToAssist" = GoToAssist 8.0.0.514 "GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "VLC media player" = VLC media player 1.1.11 "WildTangent dell Master Uninstall" = WildTangent Games "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 5.3.0.970 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 4/10/2012 4:18:13 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 4/10/2012 4:18:30 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Error - 4/12/2012 12:42:23 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 4/12/2012 12:42:23 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 4/14/2012 1:46:09 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 4/14/2012 1:46:25 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 4/14/2012 1:46:41 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Error - 4/17/2012 3:35:05 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Error - 4/17/2012 3:35:25 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842787 Description = Activation context generation failed for "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error - 4/17/2012 3:35:44 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842811 Description = Activation context generation failed for "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file "c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll" on line 2. Invalid Xml syntax. Error - 4/18/2012 5:02:48 AM | Computer Name = v-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_EventSystem, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp: 0x4a5be035 Exception code: 0xc0000005 Fault offset: 0x00000000000388cb Faulting process id: 0x14c Faulting application start time: 0x01cd1d2fa807ad65 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\RPCRT4.dll Report Id: 447d7a50-8935-11e1-89de-eafc7b289c79 [ Dell Events ] Error - 6/14/2011 12:45:44 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 12:41:01 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 12:41:01 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 2:38:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 2:38:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 3:25:24 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/2/2011 3:25:24 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/3/2011 3:08:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 7/3/2011 3:08:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. Error - 9/1/2011 6:21:13 PM | Computer Name = v-PC | Source = DataSafe | ID = 17 Description = The process was interrupted before completion. [ System Events ] Error - 6/19/2012 11:55:08 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 6/19/2012 11:55:09 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7000 Description = The Security Center service failed to start due to the following error: %%1079 Error - 6/19/2012 11:56:38 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 Error - 6/19/2012 11:56:38 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 6/19/2012 12:37:58 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 6/19/2012 12:37:58 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 6/19/2012 12:38:00 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 6/19/2012 12:38:01 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7000 Description = The Security Center service failed to start due to the following error: %%1079 Error - 6/19/2012 12:40:10 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023 Description = The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 Error - 6/19/2012 12:40:10 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7001 Description = The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 < End of report >
  3. suchek
    Hello. I've seen other people post with this same problem, but the solution has varied by user. I've picked up Trojan.Dropper.BCMiner from an infected site. When I went to the site, it automatically began downloading a PDF (I didn't click on anyting). I tried to cancel the download, but the download showed completed in my Firefox Downloads window. Because of the unprompted download, I ran MBAM, and it found the BCMiner trojan. MBAM finds it, quarantines it succesfully, and prompts a reboot, but the trojan is still there on every restart -- MBAM finds it again. After unsuccessful removal attempts w. MBAM, I ran Trend Micro's HouseCall, which also found the Trojan and also prompted a reboot to finish "fixing" the infection. But after reboot, the Trojan is still there and detectable by both HC and MBAM. It's causing system slowdown, redirecting links in search results to spam/advertising sites, and opening new browser windows to spam/ad sites when I first launch my browsers. Please help. I'm over my head here and don't run anything like Combofix or Farfar without instructions. The DDS.txt and Attach.txt logs are below. I can also post my MBAM logs if needed. Any help is very much appreciated. ------------------------------------------------------- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by v at 13:37:15 on 2012-06-19 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4816 [GMT -7:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\WUDFHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.nytimes.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll uRun: [Google Update] "C:\Users\v\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: alohaenterprise.com\nextstudent Trusted Zone: nextstudent.com\exchange DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 10.10.1.77 10.10.1.83 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\140707C65602E4564777F627B602564693632693 : DhcpNameServer = 10.0.1.1 TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\14E64627F696461405 : DhcpNameServer = 192.168.43.1 TCP: Interfaces\{77690690-0FDD-488C-A672-5196682B4345} : DhcpNameServer = 10.10.1.77 10.10.1.83 Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll BHO-X64: Search Helper - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-29 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-29 13336] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-29 689472] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2320920] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-06-19 15:53:34 21520 ----a-w- C:\Windows\DCEBoot64.exe 2012-06-19 15:53:32 129024 ----a-w- C:\Windows\RegBootClean64.exe 2012-06-19 11:12:28 -------- d-----w- C:\Program Files (x86)\Kaspersky 2012-06-19 09:42:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-16 04:18:10 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04148417-5380-469B-A127-3C937C84097A}\mpengine.dll 2012-06-16 04:13:09 -------- d-----w- C:\Users\v\AppData\Local\Macromedia 2012-05-29 02:01:45 -------- d-----w- C:\Users\v\.swt 2012-05-29 02:01:08 -------- d-----w- C:\Users\v\AppData\Local\CRE 2012-05-29 02:00:59 -------- d-----w- C:\Program Files (x86)\Conduit 2012-05-29 02:00:58 -------- d-----w- C:\Users\v\AppData\Local\Conduit . ==================== Find3M ==================== . 2012-06-16 04:11:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-16 04:11:34 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 18:01:19 60336 ----a-w- C:\Users\v\g2mdlhlpx.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-04-21 02:51:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec 2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec 2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys 2012-03-31 22:01:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-03-31 05:52:37 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-31 04:43:25 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-31 04:43:25 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 13:37:27.90 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 1/22/2011 11:58:55 PM System Uptime: 6/19/2012 12:16:25 PM (1 hours ago) . Motherboard: Dell Inc. | | 0G62V9 Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 581 GiB total, 468.842 GiB free. D: is CDROM () E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP142: 5/24/2012 8:34:21 AM - Windows Update RP143: 5/26/2012 8:51:52 AM - Windows Update RP144: 5/29/2012 8:48:52 PM - Windows Update RP145: 6/2/2012 11:03:11 AM - Windows Update RP146: 6/6/2012 7:09:03 AM - Windows Update RP147: 6/12/2012 8:21:07 PM - Windows Update RP148: 6/14/2012 8:01:39 AM - Windows Update RP149: 6/15/2012 9:16:25 PM - Windows Update . ==== Installed Programs ====================== . Across Lite Adobe Flash Player 11 Plugin Adobe Reader 9.1 Advanced Audio FX Engine Apple Application Support Apple Software Update Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system Consumer In-Home Service Agreement Cozi DAEMON Tools Lite dBpoweramp Music Converter Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Dock Dell Getting Started Guide Dell Support Center (Support Software) Dell Webcam Central Google Chrome GoToAssist 8.0.0.514 GoToMeeting 5.3.0.970 GPL Ghostscript Lite 8.70 IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 31 Junk Mail filter update Live! Cam Avatar Creator LoJack Factory Installer Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Office 2010 Microsoft Office Professional Edition 2003 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT QuickTime Realtek USB 2.0 Card Reader Rosetta Stone Version 3 Roxio Burn Security Update for CAPICOM (KB931906) Skype Toolbars Skype™ 4.2 VLC media player 1.1.11 Vuze WebEx WildTangent Games Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 6/19/2012 9:40:10 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/19/2012 9:40:10 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/19/2012 9:38:01 AM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process. 6/19/2012 9:38:00 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/19/2012 9:37:58 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/19/2012 9:37:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/17/2012 8:48:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AESTFilters service. . ==== End Of File ===========================
  4. suchek
    Thank you. Sorry! I didn't mean to post in the wrong forum. I'll post to the Malware Removal Forum.
  5. suchek
    Hello. I've seen other people post with this same problem, but the solution has varied by user. I've picked up Trojan.Dropper.BCMiner from an infected site. When I went to the site, it automatically began downloading a PDF (I didn't click on anyting). I tried to cancel the download, but the download showed completed in my Firefox Downloads window. Because of the unprompted download, I ran MBAM, and it found the BCMiner trojan. MBAM finds it, quarantines it succesfully, and prompts a reboot, but the trojan is still there on every restart -- MBAM finds it again. After unsuccessful removal attempts w. MBAM, I ran Trend Micro's HouseCall, which also found the Trojan and also prompted a reboot to finish "fixing" the infection. But after reboot, the Trojan is still there and detectable by both HC and MBAM. Please help. I'm over my head here and don't want to run anything like Combofix or Farfar without instructions. I can post MBAM logs, but didn't want to do that until instructed. Any help is very much appreciated.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.