Jump to content

remymartini

Members
 View Profile  See their activity

  • Posts

    9

  • Joined

  • Last visited

Reputation

0 Neutral
  1. remymartini
    MBAM: Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kate :: KATE-PC [administrator] 3/6/2013 7:52:25 PM mbam-log-2013-03-06 (19-52-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 210984 Time elapsed: 2 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Hijackthis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:45:04 PM, on 3/6/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16457) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\revouninstaller.exe C:\Users\Kate\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Kate\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing) O2 - BHO: DigitalPersona Fingerprint Software Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Filler Evaluation\CPFillerCoE.dll O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files (x86)\ACT\Act for Windows\ActSage.exe" -preload O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Dropbox.lnk = Kate\AppData\Roaming\Dropbox\bin\Dropbox.exe O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Sage ACT! Outlook Sync.lnk = C:\Program Files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing) O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {12928086-DCCF-4AEF-BB51-D783699A040C} (Siebel High Interactivity Framework) - https://core.waddell.com/fins/19251/applets/SiebelAx_HI_Client.cab O16 - DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} (ooVooWebCtrl Class) - http://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} (Siebel Desktop Integration) - https://core.waddell.com/fins/19251/applets/SiebelAx_Desktop_Integration.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://waddell.webex.com/client/WBXclient-T27L10NSP32EP5-14362/support/ieatgpc1.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (file missing) O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: ACT! Scheduler - Sage Software, Inc. - C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 16277 bytes Currently I'm not seeing the issues such as blue screening. The only concern I have is MBAM showed there still may be something malicious file, but I didn't see anything at the end of the scan.
  2. remymartini
    ComboFix: ComboFix 13-03-05.01 - Kate 03/06/2013 20:50:16.3.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3895.1494 [GMT -5:00] Running from: c:\users\Kate\Desktop\ComboFix.exe Command switches used :: c:\users\Kate\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 ))))))))))))))))))))))))))))))) . . 2013-03-07 01:55 . 2013-03-07 01:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-06 05:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51B22A9B-2BAB-4D03-8679-8F8A4A174871}\mpengine.dll 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\program files\CCleaner 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\users\Kate\AppData\Roaming\Malwarebytes 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\programdata\Malwarebytes 2013-03-04 04:29 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-04 04:29 . 2013-03-06 04:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-02 00:25 . 2013-03-02 00:25 -------- d-----w- C:\528f3de1f79d91819b2d51 2013-02-20 01:17 . 2013-02-20 01:17 -------- d-----w- c:\program files\Microsoft Silverlight 2013-02-20 01:17 . 2013-02-20 01:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-07 00:36 . 2012-02-27 21:36 1786 --sha-w- c:\programdata\KGyGaAvL.sys 2013-03-02 01:42 . 2012-04-13 13:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-02 01:42 . 2012-03-27 21:25 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 00:28 . 2011-11-01 22:03 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-30 10:53 . 2011-05-11 13:19 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-24 08:04 . 2011-06-28 07:07 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2013-01-24 08:02 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-24 08:02 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-24 08:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-24 08:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Spotify Web Helper"="c:\users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-26 1103768] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-11 39408] "Facebook Update"="c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-24 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] . c:\users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Dropbox.lnk - c:\users\Kate\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-8 295606] Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144] Sage ACT! Outlook Sync.lnk - c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-19 91136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 428384] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-05 34160] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-09-04 134456] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 61913952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-06-03 1932592] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 289280] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-06 291328] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 01527406 *NewlyCreated* - 54813143 *Deregistered* - 01527406 *Deregistered* - 54813143 . Contents of the 'Scheduled Tasks' folder . 2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:42] . 2013-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000Core.job - c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 01:54] . 2013-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000UA.job - c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 01:54] . 2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 17:30] . 2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 17:30] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000Core.job - c:\users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 17:30] . 2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000UA.job - c:\users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 17:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [bU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-07 415256] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-05-06 5712896] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 DPF: {12928086-DCCF-4AEF-BB51-D783699A040C} - hxxps://core.waddell.com/fins/19251/applets/SiebelAx_HI_Client.cab DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxps://core.waddell.com/fins/19251/applets/SiebelAx_Desktop_Integration.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-06 20:57:07 ComboFix-quarantined-files.txt 2013-03-07 01:57 ComboFix2.txt 2013-03-07 00:49 . Pre-Run: 386,021,801,984 bytes free Post-Run: 385,958,412,288 bytes free . - - End Of File - - 74EBCA25A41A751DB1322B21D6E5ACDE It seems to be doing much better, thank you. No blue screens since the TDS
  3. remymartini
    Combofix: ComboFix 13-03-05.01 - Kate 03/06/2013 19:39:26.2.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3895.2274 [GMT -5:00] Running from: c:\users\Kate\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\StartNow Toolbar c:\program files (x86)\StartNow Toolbar\genfix.exe c:\program files (x86)\StartNow Toolbar\Reactivate.exe c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png c:\program files (x86)\StartNow Toolbar\Resources\installer.xml c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml c:\program files (x86)\StartNow Toolbar\Resources\update.xml c:\program files (x86)\StartNow Toolbar\search_protect.exe c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe c:\program files (x86)\StartNow Toolbar\Toolbar32.dll c:\program files (x86)\StartNow Toolbar\ToolbarBroker.exe c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe c:\program files (x86)\StartNow Toolbar\uninstall.dat c:\program files (x86)\StartNow Toolbar\XBrowser.dll c:\programdata\3253015AC3.sys c:\programdata\EF7E219771.sys c:\programdata\PCDr\6032\AddOnDownloaded\1abc6cc6-7642-443e-ad9d-336734fd2832.dll c:\programdata\PCDr\6032\AddOnDownloaded\5b35a8f1-54bf-4743-8fd7-358ffc15372a.dll c:\programdata\PCDr\6032\AddOnDownloaded\69eaa8a4-3131-4718-aad0-994ebde678d1.dll c:\programdata\PCDr\6032\AddOnDownloaded\9192d3e9-aa66-4560-a2e3-209867aafd30.dll c:\programdata\PCDr\6032\AddOnDownloaded\d4ffe1c0-8021-4dfa-bf52-cb9224f001ce.dll c:\programdata\PCDr\6032\AddOnDownloaded\e238f8f5-5f0a-478f-b96a-d15f6f6cac94.dll c:\programdata\PCDr\6032\AddOnDownloaded\e5a71f43-c979-4b3d-a544-9ed1dc6dc4c8.dll c:\programdata\PCDr\6032\AddOnDownloaded\f8b3befb-ca07-4bff-8777-f565b237979f.dll c:\users\Kate\AppData\Local\assembly\tmp c:\users\Kate\GoToAssistDownloadHelper.exe c:\windows\security\Database\tmp.edb c:\windows\svchost.exe c:\windows\SysWow64\pt c:\windows\SysWow64\pt\Lagoon.resources.dll c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2013-02-07 to 2013-03-07 ))))))))))))))))))))))))))))))) . . 2013-03-07 00:47 . 2013-03-07 00:47 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-07 00:34 . 2013-03-07 00:34 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51B22A9B-2BAB-4D03-8679-8F8A4A174871}\offreg.dll 2013-03-07 00:20 . 2013-03-07 00:20 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-06 05:36 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51B22A9B-2BAB-4D03-8679-8F8A4A174871}\mpengine.dll 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\program files\CCleaner 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\users\Kate\AppData\Roaming\Malwarebytes 2013-03-04 04:29 . 2013-03-04 04:29 -------- d-----w- c:\programdata\Malwarebytes 2013-03-04 04:29 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-04 04:29 . 2013-03-06 04:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-02 00:25 . 2013-03-02 00:25 -------- d-----w- C:\528f3de1f79d91819b2d51 2013-02-20 01:17 . 2013-02-20 01:17 -------- d-----w- c:\program files\Microsoft Silverlight 2013-02-20 01:17 . 2013-02-20 01:17 -------- d-----w- c:\program files (x86)\Microsoft Silverlight . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-07 00:36 . 2012-02-27 21:36 1786 --sha-w- c:\programdata\KGyGaAvL.sys 2013-03-02 01:42 . 2012-04-13 13:58 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-02 01:42 . 2012-03-27 21:25 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-08 00:28 . 2011-11-01 22:03 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-30 10:53 . 2011-05-11 13:19 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-24 08:04 . 2011-06-28 07:07 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2013-01-24 08:02 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2013-01-24 08:02 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2013-01-24 08:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2013-01-24 08:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Spotify Web Helper"="c:\users\Kate\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-02-26 1103768] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-11 39408] "Facebook Update"="c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-24 138096] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "Act.Outlook.Service"="c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Service.exe" [2010-08-19 28672] "Act! Preloader"="c:\program files (x86)\ACT\Act for Windows\ActSage.exe" [2010-08-19 337224] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] . c:\users\Kate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Dropbox.lnk - c:\users\Kate\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-8 295606] Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 1082144] Sage ACT! Outlook Sync.lnk - c:\program files (x86)\ACT\Act for Windows\Act.Outlook.Sync.exe [2010-8-19 91136] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 ACT! Scheduler;ACT! Scheduler;c:\program files (x86)\ACT\Act for Windows\Act.Scheduler.exe [2010-08-19 81920] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2010-05-06 59744] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R2 SQLAgent$ACT7;SQL Server Agent (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE [2010-05-06 428384] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 40832] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 84864] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-11-05 34160] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 222208] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-12 1255736] R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R4 RsFx0150;RsFx0150 Driver;c:\windows\system32\DRIVERS\RsFx0150.sys [2010-04-03 313696] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [2009-03-03 89600] S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-09-04 134456] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224] S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\sqlservr.exe [2010-05-06 61913952] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920] S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-06-03 1932592] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-29 27760] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-31 289280] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-06 291328] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 01527406 *NewlyCreated* - 54813143 *Deregistered* - 01527406 *Deregistered* - 54813143 . Contents of the 'Scheduled Tasks' folder . 2013-03-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:42] . 2013-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000Core.job - c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 01:54] . 2013-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000UA.job - c:\users\Kate\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-24 01:54] . 2013-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 17:30] . 2013-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 17:30] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000Core.job - c:\users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 17:30] . 2013-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2448888601-4075128759-2911183199-1000UA.job - c:\users\Kate\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-16 17:30] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Kate\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 00:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-07 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-07 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-07 415256] "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-10-01 727664] "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2011-05-06 5712896] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 2320752] "DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "DBRMTray"="c:\dell\DBRM\Reminder\TrayApp.exe" [2010-02-04 7168] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1 DPF: {12928086-DCCF-4AEF-BB51-D783699A040C} - hxxps://core.waddell.com/fins/19251/applets/SiebelAx_HI_Client.cab DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxp://static-www3.cdn.oovoo.com/oovoomelink/oovoome/webvc/ooVooWeb.dll DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxps://core.waddell.com/fins/19251/applets/SiebelAx_Desktop_Integration.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe Wow6432Node-HKCU-Run-StartNow Search Protect - c:\program files (x86)\StartNow Toolbar\search_protect.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-01527406.sys SafeBoot-11425057.sys Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-03-06 19:49:32 ComboFix-quarantined-files.txt 2013-03-07 00:49 . Pre-Run: 385,369,968,640 bytes free Post-Run: 386,187,849,728 bytes free . - - End Of File - - 9DE14FFF9C075684F0FE81BEC64F697B
  4. remymartini
    From TDS: 19:18:48.0105 3892 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 19:18:50.0117 3892 ============================================================ 19:18:50.0117 3892 Current date / time: 2013/03/06 19:18:50.0117 19:18:50.0117 3892 SystemInfo: 19:18:50.0117 3892 19:18:50.0117 3892 OS Version: 6.1.7601 ServicePack: 1.0 19:18:50.0117 3892 Product type: Workstation 19:18:50.0117 3892 ComputerName: KATE-PC 19:18:50.0117 3892 UserName: Kate 19:18:50.0117 3892 Windows directory: C:\Windows 19:18:50.0117 3892 System windows directory: C:\Windows 19:18:50.0117 3892 Running under WOW64 19:18:50.0117 3892 Processor architecture: Intel x64 19:18:50.0117 3892 Number of processors: 4 19:18:50.0117 3892 Page size: 0x1000 19:18:50.0117 3892 Boot type: Safe boot with network 19:18:50.0117 3892 ============================================================ 19:18:50.0975 3892 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:18:50.0991 3892 ============================================================ 19:18:50.0991 3892 \Device\Harddisk0\DR0: 19:18:50.0991 3892 MBR partitions: 19:18:50.0991 3892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x184E000 19:18:50.0991 3892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1862000, BlocksNum 0x38B22000 19:18:50.0991 3892 ============================================================ 19:18:51.0022 3892 C: <-> \Device\Harddisk0\DR0\Partition2 19:18:51.0022 3892 ============================================================ 19:18:51.0022 3892 Initialize success 19:18:51.0022 3892 ============================================================ 19:18:58.0167 3640 ============================================================ 19:18:58.0167 3640 Scan started 19:18:58.0167 3640 Mode: Manual; 19:18:58.0167 3640 ============================================================ 19:19:03.0627 3640 ================ Scan system memory ======================== 19:19:03.0627 3640 System memory - ok 19:19:03.0627 3640 ================ Scan services ============================= 19:19:03.0783 3640 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 19:19:03.0783 3640 1394ohci - ok 19:19:03.0830 3640 [ AEDB94A49236F5FF060C90E09E70281F ] Acceler C:\Windows\system32\DRIVERS\Accelern.sys 19:19:03.0830 3640 Acceler - ok 19:19:03.0892 3640 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 19:19:03.0892 3640 ACPI - ok 19:19:03.0923 3640 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 19:19:03.0923 3640 AcpiPmi - ok 19:19:04.0048 3640 [ 630D2C9D36DAD22829C95C55D36BA5CC ] ACT! Scheduler C:\Program Files (x86)\ACT\Act for Windows\Act.Scheduler.exe 19:19:04.0157 3640 ACT! Scheduler - ok 19:19:04.0235 3640 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 19:19:04.0235 3640 Adobe LM Service - ok 19:19:04.0376 3640 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:19:04.0376 3640 AdobeFlashPlayerUpdateSvc - ok 19:19:04.0423 3640 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 19:19:04.0423 3640 adp94xx - ok 19:19:04.0469 3640 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 19:19:04.0469 3640 adpahci - ok 19:19:04.0485 3640 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 19:19:04.0501 3640 adpu320 - ok 19:19:04.0516 3640 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 19:19:04.0516 3640 AeLookupSvc - ok 19:19:04.0625 3640 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe 19:19:04.0641 3640 AESTFilters - ok 19:19:04.0688 3640 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 19:19:04.0703 3640 AFD - ok 19:19:04.0735 3640 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 19:19:04.0735 3640 agp440 - ok 19:19:04.0766 3640 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 19:19:04.0766 3640 ALG - ok 19:19:04.0797 3640 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 19:19:04.0797 3640 aliide - ok 19:19:04.0828 3640 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 19:19:04.0844 3640 amdide - ok 19:19:04.0859 3640 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 19:19:04.0859 3640 AmdK8 - ok 19:19:04.0891 3640 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 19:19:04.0891 3640 AmdPPM - ok 19:19:04.0937 3640 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 19:19:04.0937 3640 amdsata - ok 19:19:04.0969 3640 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 19:19:04.0969 3640 amdsbs - ok 19:19:04.0984 3640 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 19:19:04.0984 3640 amdxata - ok 19:19:05.0015 3640 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 19:19:05.0015 3640 AppID - ok 19:19:05.0031 3640 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 19:19:05.0047 3640 AppIDSvc - ok 19:19:05.0078 3640 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 19:19:05.0078 3640 Appinfo - ok 19:19:05.0125 3640 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 19:19:05.0140 3640 AppMgmt - ok 19:19:05.0140 3640 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 19:19:05.0156 3640 arc - ok 19:19:05.0156 3640 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 19:19:05.0156 3640 arcsas - ok 19:19:05.0218 3640 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 19:19:05.0218 3640 AsyncMac - ok 19:19:05.0249 3640 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 19:19:05.0249 3640 atapi - ok 19:19:05.0327 3640 [ 3CC3E7786FFD8AF358C40B9CE592F321 ] atashost C:\Windows\SysWOW64\atashost.exe 19:19:05.0327 3640 atashost - ok 19:19:05.0390 3640 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 19:19:05.0390 3640 AudioEndpointBuilder - ok 19:19:05.0405 3640 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 19:19:05.0405 3640 AudioSrv - ok 19:19:05.0483 3640 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 19:19:05.0483 3640 AxInstSV - ok 19:19:05.0530 3640 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 19:19:05.0530 3640 b06bdrv - ok 19:19:05.0593 3640 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 19:19:05.0608 3640 b57nd60a - ok 19:19:05.0655 3640 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys 19:19:05.0655 3640 BCM42RLY - ok 19:19:05.0749 3640 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys 19:19:05.0764 3640 BCM43XX - ok 19:19:05.0795 3640 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 19:19:05.0795 3640 BDESVC - ok 19:19:05.0827 3640 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 19:19:05.0827 3640 Beep - ok 19:19:05.0967 3640 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 19:19:05.0983 3640 BFE - ok 19:19:06.0123 3640 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 19:19:06.0404 3640 BITS - ok 19:19:06.0482 3640 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 19:19:06.0482 3640 blbdrive - ok 19:19:06.0529 3640 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 19:19:06.0529 3640 bowser - ok 19:19:06.0575 3640 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 19:19:06.0575 3640 BrFiltLo - ok 19:19:06.0575 3640 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 19:19:06.0575 3640 BrFiltUp - ok 19:19:06.0638 3640 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 19:19:06.0638 3640 BridgeMP - ok 19:19:06.0669 3640 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 19:19:06.0669 3640 Browser - ok 19:19:06.0700 3640 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 19:19:06.0700 3640 Brserid - ok 19:19:06.0716 3640 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 19:19:06.0716 3640 BrSerWdm - ok 19:19:06.0731 3640 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 19:19:06.0731 3640 BrUsbMdm - ok 19:19:06.0731 3640 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 19:19:06.0747 3640 BrUsbSer - ok 19:19:06.0794 3640 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 19:19:06.0794 3640 BthEnum - ok 19:19:06.0825 3640 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 19:19:06.0825 3640 BTHMODEM - ok 19:19:06.0856 3640 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 19:19:06.0856 3640 BthPan - ok 19:19:06.0903 3640 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys 19:19:06.0919 3640 BTHPORT - ok 19:19:06.0934 3640 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 19:19:06.0934 3640 bthserv - ok 19:19:06.0965 3640 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys 19:19:06.0965 3640 BTHUSB - ok 19:19:06.0997 3640 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys 19:19:06.0997 3640 btwaudio - ok 19:19:07.0059 3640 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys 19:19:07.0059 3640 btwavdt - ok 19:19:07.0153 3640 [ 8318678C71B12D6663D76473F5EC28B1 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 19:19:07.0184 3640 btwdins - ok 19:19:07.0199 3640 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys 19:19:07.0199 3640 btwl2cap - ok 19:19:07.0199 3640 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys 19:19:07.0199 3640 btwrchid - ok 19:19:07.0231 3640 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 19:19:07.0231 3640 cdfs - ok 19:19:07.0293 3640 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 19:19:07.0293 3640 cdrom - ok 19:19:07.0340 3640 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 19:19:07.0340 3640 CertPropSvc - ok 19:19:07.0355 3640 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 19:19:07.0355 3640 circlass - ok 19:19:07.0387 3640 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 19:19:07.0387 3640 CLFS - ok 19:19:07.0480 3640 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:19:07.0480 3640 clr_optimization_v2.0.50727_32 - ok 19:19:07.0543 3640 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:19:07.0543 3640 clr_optimization_v2.0.50727_64 - ok 19:19:07.0621 3640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:19:07.0652 3640 clr_optimization_v4.0.30319_32 - ok 19:19:07.0683 3640 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:19:07.0683 3640 clr_optimization_v4.0.30319_64 - ok 19:19:07.0730 3640 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 19:19:07.0745 3640 CmBatt - ok 19:19:07.0761 3640 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 19:19:07.0761 3640 cmdide - ok 19:19:07.0792 3640 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 19:19:07.0808 3640 CNG - ok 19:19:07.0839 3640 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 19:19:07.0839 3640 Compbatt - ok 19:19:07.0901 3640 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 19:19:07.0917 3640 CompositeBus - ok 19:19:07.0933 3640 COMSysApp - ok 19:19:07.0964 3640 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 19:19:07.0964 3640 crcdisk - ok 19:19:07.0995 3640 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 19:19:07.0995 3640 CryptSvc - ok 19:19:08.0042 3640 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 19:19:08.0042 3640 CSC - ok 19:19:08.0104 3640 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 19:19:08.0104 3640 CscService - ok 19:19:08.0229 3640 [ FBE228ABEAB2BE13B9C3A3A112D4D8DC ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys 19:19:08.0245 3640 CtClsFlt - ok 19:19:08.0557 3640 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 19:19:08.0572 3640 cvhsvc - ok 19:19:08.0619 3640 [ 7AF9DAC504FBD047CBC3E64AE52C92BF ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys 19:19:08.0619 3640 dc3d - ok 19:19:08.0713 3640 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 19:19:08.0744 3640 DcomLaunch - ok 19:19:08.0791 3640 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 19:19:08.0806 3640 defragsvc - ok 19:19:08.0837 3640 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 19:19:08.0837 3640 DfsC - ok 19:19:08.0869 3640 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 19:19:08.0869 3640 Dhcp - ok 19:19:08.0900 3640 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 19:19:08.0900 3640 discache - ok 19:19:08.0931 3640 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 19:19:08.0947 3640 Disk - ok 19:19:08.0978 3640 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 19:19:08.0978 3640 Dnscache - ok 19:19:09.0009 3640 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 19:19:09.0025 3640 dot3svc - ok 19:19:09.0056 3640 [ 0C23BF4CDDBECBACA8659A96C359E0DD ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe 19:19:09.0056 3640 DpHost - ok 19:19:09.0087 3640 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 19:19:09.0087 3640 DPS - ok 19:19:09.0118 3640 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 19:19:09.0118 3640 drmkaud - ok 19:19:09.0165 3640 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 19:19:09.0196 3640 DXGKrnl - ok 19:19:09.0243 3640 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 19:19:09.0243 3640 EapHost - ok 19:19:09.0337 3640 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 19:19:09.0399 3640 ebdrv - ok 19:19:09.0461 3640 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 19:19:09.0461 3640 EFS - ok 19:19:09.0524 3640 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 19:19:09.0539 3640 ehRecvr - ok 19:19:09.0555 3640 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 19:19:09.0555 3640 ehSched - ok 19:19:09.0586 3640 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 19:19:09.0586 3640 elxstor - ok 19:19:09.0633 3640 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 19:19:09.0633 3640 ErrDev - ok 19:19:09.0695 3640 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 19:19:09.0695 3640 EventSystem - ok 19:19:09.0727 3640 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 19:19:09.0727 3640 exfat - ok 19:19:09.0742 3640 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 19:19:09.0742 3640 fastfat - ok 19:19:09.0820 3640 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 19:19:09.0836 3640 Fax - ok 19:19:09.0851 3640 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 19:19:09.0867 3640 fdc - ok 19:19:09.0867 3640 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 19:19:09.0867 3640 fdPHost - ok 19:19:09.0883 3640 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 19:19:09.0883 3640 FDResPub - ok 19:19:09.0914 3640 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 19:19:09.0929 3640 FileInfo - ok 19:19:09.0929 3640 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 19:19:09.0929 3640 Filetrace - ok 19:19:09.0992 3640 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:19:09.0992 3640 FLEXnet Licensing Service - ok 19:19:10.0023 3640 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 19:19:10.0023 3640 flpydisk - ok 19:19:10.0070 3640 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 19:19:10.0070 3640 FltMgr - ok 19:19:10.0148 3640 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 19:19:10.0366 3640 FontCache - ok 19:19:10.0522 3640 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:19:10.0538 3640 FontCache3.0.0.0 - ok 19:19:10.0569 3640 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 19:19:10.0585 3640 FsDepends - ok 19:19:10.0647 3640 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 19:19:10.0663 3640 Fs_Rec - ok 19:19:10.0741 3640 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 19:19:10.0741 3640 fvevol - ok 19:19:10.0787 3640 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 19:19:10.0803 3640 gagp30kx - ok 19:19:10.0834 3640 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 19:19:10.0865 3640 gpsvc - ok 19:19:10.0943 3640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:19:10.0975 3640 gupdate - ok 19:19:11.0006 3640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:19:11.0006 3640 gupdatem - ok 19:19:11.0053 3640 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 19:19:11.0068 3640 gusvc - ok 19:19:11.0084 3640 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 19:19:11.0084 3640 hcw85cir - ok 19:19:11.0131 3640 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 19:19:11.0131 3640 HDAudBus - ok 19:19:11.0177 3640 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 19:19:11.0177 3640 HECIx64 - ok 19:19:11.0193 3640 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 19:19:11.0193 3640 HidBatt - ok 19:19:11.0209 3640 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 19:19:11.0209 3640 HidBth - ok 19:19:11.0255 3640 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 19:19:11.0255 3640 HidIr - ok 19:19:11.0271 3640 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 19:19:11.0271 3640 hidserv - ok 19:19:11.0318 3640 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 19:19:11.0318 3640 HidUsb - ok 19:19:11.0365 3640 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 19:19:11.0365 3640 hkmsvc - ok 19:19:11.0411 3640 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 19:19:11.0411 3640 HomeGroupListener - ok 19:19:11.0443 3640 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 19:19:11.0443 3640 HomeGroupProvider - ok 19:19:11.0489 3640 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 19:19:11.0489 3640 HpSAMD - ok 19:19:11.0567 3640 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 19:19:11.0599 3640 HTTP - ok 19:19:11.0614 3640 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 19:19:11.0614 3640 hwpolicy - ok 19:19:11.0661 3640 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 19:19:11.0661 3640 i8042prt - ok 19:19:11.0755 3640 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 19:19:11.0755 3640 iaStor - ok 19:19:11.0801 3640 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 19:19:11.0801 3640 iaStorV - ok 19:19:11.0926 3640 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:19:11.0957 3640 idsvc - ok 19:19:12.0737 3640 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 19:19:12.0909 3640 igfx - ok 19:19:12.0971 3640 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 19:19:12.0987 3640 iirsp - ok 19:19:13.0049 3640 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 19:19:13.0065 3640 IKEEXT - ok 19:19:13.0096 3640 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 19:19:13.0096 3640 Impcd - ok 19:19:13.0143 3640 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 19:19:13.0143 3640 IntcDAud - ok 19:19:13.0190 3640 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 19:19:13.0190 3640 intelide - ok 19:19:13.0205 3640 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 19:19:13.0205 3640 intelppm - ok 19:19:13.0268 3640 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 19:19:13.0268 3640 IPBusEnum - ok 19:19:13.0283 3640 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:19:13.0283 3640 IpFilterDriver - ok 19:19:13.0361 3640 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 19:19:13.0377 3640 iphlpsvc - ok 19:19:13.0424 3640 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 19:19:13.0424 3640 IPMIDRV - ok 19:19:13.0471 3640 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 19:19:13.0471 3640 IPNAT - ok 19:19:13.0502 3640 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 19:19:13.0502 3640 IRENUM - ok 19:19:13.0517 3640 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 19:19:13.0517 3640 isapnp - ok 19:19:13.0549 3640 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 19:19:13.0549 3640 iScsiPrt - ok 19:19:13.0564 3640 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 19:19:13.0580 3640 kbdclass - ok 19:19:13.0611 3640 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 19:19:13.0627 3640 kbdhid - ok 19:19:13.0627 3640 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 19:19:13.0627 3640 KeyIso - ok 19:19:13.0705 3640 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 19:19:13.0705 3640 KSecDD - ok 19:19:13.0783 3640 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 19:19:13.0783 3640 KSecPkg - ok 19:19:13.0814 3640 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 19:19:13.0814 3640 ksthunk - ok 19:19:13.0876 3640 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 19:19:13.0876 3640 KtmRm - ok 19:19:13.0954 3640 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 19:19:13.0954 3640 LanmanServer - ok 19:19:14.0001 3640 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 19:19:14.0017 3640 LanmanWorkstation - ok 19:19:14.0048 3640 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 19:19:14.0048 3640 lltdio - ok 19:19:14.0095 3640 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 19:19:14.0095 3640 lltdsvc - ok 19:19:14.0110 3640 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 19:19:14.0126 3640 lmhosts - ok 19:19:14.0516 3640 [ 5460828F8951D310B42B442877603B8D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 19:19:14.0516 3640 LMS - ok 19:19:14.0563 3640 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 19:19:14.0563 3640 LSI_FC - ok 19:19:14.0578 3640 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 19:19:14.0578 3640 LSI_SAS - ok 19:19:14.0594 3640 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 19:19:14.0594 3640 LSI_SAS2 - ok 19:19:14.0609 3640 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 19:19:14.0609 3640 LSI_SCSI - ok 19:19:14.0625 3640 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 19:19:14.0625 3640 luafv - ok 19:19:14.0672 3640 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 19:19:14.0687 3640 Mcx2Svc - ok 19:19:14.0703 3640 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 19:19:14.0703 3640 megasas - ok 19:19:14.0750 3640 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 19:19:14.0750 3640 MegaSR - ok 19:19:14.0812 3640 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 19:19:14.0812 3640 MMCSS - ok 19:19:14.0875 3640 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe 19:19:14.0875 3640 MOBKbackup - ok 19:19:14.0921 3640 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\Windows\system32\DRIVERS\MOBK.sys 19:19:14.0921 3640 MOBKFilter - ok 19:19:14.0937 3640 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 19:19:14.0937 3640 Modem - ok 19:19:14.0984 3640 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 19:19:14.0984 3640 monitor - ok 19:19:15.0015 3640 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 19:19:15.0015 3640 mouclass - ok 19:19:15.0031 3640 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 19:19:15.0031 3640 mouhid - ok 19:19:15.0077 3640 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 19:19:15.0077 3640 mountmgr - ok 19:19:15.0140 3640 [ C177A7EBF5E8A0B596F618870516CAB8 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys 19:19:15.0140 3640 MpFilter - ok 19:19:15.0155 3640 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 19:19:15.0155 3640 mpio - ok 19:19:15.0343 3640 [ 0EBB390B7AEEC45EC061D9870A34FD42 ] MpKsl22687f77 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{51B22A9B-2BAB-4D03-8679-8F8A4A174871}\MpKsl22687f77.sys 19:19:15.0343 3640 MpKsl22687f77 - ok 19:19:15.0374 3640 [ 8FBF6B31FE8AF1833D93C5913D5B4D55 ] MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys 19:19:15.0374 3640 MpNWMon - ok 19:19:15.0436 3640 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 19:19:15.0436 3640 mpsdrv - ok 19:19:15.0483 3640 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 19:19:15.0499 3640 MpsSvc - ok 19:19:15.0514 3640 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 19:19:15.0530 3640 MRxDAV - ok 19:19:15.0561 3640 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 19:19:15.0561 3640 mrxsmb - ok 19:19:15.0577 3640 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:19:15.0592 3640 mrxsmb10 - ok 19:19:15.0608 3640 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:19:15.0608 3640 mrxsmb20 - ok 19:19:15.0639 3640 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 19:19:15.0639 3640 msahci - ok 19:19:15.0655 3640 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 19:19:15.0670 3640 msdsm - ok 19:19:15.0686 3640 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 19:19:15.0686 3640 MSDTC - ok 19:19:15.0748 3640 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 19:19:15.0748 3640 Msfs - ok 19:19:15.0764 3640 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 19:19:15.0764 3640 mshidkmdf - ok 19:19:15.0811 3640 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 19:19:15.0811 3640 msisadrv - ok 19:19:15.0842 3640 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 19:19:15.0857 3640 MSiSCSI - ok 19:19:15.0873 3640 msiserver - ok 19:19:15.0920 3640 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 19:19:15.0920 3640 MSKSSRV - ok 19:19:16.0045 3640 [ 157E9E498206A3366BAA7E4697BDD947 ] MsMpSvc c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 19:19:16.0045 3640 MsMpSvc - ok 19:19:16.0060 3640 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 19:19:16.0060 3640 MSPCLOCK - ok 19:19:16.0076 3640 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 19:19:16.0076 3640 MSPQM - ok 19:19:16.0138 3640 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 19:19:16.0232 3640 MsRPC - ok 19:19:16.0513 3640 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 19:19:16.0513 3640 mssmbios - ok 19:19:16.0575 3640 MSSQL$ACT7 - ok 19:19:16.0637 3640 [ 04EF36EAF5C4DBCE424D81B76F1E9231 ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 19:19:16.0669 3640 MSSQLServerADHelper100 - ok 19:19:16.0700 3640 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 19:19:16.0700 3640 MSTEE - ok 19:19:16.0731 3640 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 19:19:16.0731 3640 MTConfig - ok 19:19:16.0747 3640 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 19:19:16.0747 3640 Mup - ok 19:19:16.0793 3640 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 19:19:16.0793 3640 napagent - ok 19:19:16.0840 3640 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 19:19:16.0840 3640 NativeWifiP - ok 19:19:16.0887 3640 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 19:19:16.0918 3640 NDIS - ok 19:19:16.0949 3640 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 19:19:16.0949 3640 NdisCap - ok 19:19:16.0965 3640 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 19:19:16.0965 3640 NdisTapi - ok 19:19:17.0012 3640 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 19:19:17.0012 3640 Ndisuio - ok 19:19:17.0012 3640 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 19:19:17.0027 3640 NdisWan - ok 19:19:17.0059 3640 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 19:19:17.0059 3640 NDProxy - ok 19:19:17.0074 3640 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 19:19:17.0074 3640 NetBIOS - ok 19:19:17.0121 3640 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 19:19:17.0121 3640 NetBT - ok 19:19:17.0152 3640 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 19:19:17.0152 3640 Netlogon - ok 19:19:17.0199 3640 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 19:19:17.0199 3640 Netman - ok 19:19:17.0230 3640 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 19:19:17.0230 3640 netprofm - ok 19:19:17.0261 3640 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:19:17.0261 3640 NetTcpPortSharing - ok 19:19:17.0308 3640 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 19:19:17.0308 3640 nfrd960 - ok 19:19:17.0339 3640 [ 5F7D72CBCDD025AF1F38FDEEE5646968 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys 19:19:17.0339 3640 NisDrv - ok 19:19:17.0402 3640 [ 566DDD5D82520DA01D75F81428AC4C38 ] NisSrv c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 19:19:17.0417 3640 NisSrv - ok 19:19:17.0464 3640 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 19:19:17.0480 3640 NlaSvc - ok 19:19:17.0495 3640 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 19:19:17.0495 3640 Npfs - ok 19:19:17.0558 3640 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 19:19:17.0558 3640 nsi - ok 19:19:17.0589 3640 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 19:19:17.0589 3640 nsiproxy - ok 19:19:17.0636 3640 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 19:19:17.0667 3640 Ntfs - ok 19:19:17.0683 3640 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 19:19:17.0683 3640 Null - ok 19:19:17.0729 3640 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 19:19:17.0745 3640 nvraid - ok 19:19:17.0776 3640 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 19:19:17.0792 3640 nvstor - ok 19:19:17.0807 3640 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 19:19:17.0807 3640 nv_agp - ok 19:19:17.0885 3640 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 19:19:17.0901 3640 odserv - ok 19:19:17.0932 3640 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 19:19:17.0948 3640 ohci1394 - ok 19:19:17.0979 3640 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 19:19:17.0995 3640 ose - ok 19:19:18.0119 3640 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 19:19:18.0291 3640 osppsvc - ok 19:19:18.0416 3640 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 19:19:18.0431 3640 p2pimsvc - ok 19:19:18.0447 3640 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 19:19:18.0463 3640 p2psvc - ok 19:19:18.0525 3640 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 19:19:18.0525 3640 Parport - ok 19:19:18.0572 3640 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 19:19:18.0572 3640 partmgr - ok 19:19:18.0587 3640 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 19:19:18.0603 3640 PcaSvc - ok 19:19:18.0743 3640 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 19:19:18.0759 3640 pci - ok 19:19:18.0775 3640 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 19:19:18.0775 3640 pciide - ok 19:19:18.0868 3640 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 19:19:18.0884 3640 pcmcia - ok 19:19:18.0899 3640 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 19:19:18.0915 3640 pcw - ok 19:19:19.0024 3640 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 19:19:19.0040 3640 PEAUTH - ok 19:19:19.0071 3640 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 19:19:19.0118 3640 PeerDistSvc - ok 19:19:19.0165 3640 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 19:19:19.0321 3640 PerfHost - ok 19:19:19.0383 3640 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 19:19:19.0414 3640 pla - ok 19:19:19.0461 3640 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 19:19:19.0461 3640 PlugPlay - ok 19:19:19.0477 3640 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 19:19:19.0492 3640 PNRPAutoReg - ok 19:19:19.0508 3640 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 19:19:19.0508 3640 PNRPsvc - ok 19:19:19.0555 3640 [ 9ABFF71FF6F3B9492686D3403FA5DCDB ] Point64 C:\Windows\system32\DRIVERS\point64k.sys 19:19:19.0555 3640 Point64 - ok 19:19:19.0586 3640 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 19:19:19.0601 3640 PolicyAgent - ok 19:19:19.0648 3640 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 19:19:19.0664 3640 Power - ok 19:19:19.0679 3640 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 19:19:19.0679 3640 PptpMiniport - ok 19:19:19.0711 3640 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 19:19:19.0726 3640 Processor - ok 19:19:19.0757 3640 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 19:19:19.0773 3640 ProfSvc - ok 19:19:19.0773 3640 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 19:19:19.0773 3640 ProtectedStorage - ok 19:19:19.0820 3640 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 19:19:19.0820 3640 Psched - ok 19:19:19.0882 3640 [ E0D0CB09AA07B22BE984E4F7EC0326F5 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 19:19:19.0882 3640 PSI_SVC_2 - ok 19:19:19.0898 3640 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 19:19:19.0898 3640 PxHlpa64 - ok 19:19:19.0976 3640 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 19:19:19.0991 3640 ql2300 - ok 19:19:20.0023 3640 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 19:19:20.0038 3640 ql40xx - ok 19:19:20.0054 3640 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 19:19:20.0054 3640 QWAVE - ok 19:19:20.0069 3640 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 19:19:20.0069 3640 QWAVEdrv - ok 19:19:20.0085 3640 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 19:19:20.0101 3640 RasAcd - ok 19:19:20.0116 3640 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 19:19:20.0132 3640 RasAgileVpn - ok 19:19:20.0257 3640 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 19:19:20.0288 3640 RasAuto - ok 19:19:20.0537 3640 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 19:19:20.0771 3640 Rasl2tp - ok 19:19:20.0849 3640 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 19:19:20.0865 3640 RasMan - ok 19:19:20.0896 3640 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 19:19:20.0896 3640 RasPppoe - ok 19:19:20.0943 3640 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 19:19:20.0943 3640 RasSstp - ok 19:19:20.0959 3640 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 19:19:20.0959 3640 rdbss - ok 19:19:21.0021 3640 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 19:19:21.0021 3640 rdpbus - ok 19:19:21.0068 3640 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 19:19:21.0068 3640 RDPCDD - ok 19:19:21.0161 3640 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 19:19:21.0161 3640 RDPDR - ok 19:19:21.0193 3640 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 19:19:21.0193 3640 RDPENCDD - ok 19:19:21.0193 3640 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 19:19:21.0193 3640 RDPREFMP - ok 19:19:21.0255 3640 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 19:19:21.0255 3640 RdpVideoMiniport - ok 19:19:21.0286 3640 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 19:19:21.0302 3640 RDPWD - ok 19:19:21.0364 3640 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 19:19:21.0364 3640 rdyboost - ok 19:19:21.0380 3640 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 19:19:21.0395 3640 RemoteAccess - ok 19:19:21.0411 3640 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 19:19:21.0411 3640 RemoteRegistry - ok 19:19:21.0442 3640 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 19:19:21.0442 3640 RFCOMM - ok 19:19:21.0489 3640 [ 5790BCA445CC40DF8B38C2C48608AAC2 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 19:19:21.0489 3640 RimUsb - ok 19:19:21.0614 3640 [ 3C957189B31C34D3AD21967B12B6AED7 ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 19:19:21.0645 3640 RoxMediaDB12OEM - ok 19:19:21.0676 3640 [ 2B73088CC2CA757A172B425C9398E5BC ] RoxWatch12 C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 19:19:21.0692 3640 RoxWatch12 - ok 19:19:21.0692 3640 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 19:19:21.0692 3640 RpcEptMapper - ok 19:19:21.0770 3640 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 19:19:21.0770 3640 RpcLocator - ok 19:19:21.0801 3640 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 19:19:21.0817 3640 RpcSs - ok 19:19:21.0848 3640 [ EB1C539E621A35A49F7692B0EB565AB9 ] RsFx0150 C:\Windows\system32\DRIVERS\RsFx0150.sys 19:19:21.0863 3640 RsFx0150 - ok 19:19:21.0895 3640 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 19:19:21.0895 3640 rspndr - ok 19:19:21.0926 3640 [ FB39AF63D6617F028BA0EBC21B83360D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 19:19:21.0926 3640 RSUSBSTOR - ok 19:19:21.0988 3640 [ 365ED58B47B46DE8B1C5FA759B6FCD6E ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 19:19:21.0988 3640 RTL8167 - ok 19:19:22.0082 3640 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 19:19:22.0082 3640 s3cap - ok 19:19:22.0097 3640 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 19:19:22.0113 3640 SamSs - ok 19:19:22.0129 3640 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 19:19:22.0129 3640 sbp2port - ok 19:19:22.0316 3640 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 19:19:22.0316 3640 SCardSvr - ok 19:19:22.0363 3640 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 19:19:22.0363 3640 scfilter - ok 19:19:22.0425 3640 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 19:19:22.0441 3640 Schedule - ok 19:19:22.0472 3640 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 19:19:22.0472 3640 SCPolicySvc - ok 19:19:22.0550 3640 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 19:19:22.0550 3640 SDRSVC - ok 19:19:22.0597 3640 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 19:19:22.0597 3640 secdrv - ok 19:19:22.0612 3640 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 19:19:22.0612 3640 seclogon - ok 19:19:22.0675 3640 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 19:19:22.0675 3640 SENS - ok 19:19:22.0690 3640 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 19:19:22.0690 3640 SensrSvc - ok 19:19:22.0721 3640 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 19:19:22.0737 3640 Serenum - ok 19:19:22.0737 3640 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 19:19:22.0753 3640 Serial - ok 19:19:22.0784 3640 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 19:19:22.0784 3640 sermouse - ok 19:19:22.0831 3640 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 19:19:22.0831 3640 SessionEnv - ok 19:19:22.0862 3640 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 19:19:22.0862 3640 sffdisk - ok 19:19:22.0893 3640 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 19:19:22.0893 3640 sffp_mmc - ok 19:19:22.0909 3640 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 19:19:22.0909 3640 sffp_sd - ok 19:19:22.0955 3640 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 19:19:22.0955 3640 sfloppy - ok 19:19:23.0002 3640 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 19:19:23.0018 3640 Sftfs - ok 19:19:23.0111 3640 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 19:19:23.0158 3640 sftlist - ok 19:19:23.0189 3640 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 19:19:23.0189 3640 Sftplay - ok 19:19:23.0221 3640 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 19:19:23.0236 3640 Sftredir - ok 19:19:23.0236 3640 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 19:19:23.0236 3640 Sftvol - ok 19:19:23.0283 3640 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 19:19:23.0299 3640 sftvsa - ok 19:19:23.0330 3640 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 19:19:23.0330 3640 SharedAccess - ok 19:19:23.0377 3640 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 19:19:23.0377 3640 ShellHWDetection - ok 19:19:23.0423 3640 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 19:19:23.0423 3640 SiSRaid2 - ok 19:19:23.0439 3640 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 19:19:23.0439 3640 SiSRaid4 - ok 19:19:23.0470 3640 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 19:19:23.0470 3640 Smb - ok 19:19:23.0564 3640 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 19:19:23.0564 3640 SNMPTRAP - ok 19:19:23.0642 3640 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 19:19:23.0642 3640 spldr - ok 19:19:23.0735 3640 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 19:19:23.0751 3640 Spooler - ok 19:19:23.0829 3640 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 19:19:23.0923 3640 sppsvc - ok 19:19:23.0954 3640 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 19:19:23.0954 3640 sppuinotify - ok 19:19:24.0047 3640 [ BEA7FEA5BB31EB58D78971F821AE6844 ] SQLAgent$ACT7 C:\Program Files\Microsoft SQL Server\MSSQL10_50.ACT7\MSSQL\Binn\SQLAGENT.EXE 19:19:24.0094 3640 SQLAgent$ACT7 - ok 19:19:24.0562 3640 [ 7D67C07C63796775CC5492BCFEAFF125 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 19:19:24.0562 3640 SQLBrowser - ok 19:19:24.0718 3640 [ F98DDFBFE0EE66D4C4B00693512B9527 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:19:24.0718 3640 SQLWriter - ok 19:19:24.0765 3640 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 19:19:24.0765 3640 srv - ok 19:19:24.0781 3640 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 19:19:24.0796 3640 srv2 - ok 19:19:24.0812 3640 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 19:19:24.0812 3640 srvnet - ok 19:19:24.0859 3640 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 19:19:24.0874 3640 SSDPSRV - ok 19:19:24.0890 3640 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 19:19:24.0890 3640 SstpSvc - ok 19:19:24.0999 3640 [ DE9E765BD64FFF598E9F3AAB41874D8A ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe 19:19:24.0999 3640 STacSV - ok 19:19:25.0030 3640 [ 92E7F6666633D2DD91D527503DAA7BE0 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys 19:19:25.0030 3640 stdcfltn - ok 19:19:25.0061 3640 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 19:19:25.0061 3640 stexstor - ok 19:19:25.0093 3640 [ 3FE584503DC68CD206143BC334C43484 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys 19:19:25.0093 3640 STHDA - ok 19:19:25.0155 3640 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 19:19:25.0171 3640 stisvc - ok 19:19:25.0249 3640 [ 7731F46EC0D687A931CBA063E8F90EF0 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 19:19:25.0249 3640 stllssvr - ok 19:19:25.0280 3640 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 19:19:25.0280 3640 storflt - ok 19:19:25.0295 3640 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll 19:19:25.0311 3640 StorSvc - ok 19:19:25.0342 3640 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 19:19:25.0358 3640 storvsc - ok 19:19:25.0389 3640 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 19:19:25.0389 3640 swenum - ok 19:19:25.0561 3640 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 19:19:25.0576 3640 SwitchBoard - ok 19:19:25.0607 3640 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 19:19:25.0607 3640 swprv - ok 19:19:25.0654 3640 [ E5D73228176C9F69072D1F91CED83484 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 19:19:25.0654 3640 SynTP - ok 19:19:25.0717 3640 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 19:19:25.0748 3640 SysMain - ok 19:19:25.0795 3640 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 19:19:25.0795 3640 TabletInputService - ok 19:19:25.0841 3640 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 19:19:25.0841 3640 TapiSrv - ok 19:19:25.0857 3640 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 19:19:25.0873 3640 TBS - ok 19:19:25.0966 3640 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 19:19:25.0997 3640 Tcpip - ok 19:19:26.0044 3640 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 19:19:26.0060 3640 TCPIP6 - ok 19:19:26.0107 3640 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 19:19:26.0107 3640 tcpipreg - ok 19:19:26.0138 3640 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 19:19:26.0169 3640 TDPIPE - ok 19:19:26.0450 3640 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 19:19:26.0450 3640 TDTCP - ok 19:19:26.0731 3640 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 19:19:26.0746 3640 tdx - ok 19:19:26.0809 3640 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 19:19:26.0809 3640 TermDD - ok 19:19:26.0840 3640 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 19:19:26.0855 3640 TermService - ok 19:19:26.0887 3640 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 19:19:26.0887 3640 Themes - ok 19:19:26.0918 3640 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 19:19:26.0918 3640 THREADORDER - ok 19:19:26.0949 3640 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 19:19:26.0949 3640 TrkWks - ok 19:19:26.0996 3640 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 19:19:26.0996 3640 TrustedInstaller - ok 19:19:27.0027 3640 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 19:19:27.0043 3640 tssecsrv - ok 19:19:27.0121 3640 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 19:19:27.0121 3640 TsUsbFlt - ok 19:19:27.0183 3640 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 19:19:27.0183 3640 tunnel - ok 19:19:27.0199 3640 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 19:19:27.0199 3640 uagp35 - ok 19:19:27.0277 3640 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 19:19:27.0277 3640 udfs - ok 19:19:27.0292 3640 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 19:19:27.0308 3640 UI0Detect - ok 19:19:27.0323 3640 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 19:19:27.0323 3640 uliagpkx - ok 19:19:27.0386 3640 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 19:19:27.0386 3640 umbus - ok 19:19:27.0401 3640 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 19:19:27.0401 3640 UmPass - ok 19:19:27.0448 3640 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 19:19:27.0448 3640 UmRdpService - ok 19:19:27.0557 3640 [ 9E89C2D6945389270DE067CE51FF7425 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 19:19:27.0620 3640 UNS - ok 19:19:27.0651 3640 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 19:19:27.0651 3640 upnphost - ok 19:19:27.0667 3640 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 19:19:27.0682 3640 usbccgp - ok 19:19:27.0745 3640 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 19:19:27.0745 3640 usbcir - ok 19:19:27.0760 3640 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 19:19:27.0760 3640 usbehci - ok 19:19:27.0838 3640 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 19:19:27.0838 3640 usbhub - ok 19:19:27.0854 3640 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 19:19:27.0869 3640 usbohci - ok 19:19:27.0869 3640 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 19:19:27.0869 3640 usbprint - ok 19:19:27.0916 3640 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:19:27.0916 3640 USBSTOR - ok 19:19:27.0932 3640 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 19:19:27.0932 3640 usbuhci - ok 19:19:27.0963 3640 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 19:19:27.0979 3640 usbvideo - ok 19:19:27.0979 3640 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 19:19:27.0979 3640 UxSms - ok 19:19:28.0010 3640 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 19:19:28.0010 3640 VaultSvc - ok 19:19:28.0057 3640 [ 20C2342A2B11545601FAB8A0C8026F6E ] vcsFPService C:\Windows\system32\vcsFPService.exe 19:19:28.0119 3640 vcsFPService - ok 19:19:28.0337 3640 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 19:19:28.0353 3640 vdrvroot - ok 19:19:28.0540 3640 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 19:19:28.0556 3640 vds - ok 19:19:28.0603 3640 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 19:19:28.0603 3640 vga - ok 19:19:28.0618 3640 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 19:19:28.0618 3640 VgaSave - ok 19:19:28.0649 3640 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 19:19:28.0649 3640 vhdmp - ok 19:19:28.0665 3640 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 19:19:28.0665 3640 viaide - ok 19:19:28.0727 3640 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 19:19:28.0743 3640 vmbus - ok 19:19:28.0759 3640 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 19:19:28.0759 3640 VMBusHID - ok 19:19:28.0774 3640 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 19:19:28.0774 3640 volmgr - ok 19:19:28.0805 3640 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 19:19:28.0805 3640 volmgrx - ok 19:19:28.0821 3640 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 19:19:28.0821 3640 volsnap - ok 19:19:28.0852 3640 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 19:19:28.0868 3640 vsmraid - ok 19:19:28.0930 3640 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 19:19:28.0961 3640 VSS - ok 19:19:28.0977 3640 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 19:19:28.0977 3640 vwifibus - ok 19:19:29.0008 3640 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 19:19:29.0024 3640 vwififlt - ok 19:19:29.0039 3640 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 19:19:29.0071 3640 W32Time - ok 19:19:29.0086 3640 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 19:19:29.0086 3640 WacomPen - ok 19:19:29.0195 3640 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 19:19:29.0211 3640 WANARP - ok 19:19:29.0227 3640 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 19:19:29.0227 3640 Wanarpv6 - ok 19:19:29.0554 3640 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 19:19:29.0570 3640 WatAdminSvc - ok 19:19:29.0632 3640 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 19:19:29.0663 3640 wbengine - ok 19:19:29.0710 3640 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 19:19:29.0710 3640 WbioSrvc - ok 19:19:29.0757 3640 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 19:19:29.0773 3640 wcncsvc - ok 19:19:29.0773 3640 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 19:19:29.0788 3640 WcsPlugInService - ok 19:19:29.0804 3640 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 19:19:29.0804 3640 Wd - ok 19:19:29.0835 3640 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 19:19:29.0851 3640 Wdf01000 - ok 19:19:29.0866 3640 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 19:19:29.0866 3640 WdiServiceHost - ok 19:19:29.0882 3640 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 19:19:29.0882 3640 WdiSystemHost - ok 19:19:29.0913 3640 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 19:19:29.0913 3640 WebClient - ok 19:19:29.0929 3640 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 19:19:29.0944 3640 Wecsvc - ok 19:19:29.0944 3640 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 19:19:29.0960 3640 wercplsupport - ok 19:19:29.0975 3640 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 19:19:29.0975 3640 WerSvc - ok 19:19:30.0022 3640 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 19:19:30.0022 3640 WfpLwf - ok 19:19:30.0038 3640 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 19:19:30.0038 3640 WIMMount - ok 19:19:30.0038 3640 WinDefend - ok 19:19:30.0053 3640 WinHttpAutoProxySvc - ok 19:19:30.0100 3640 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 19:19:30.0100 3640 Winmgmt - ok 19:19:30.0381 3640 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 19:19:30.0428 3640 WinRM - ok 19:19:30.0506 3640 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys 19:19:30.0506 3640 WinUSB - ok 19:19:30.0553 3640 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 19:19:30.0584 3640 Wlansvc - ok 19:19:30.0631 3640 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 19:19:30.0631 3640 wlcrasvc - ok 19:19:30.0740 3640 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 19:19:30.0771 3640 wlidsvc - ok 19:19:30.0833 3640 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE 19:19:30.0833 3640 wltrysvc - ok 19:19:30.0880 3640 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 19:19:30.0880 3640 WmiAcpi - ok 19:19:30.0911 3640 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 19:19:30.0927 3640 wmiApSrv - ok 19:19:30.0927 3640 WMPNetworkSvc - ok 19:19:31.0005 3640 [ 58540037A4A3EEEEFA47C84100E1694F ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe 19:19:31.0005 3640 WMZuneComm - ok 19:19:31.0052 3640 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 19:19:31.0052 3640 WPCSvc - ok 19:19:31.0145 3640 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 19:19:31.0145 3640 WPDBusEnum - ok 19:19:31.0192 3640 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 19:19:31.0192 3640 ws2ifsl - ok 19:19:31.0223 3640 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 19:19:31.0223 3640 wscsvc - ok 19:19:31.0270 3640 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 19:19:31.0270 3640 WSDPrintDevice - ok 19:19:31.0286 3640 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys 19:19:31.0301 3640 WSDScan - ok 19:19:31.0333 3640 WSearch - ok 19:19:31.0411 3640 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 19:19:31.0473 3640 wuauserv - ok 19:19:31.0504 3640 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 19:19:31.0504 3640 WudfPf - ok 19:19:31.0582 3640 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 19:19:31.0582 3640 WUDFRd - ok 19:19:31.0598 3640 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 19:19:31.0613 3640 wudfsvc - ok 19:19:31.0629 3640 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 19:19:31.0645 3640 WwanSvc - ok 19:19:31.0879 3640 [ D6EF205269C2A584AF6B56B9F95010F8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe 19:19:32.0050 3640 ZuneNetworkSvc - ok 19:19:32.0113 3640 [ 7A565AFE58F3822A9E622868E5CC0E5C ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe 19:19:32.0159 3640 ZuneWlanCfgSvc - ok 19:19:32.0269 3640 ================ Scan global =============================== 19:19:32.0362 3640 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 19:19:32.0518 3640 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:19:32.0534 3640 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll 19:19:32.0565 3640 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 19:19:32.0581 3640 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 19:19:32.0596 3640 [Global] - ok 19:19:32.0596 3640 ================ Scan MBR ================================== 19:19:32.0612 3640 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0 19:19:32.0612 3640 Suspicious mbr (Forged): \Device\Harddisk0\DR0 19:19:32.0690 3640 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 19:19:32.0690 3640 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 19:19:32.0690 3640 ================ Scan VBR ================================== 19:19:32.0705 3640 [ 978F0E7C501D76ADD2D698B8EE3C15FD ] \Device\Harddisk0\DR0\Partition1 19:19:32.0705 3640 \Device\Harddisk0\DR0\Partition1 - ok 19:19:32.0721 3640 [ D6CF5658838A9DF62A912EC5E402094F ] \Device\Harddisk0\DR0\Partition2 19:19:32.0721 3640 \Device\Harddisk0\DR0\Partition2 - ok 19:19:32.0737 3640 ============================================================ 19:19:32.0737 3640 Scan finished 19:19:32.0737 3640 ============================================================ 19:19:32.0737 3948 Detected object count: 1 19:19:32.0737 3948 Actual detected object count: 1 19:20:01.0020 3948 \Device\Harddisk0\DR0\# - copied to quarantine 19:20:01.0020 3948 \Device\Harddisk0\DR0 - copied to quarantine 19:20:01.0191 3948 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 19:20:01.0191 3948 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 19:20:01.0222 3948 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 19:20:01.0238 3948 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 19:20:01.0238 3948 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 19:20:01.0238 3948 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 19:20:01.0238 3948 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 19:20:01.0254 3948 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 19:20:01.0254 3948 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 19:20:01.0254 3948 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 19:20:01.0254 3948 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 19:20:01.0254 3948 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 19:20:01.0300 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 19:20:01.0300 3948 \Device\Harddisk0\DR0 - ok 19:20:01.0347 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 19:20:06.0901 3064 Deinitialize success
  5. remymartini
    So I'm unable to complete combofix. I've attempted to run it 3 times now. The first time it was able to get past stage 30 before blue screening and doing a data dump. I booted in safe boot to run after that crash. The second crash happened within 4 minutes of starting combofix. Not sure what stage it stopped at. Computer rebooted, no blue screen. Booted back in safe boot, combofix crashed at stage 3. Blue screen data dump. Here is the windows error details: Problem signature: Problem Event Name: BlueScreen OS Version: 6.1.7601.2.1.0.256.48 Locale ID: 1033 Additional information about the problem: BCCode: 1e BCP1: FFFFFFFFC0000005 BCP2: FFFFFA8005F5BBB0 BCP3: 0000000000000000 BCP4: 000000007EFA8000 OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Files that help describe the problem: C:\Windows\Minidump\030613-19749-01.dmp C:\Users\Kate\AppData\Local\Temp\WER-90402-0.sysdata.xml Read our privacy statement online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409 If the online privacy statement is not available, please read our privacy statement offline: C:\Windows\system32\en-US\erofflps.txt Any suggestions? Thanks! -Rem
  6. remymartini
    RogueKiller: RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kate [Admin rights] Mode : Remove -- Date : 03/06/2013 00:34:18 | ARK || FAK || MBR | ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] MusicManager.exe -- C:\Users\Kate\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [-] -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\\svchost.exe [x] -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Kate\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") [-] -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKCU\[...]\Internet Settings : WarnonHTTPStoHTTPRedirect (0) -> REPLACED (1) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500420AS +++++ --- User --- [MBR] fcf374f6d9865c196ab4efbb8f8ef93e [bSP] 6bceb32409dc15bb95f8cd87a37f382d : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12444 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25567232 | Size: 464452 Mo User != LL1 ... KO! --- LL1 --- [MBR] 6fba0bf39a0d3a3fdb0fcf4ebf966080 [bSP] 6bceb32409dc15bb95f8cd87a37f382d : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12444 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25567232 | Size: 464452 Mo User != LL2 ... KO! --- LL2 --- [MBR] 6fba0bf39a0d3a3fdb0fcf4ebf966080 [bSP] 6bceb32409dc15bb95f8cd87a37f382d : Windows Vista MBR Code Partition table: 1 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12444 Mo 3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25567232 | Size: 464452 Mo Finished : << RKreport[2]_D_03062013_02d0034.txt >> RKreport[1]_S_03062013_02d0032.txt ; RKreport[2]_D_03062013_02d0034.txt
  7. remymartini
    adwCleaner: # AdwCleaner v2.114 - Logfile created 03/06/2013 at 00:23:05 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : Kate - KATE-PC # Boot Mode : Safe mode with networking # Running from : C:\Users\Kate\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\uTorrentBar Folder Deleted : C:\ProgramData\WeCareReminder Folder Deleted : C:\Users\Kate\AppData\Local\Conduit Folder Deleted : C:\Users\Kate\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Kate\AppData\LocalLow\uTorrentBar ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKCU\Software\StartNow Toolbar Key Deleted : HKCU\Software\wecarereminder Key Deleted : HKCU\Software\Zugo Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{FAA8C612-F1B6-461B-8B60-B54D74D9642E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ToolbarBroker.EXE Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{38BF9661-BDA0-4A74-BB3B-576EC7AE16DC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE} Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr Key Deleted : HKLM\SOFTWARE\Classes\ZGClnt.Mngr.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLM\Software\StartNow Toolbar Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AA5239C8-65A3-4E65-9481-6E13C1EE3083} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EA220E8E-FC80-4FED-ABD8-79210F0E4435} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [startNowToolbarHelper] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{5911488E-9D1E-40EC-8CBB-06B231CC153F}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120911&user_guid=A5504F20262F4792B937F5D8DF89C6EB&machine_id=7591dca608c64d85b47424ee942facae&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source} --> hxxp://www.google.com -\\ Google Chrome v25.0.1364.97 File : C:\Users\Kate\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [392 octets] - [06/03/2013 00:22:35] AdwCleaner[s2].txt - [7845 octets] - [06/03/2013 00:23:05] ########## EOF - C:\AdwCleaner[s2].txt - [7905 octets] ##########
  8. remymartini
    checkup.txt: Results of screen317's Security Check version 0.99.60 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 6 Update 29 Java version out of Date! Adobe Reader 10.0.1 Adobe Reader out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Microsoft Security Client Antimalware MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````
  9. remymartini
    I'm helping my roommate clean up a virus she got on her machine. I greatly appreciate the help. Thank you so much. attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.