Jump to content

Help me remove recurring Backdoor:Win32/Fynloski.A /Backdoor.Messa


Recommended Posts

Hi,

I've already downloaded Malwarebytes Anti-Malware and although it detects the trojan and prompts me to restart, the trojan keeps recurring in groups of 3 instances. I have already uninstalled utorrent and posted the log of the quick scan below:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.18.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

alex :: HOMESERVER [limited]

6/17/2012 11:13:42 PM

mbam-log-2012-06-17 (23-13-42).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 182014

Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Detected: 1

C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> 11388 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft® Windows® Operating System (Backdoor.Messa) -> Data: C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 1

C:\Users\alex\AppData\Roaming\dclogs (Stolen.Data) -> Quarantined and deleted successfully.

Files Detected: 9

C:\$Recycle.Bin\S-1-5-21-3863715708-3900006494-3946961991-1009\$RNN7OX8.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

C:\Users\yuantaoli\AppData\Local\Temp\.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-11-2.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-12-3.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-13-4.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-14-5.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-15-6.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\dclogs\2012-06-16-7.dc (Stolen.Data) -> Quarantined and deleted successfully.

C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe (Backdoor.Messa) -> Delete on reboot.

(end)

Thanks in advance!

Link to post
Share on other sites

Hello Radiish and welcome to MalwareBytes forums.

Be very aware that backdoor trojans are very serious infections, and may well have exposed your personal information and data, any confidential data. Please advise as to what the main use of this system is, since data on the pc may well have been "lifted".

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

RIGHT-click the exe and select Run As Administrator to launch the program. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Step 6

RE-Enable your antivirus program. excl.png

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
Then copy/paste the following into your post (in order):
  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of GMER log;
  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Here are the logs:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-06-18 22:16:44

-----------------------------

22:16:44.876 OS Version: Windows x64 6.1.7601 Service Pack 1

22:16:44.876 Number of processors: 8 586 0x2A07

22:16:44.876 ComputerName: HOMESERVER UserName: yuantaoli

22:16:45.454 Initialize success

22:16:59.650 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

22:16:59.651 Disk 0 Vendor: ST500LM0 2AR1 Size: 476940MB BusType: 3

22:16:59.685 Disk 0 MBR read successfully

22:16:59.687 Disk 0 MBR scan

22:16:59.688 Disk 0 Windows 7 default MBR code

22:16:59.692 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048

22:16:59.705 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848

22:16:59.716 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848

22:16:59.724 Disk 0 scanning C:\windows\system32\drivers

22:17:04.901 Service scanning

22:17:23.376 Modules scanning

22:17:23.381 Scan finished successfully

22:17:42.669 Disk 0 MBR has been saved successfully to "C:\Users\yuantaoli\Desktop\MBR.dat"

22:17:42.670 The log file has been saved successfully to "C:\Users\yuantaoli\Desktop\aswMBR.txt"

___________________________________________________

22:18:30.0763 6860 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

22:18:31.0048 6860 ============================================================

22:18:31.0048 6860 Current date / time: 2012/06/18 22:18:31.0048

22:18:31.0048 6860 SystemInfo:

22:18:31.0048 6860

22:18:31.0048 6860 OS Version: 6.1.7601 ServicePack: 1.0

22:18:31.0048 6860 Product type: Workstation

22:18:31.0048 6860 ComputerName: HOMESERVER

22:18:31.0048 6860 UserName: yuantaoli

22:18:31.0049 6860 Windows directory: C:\windows

22:18:31.0049 6860 System windows directory: C:\windows

22:18:31.0049 6860 Running under WOW64

22:18:31.0049 6860 Processor architecture: Intel x64

22:18:31.0049 6860 Number of processors: 8

22:18:31.0049 6860 Page size: 0x1000

22:18:31.0049 6860 Boot type: Normal boot

22:18:31.0049 6860 ============================================================

22:18:31.0404 6860 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:18:31.0408 6860 ============================================================

22:18:31.0408 6860 \Device\Harddisk0\DR0:

22:18:31.0410 6860 MBR partitions:

22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

22:18:31.0410 6860 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030

22:18:31.0410 6860 ============================================================

22:18:31.0521 6860 C: <-> \Device\Harddisk0\DR0\Partition1

22:18:31.0521 6860 ============================================================

22:18:31.0521 6860 Initialize success

22:18:31.0521 6860 ============================================================

22:18:54.0326 10248 ============================================================

22:18:54.0326 10248 Scan started

22:18:54.0326 10248 Mode: Manual; SigCheck; TDLFS;

22:18:54.0326 10248 ============================================================

22:18:54.0614 10248 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

22:18:54.0659 10248 1394ohci - ok

22:18:54.0700 10248 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

22:18:54.0712 10248 ACPI - ok

22:18:54.0726 10248 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

22:18:54.0753 10248 AcpiPmi - ok

22:18:54.0866 10248 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:18:54.0875 10248 AdobeFlashPlayerUpdateSvc - ok

22:18:54.0920 10248 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

22:18:54.0935 10248 adp94xx - ok

22:18:54.0982 10248 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

22:18:54.0995 10248 adpahci - ok

22:18:55.0002 10248 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

22:18:55.0011 10248 adpu320 - ok

22:18:55.0043 10248 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

22:18:55.0090 10248 AeLookupSvc - ok

22:18:55.0193 10248 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

22:18:55.0220 10248 AESTFilters - ok

22:18:55.0287 10248 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

22:18:55.0317 10248 AFD - ok

22:18:55.0379 10248 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

22:18:55.0387 10248 agp440 - ok

22:18:55.0433 10248 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

22:18:55.0477 10248 ALG - ok

22:18:55.0506 10248 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

22:18:55.0513 10248 aliide - ok

22:18:55.0516 10248 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

22:18:55.0523 10248 amdide - ok

22:18:55.0557 10248 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

22:18:55.0574 10248 AmdK8 - ok

22:18:55.0578 10248 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

22:18:55.0593 10248 AmdPPM - ok

22:18:55.0627 10248 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

22:18:55.0635 10248 amdsata - ok

22:18:55.0641 10248 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

22:18:55.0652 10248 amdsbs - ok

22:18:55.0664 10248 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

22:18:55.0671 10248 amdxata - ok

22:18:55.0724 10248 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys

22:18:55.0766 10248 AMPPAL - ok

22:18:55.0769 10248 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys

22:18:55.0778 10248 AMPPALP - ok

22:18:55.0898 10248 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

22:18:55.0922 10248 AMPPALR3 - ok

22:18:56.0073 10248 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys

22:18:56.0086 10248 ApfiltrService - ok

22:18:56.0143 10248 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

22:18:56.0208 10248 AppID - ok

22:18:56.0235 10248 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

22:18:56.0279 10248 AppIDSvc - ok

22:18:56.0299 10248 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

22:18:56.0339 10248 Appinfo - ok

22:18:56.0405 10248 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll

22:18:56.0455 10248 AppMgmt - ok

22:18:56.0489 10248 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

22:18:56.0497 10248 arc - ok

22:18:56.0508 10248 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

22:18:56.0517 10248 arcsas - ok

22:18:56.0639 10248 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

22:18:56.0645 10248 aspnet_state - ok

22:18:56.0684 10248 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

22:18:56.0724 10248 AsyncMac - ok

22:18:56.0768 10248 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

22:18:56.0775 10248 atapi - ok

22:18:56.0826 10248 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

22:18:56.0881 10248 AudioEndpointBuilder - ok

22:18:56.0886 10248 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

22:18:56.0917 10248 AudioSrv - ok

22:18:56.0953 10248 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

22:18:56.0988 10248 AxInstSV - ok

22:18:57.0059 10248 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

22:18:57.0106 10248 b06bdrv - ok

22:18:57.0143 10248 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

22:18:57.0170 10248 b57nd60a - ok

22:18:57.0321 10248 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

22:18:57.0331 10248 BBSvc - ok

22:18:57.0380 10248 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

22:18:57.0390 10248 BBUpdate - ok

22:18:57.0446 10248 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

22:18:57.0495 10248 BDESVC - ok

22:18:57.0533 10248 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

22:18:57.0578 10248 Beep - ok

22:18:57.0632 10248 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

22:18:57.0679 10248 BFE - ok

22:18:57.0730 10248 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll

22:18:57.0783 10248 BITS - ok

22:18:57.0846 10248 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

22:18:57.0868 10248 blbdrive - ok

22:18:58.0002 10248 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

22:18:58.0042 10248 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning

22:18:58.0042 10248 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)

22:18:58.0083 10248 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

22:18:58.0124 10248 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning

22:18:58.0124 10248 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)

22:18:58.0163 10248 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

22:18:58.0205 10248 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning

22:18:58.0205 10248 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)

22:18:58.0322 10248 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

22:18:58.0353 10248 bowser - ok

22:18:58.0398 10248 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

22:18:58.0427 10248 BrFiltLo - ok

22:18:58.0429 10248 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

22:18:58.0463 10248 BrFiltUp - ok

22:18:58.0523 10248 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

22:18:58.0566 10248 Browser - ok

22:18:58.0585 10248 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

22:18:58.0627 10248 Brserid - ok

22:18:58.0631 10248 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

22:18:58.0659 10248 BrSerWdm - ok

22:18:58.0687 10248 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

22:18:58.0711 10248 BrUsbMdm - ok

22:18:58.0719 10248 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

22:18:58.0743 10248 BrUsbSer - ok

22:18:58.0773 10248 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys

22:18:58.0794 10248 BthEnum - ok

22:18:58.0822 10248 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

22:18:58.0851 10248 BTHMODEM - ok

22:18:58.0885 10248 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys

22:18:58.0911 10248 BthPan - ok

22:18:58.0937 10248 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys

22:18:58.0952 10248 BTHPORT - ok

22:18:58.0994 10248 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

22:18:59.0020 10248 bthserv - ok

22:18:59.0094 10248 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

22:18:59.0102 10248 BTHSSecurityMgr - ok

22:18:59.0134 10248 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys

22:18:59.0165 10248 BTHUSB - ok

22:18:59.0198 10248 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys

22:18:59.0216 10248 btmaudio - ok

22:18:59.0250 10248 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys

22:18:59.0273 10248 btmaux - ok

22:18:59.0312 10248 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys

22:18:59.0343 10248 btmhsf - ok

22:18:59.0401 10248 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

22:18:59.0445 10248 cdfs - ok

22:18:59.0491 10248 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

22:18:59.0514 10248 cdrom - ok

22:18:59.0565 10248 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

22:18:59.0607 10248 CertPropSvc - ok

22:18:59.0633 10248 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

22:18:59.0662 10248 circlass - ok

22:18:59.0697 10248 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

22:18:59.0710 10248 CLFS - ok

22:18:59.0798 10248 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:18:59.0805 10248 clr_optimization_v2.0.50727_32 - ok

22:18:59.0857 10248 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:18:59.0863 10248 clr_optimization_v2.0.50727_64 - ok

22:18:59.0947 10248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:18:59.0954 10248 clr_optimization_v4.0.30319_32 - ok

22:18:59.0997 10248 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:19:00.0020 10248 clr_optimization_v4.0.30319_64 - ok

22:19:00.0064 10248 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

22:19:00.0087 10248 CmBatt - ok

22:19:00.0102 10248 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

22:19:00.0109 10248 cmdide - ok

22:19:00.0162 10248 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

22:19:00.0181 10248 CNG - ok

22:19:00.0229 10248 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

22:19:00.0236 10248 Compbatt - ok

22:19:00.0274 10248 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

22:19:00.0304 10248 CompositeBus - ok

22:19:00.0332 10248 COMSysApp - ok

22:19:00.0355 10248 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

22:19:00.0363 10248 crcdisk - ok

22:19:00.0389 10248 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

22:19:00.0400 10248 CryptSvc - ok

22:19:00.0461 10248 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys

22:19:00.0515 10248 CSC - ok

22:19:00.0574 10248 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll

22:19:00.0607 10248 CscService - ok

22:19:00.0678 10248 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\windows\system32\DRIVERS\CtClsFlt.sys

22:19:00.0703 10248 CtClsFlt - ok

22:19:00.0751 10248 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys

22:19:00.0757 10248 dc3d - ok

22:19:00.0808 10248 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

22:19:00.0856 10248 DcomLaunch - ok

22:19:00.0905 10248 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

22:19:00.0952 10248 defragsvc - ok

22:19:01.0073 10248 DellDigitalDelivery (fc72d309e86e5caecbbbbc37f7be038d) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

22:19:01.0098 10248 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning

22:19:01.0098 10248 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)

22:19:01.0127 10248 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

22:19:01.0167 10248 DfsC - ok

22:19:01.0213 10248 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

22:19:01.0259 10248 Dhcp - ok

22:19:01.0280 10248 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

22:19:01.0320 10248 discache - ok

22:19:01.0361 10248 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

22:19:01.0368 10248 Disk - ok

22:19:01.0402 10248 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

22:19:01.0448 10248 Dnscache - ok

22:19:01.0456 10248 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

22:19:01.0498 10248 dot3svc - ok

22:19:01.0504 10248 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

22:19:01.0537 10248 DPS - ok

22:19:01.0626 10248 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

22:19:01.0653 10248 drmkaud - ok

22:19:01.0702 10248 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

22:19:01.0724 10248 DXGKrnl - ok

22:19:01.0761 10248 EagleX64 - ok

22:19:01.0801 10248 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

22:19:01.0844 10248 EapHost - ok

22:19:01.0943 10248 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

22:19:02.0001 10248 ebdrv - ok

22:19:02.0085 10248 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

22:19:02.0130 10248 EFS - ok

22:19:02.0199 10248 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

22:19:02.0250 10248 ehRecvr - ok

22:19:02.0317 10248 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

22:19:02.0347 10248 ehSched - ok

22:19:02.0441 10248 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

22:19:02.0457 10248 elxstor - ok

22:19:02.0461 10248 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

22:19:02.0491 10248 ErrDev - ok

22:19:02.0532 10248 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

22:19:02.0580 10248 EventSystem - ok

22:19:02.0728 10248 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

22:19:02.0751 10248 EvtEng - ok

22:19:02.0874 10248 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

22:19:02.0902 10248 exfat - ok

22:19:02.0918 10248 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

22:19:02.0957 10248 fastfat - ok

22:19:03.0020 10248 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

22:19:03.0073 10248 Fax - ok

22:19:03.0120 10248 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

22:19:03.0150 10248 fdc - ok

22:19:03.0181 10248 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

22:19:03.0227 10248 fdPHost - ok

22:19:03.0245 10248 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

22:19:03.0288 10248 FDResPub - ok

22:19:03.0316 10248 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

22:19:03.0324 10248 FileInfo - ok

22:19:03.0334 10248 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

22:19:03.0379 10248 Filetrace - ok

22:19:03.0412 10248 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

22:19:03.0420 10248 flpydisk - ok

22:19:03.0429 10248 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

22:19:03.0440 10248 FltMgr - ok

22:19:03.0484 10248 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

22:19:03.0540 10248 FontCache - ok

22:19:03.0634 10248 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:19:03.0640 10248 FontCache3.0.0.0 - ok

22:19:03.0701 10248 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

22:19:03.0709 10248 FsDepends - ok

22:19:03.0730 10248 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

22:19:03.0737 10248 Fs_Rec - ok

22:19:03.0777 10248 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

22:19:03.0790 10248 fvevol - ok

22:19:03.0826 10248 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

22:19:03.0834 10248 gagp30kx - ok

22:19:03.0876 10248 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

22:19:03.0911 10248 gpsvc - ok

22:19:03.0963 10248 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

22:19:04.0003 10248 hcw85cir - ok

22:19:04.0042 10248 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

22:19:04.0074 10248 HdAudAddService - ok

22:19:04.0113 10248 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

22:19:04.0145 10248 HDAudBus - ok

22:19:04.0148 10248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

22:19:04.0159 10248 HidBatt - ok

22:19:04.0164 10248 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

22:19:04.0178 10248 HidBth - ok

22:19:04.0181 10248 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

22:19:04.0202 10248 HidIr - ok

22:19:04.0236 10248 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll

22:19:04.0276 10248 hidserv - ok

22:19:04.0332 10248 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

22:19:04.0341 10248 HidUsb - ok

22:19:04.0377 10248 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

22:19:04.0425 10248 hkmsvc - ok

22:19:04.0459 10248 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

22:19:04.0507 10248 HomeGroupListener - ok

22:19:04.0552 10248 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

22:19:04.0576 10248 HomeGroupProvider - ok

22:19:04.0602 10248 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

22:19:04.0610 10248 HpSAMD - ok

22:19:04.0648 10248 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

22:19:04.0682 10248 HTTP - ok

22:19:04.0695 10248 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

22:19:04.0703 10248 hwpolicy - ok

22:19:04.0736 10248 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

22:19:04.0744 10248 i8042prt - ok

22:19:04.0789 10248 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys

22:19:04.0801 10248 iaStor - ok

22:19:04.0919 10248 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

22:19:04.0925 10248 IAStorDataMgrSvc - ok

22:19:04.0965 10248 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

22:19:04.0979 10248 iaStorV - ok

22:19:05.0021 10248 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys

22:19:05.0045 10248 iBtFltCoex - ok

22:19:05.0166 10248 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:19:05.0182 10248 idsvc - ok

22:19:05.0453 10248 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys

22:19:05.0693 10248 igfx - ok

22:19:05.0816 10248 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

22:19:05.0824 10248 iirsp - ok

22:19:05.0861 10248 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

22:19:05.0912 10248 IKEEXT - ok

22:19:05.0966 10248 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys

22:19:05.0973 10248 intaud_WaveExtensible - ok

22:19:06.0028 10248 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

22:19:06.0056 10248 IntcDAud - ok

22:19:06.0093 10248 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

22:19:06.0100 10248 intelide - ok

22:19:06.0149 10248 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

22:19:06.0169 10248 intelppm - ok

22:19:06.0207 10248 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

22:19:06.0246 10248 IPBusEnum - ok

22:19:06.0250 10248 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

22:19:06.0289 10248 IpFilterDriver - ok

22:19:06.0317 10248 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

22:19:06.0372 10248 iphlpsvc - ok

22:19:06.0378 10248 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

22:19:06.0405 10248 IPMIDRV - ok

22:19:06.0441 10248 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

22:19:06.0482 10248 IPNAT - ok

22:19:06.0512 10248 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

22:19:06.0524 10248 IRENUM - ok

22:19:06.0542 10248 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

22:19:06.0549 10248 isapnp - ok

22:19:06.0575 10248 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

22:19:06.0586 10248 iScsiPrt - ok

22:19:06.0635 10248 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys

22:19:06.0641 10248 iwdbus - ok

22:19:06.0647 10248 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

22:19:06.0655 10248 kbdclass - ok

22:19:06.0680 10248 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys

22:19:06.0702 10248 kbdhid - ok

22:19:06.0744 10248 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:19:06.0752 10248 KeyIso - ok

22:19:06.0768 10248 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

22:19:06.0777 10248 KSecDD - ok

22:19:06.0792 10248 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

22:19:06.0802 10248 KSecPkg - ok

22:19:06.0826 10248 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

22:19:06.0873 10248 ksthunk - ok

22:19:06.0909 10248 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

22:19:06.0950 10248 KtmRm - ok

22:19:06.0995 10248 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll

22:19:07.0041 10248 LanmanServer - ok

22:19:07.0076 10248 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

22:19:07.0126 10248 LanmanWorkstation - ok

22:19:07.0170 10248 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

22:19:07.0214 10248 lltdio - ok

22:19:07.0255 10248 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

22:19:07.0303 10248 lltdsvc - ok

22:19:07.0320 10248 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

22:19:07.0346 10248 lmhosts - ok

22:19:07.0451 10248 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

22:19:07.0460 10248 LMS - ok

22:19:07.0499 10248 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

22:19:07.0508 10248 LSI_FC - ok

22:19:07.0547 10248 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

22:19:07.0556 10248 LSI_SAS - ok

22:19:07.0560 10248 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

22:19:07.0568 10248 LSI_SAS2 - ok

22:19:07.0573 10248 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

22:19:07.0582 10248 LSI_SCSI - ok

22:19:07.0599 10248 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

22:19:07.0645 10248 luafv - ok

22:19:07.0677 10248 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

22:19:07.0705 10248 Mcx2Svc - ok

22:19:07.0708 10248 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

22:19:07.0716 10248 megasas - ok

22:19:07.0735 10248 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

22:19:07.0746 10248 MegaSR - ok

22:19:07.0797 10248 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys

22:19:07.0803 10248 MEIx64 - ok

22:19:07.0893 10248 Microsoft SharePoint Workspace Audit Service - ok

22:19:07.0918 10248 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

22:19:07.0965 10248 MMCSS - ok

22:19:07.0986 10248 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

22:19:08.0035 10248 Modem - ok

22:19:08.0090 10248 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

22:19:08.0121 10248 monitor - ok

22:19:08.0180 10248 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

22:19:08.0188 10248 mouclass - ok

22:19:08.0229 10248 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

22:19:08.0255 10248 mouhid - ok

22:19:08.0311 10248 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

22:19:08.0319 10248 mountmgr - ok

22:19:08.0372 10248 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys

22:19:08.0383 10248 MpFilter - ok

22:19:08.0419 10248 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

22:19:08.0429 10248 mpio - ok

22:19:08.0444 10248 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

22:19:08.0470 10248 mpsdrv - ok

22:19:08.0510 10248 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

22:19:08.0564 10248 MpsSvc - ok

22:19:08.0588 10248 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

22:19:08.0615 10248 MRxDAV - ok

22:19:08.0646 10248 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

22:19:08.0667 10248 mrxsmb - ok

22:19:08.0675 10248 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

22:19:08.0686 10248 mrxsmb10 - ok

22:19:08.0691 10248 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

22:19:08.0700 10248 mrxsmb20 - ok

22:19:08.0710 10248 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys

22:19:08.0718 10248 msahci - ok

22:19:08.0731 10248 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

22:19:08.0741 10248 msdsm - ok

22:19:08.0766 10248 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

22:19:08.0794 10248 MSDTC - ok

22:19:08.0924 10248 MsDtsServer100 (7d0ac2859eeaccc5bd038b8cddcaff62) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe

22:19:08.0932 10248 MsDtsServer100 - ok

22:19:08.0951 10248 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

22:19:08.0977 10248 Msfs - ok

22:19:08.0992 10248 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

22:19:09.0032 10248 mshidkmdf - ok

22:19:09.0047 10248 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

22:19:09.0055 10248 msisadrv - ok

22:19:09.0114 10248 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

22:19:09.0142 10248 MSiSCSI - ok

22:19:09.0145 10248 msiserver - ok

22:19:09.0189 10248 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

22:19:09.0233 10248 MSKSSRV - ok

22:19:09.0332 10248 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe

22:19:09.0339 10248 MsMpSvc - ok

22:19:09.0353 10248 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

22:19:09.0394 10248 MSPCLOCK - ok

22:19:09.0408 10248 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

22:19:09.0433 10248 MSPQM - ok

22:19:09.0453 10248 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

22:19:09.0466 10248 MsRPC - ok

22:19:09.0506 10248 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

22:19:09.0514 10248 mssmbios - ok

22:19:09.0557 10248 MSSQLSERVER - ok

22:19:09.0629 10248 MSSQLServerADHelper100 (04ef36eaf5c4dbce424d81b76f1e9231) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

22:19:09.0635 10248 MSSQLServerADHelper100 - ok

22:19:09.0661 10248 MSSQLServerOLAPService - ok

22:19:09.0696 10248 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

22:19:09.0746 10248 MSTEE - ok

22:19:09.0764 10248 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

22:19:09.0785 10248 MTConfig - ok

22:19:09.0809 10248 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

22:19:09.0817 10248 Mup - ok

22:19:09.0903 10248 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

22:19:09.0913 10248 MyWiFiDHCPDNS - ok

22:19:09.0953 10248 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

22:19:10.0004 10248 napagent - ok

22:19:10.0044 10248 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

22:19:10.0078 10248 NativeWifiP - ok

22:19:10.0125 10248 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys

22:19:10.0147 10248 NDIS - ok

22:19:10.0192 10248 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

22:19:10.0218 10248 NdisCap - ok

22:19:10.0277 10248 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

22:19:10.0303 10248 NdisTapi - ok

22:19:10.0332 10248 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

22:19:10.0368 10248 Ndisuio - ok

22:19:10.0405 10248 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

22:19:10.0448 10248 NdisWan - ok

22:19:10.0469 10248 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

22:19:10.0495 10248 NDProxy - ok

22:19:10.0525 10248 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

22:19:10.0566 10248 NetBIOS - ok

22:19:10.0587 10248 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

22:19:10.0636 10248 NetBT - ok

22:19:10.0682 10248 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:19:10.0690 10248 Netlogon - ok

22:19:10.0753 10248 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

22:19:10.0800 10248 Netman - ok

22:19:10.0907 10248 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:19:10.0914 10248 NetMsmqActivator - ok

22:19:10.0937 10248 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:19:10.0944 10248 NetPipeActivator - ok

22:19:10.0986 10248 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

22:19:11.0034 10248 netprofm - ok

22:19:11.0036 10248 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:19:11.0043 10248 NetTcpActivator - ok

22:19:11.0045 10248 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:19:11.0052 10248 NetTcpPortSharing - ok

22:19:11.0280 10248 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys

22:19:11.0459 10248 NETwNs64 - ok

22:19:11.0586 10248 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

22:19:11.0594 10248 nfrd960 - ok

22:19:11.0651 10248 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys

22:19:11.0658 10248 NisDrv - ok

22:19:11.0731 10248 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe

22:19:11.0742 10248 NisSrv - ok

22:19:11.0786 10248 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

22:19:11.0836 10248 NlaSvc - ok

22:19:11.0983 10248 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

22:19:12.0021 10248 NOBU - ok

22:19:12.0115 10248 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

22:19:12.0142 10248 Npfs - ok

22:19:12.0169 10248 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

22:19:12.0215 10248 nsi - ok

22:19:12.0233 10248 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

22:19:12.0259 10248 nsiproxy - ok

22:19:12.0307 10248 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

22:19:12.0340 10248 Ntfs - ok

22:19:12.0440 10248 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

22:19:12.0486 10248 Null - ok

22:19:12.0518 10248 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

22:19:12.0527 10248 nvraid - ok

22:19:12.0554 10248 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

22:19:12.0563 10248 nvstor - ok

22:19:12.0580 10248 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

22:19:12.0589 10248 nv_agp - ok

22:19:12.0593 10248 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

22:19:12.0610 10248 ohci1394 - ok

22:19:12.0692 10248 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:19:12.0699 10248 ose - ok

22:19:12.0860 10248 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:19:12.0925 10248 osppsvc - ok

22:19:13.0045 10248 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

22:19:13.0089 10248 p2pimsvc - ok

22:19:13.0112 10248 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

22:19:13.0127 10248 p2psvc - ok

22:19:13.0174 10248 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

22:19:13.0183 10248 Parport - ok

22:19:13.0216 10248 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

22:19:13.0225 10248 partmgr - ok

22:19:13.0255 10248 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

22:19:13.0283 10248 PcaSvc - ok

22:19:13.0318 10248 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

22:19:13.0328 10248 pci - ok

22:19:13.0367 10248 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys

22:19:13.0375 10248 pciide - ok

22:19:13.0384 10248 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

22:19:13.0395 10248 pcmcia - ok

22:19:13.0410 10248 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

22:19:13.0418 10248 pcw - ok

22:19:13.0451 10248 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

22:19:13.0497 10248 PEAUTH - ok

22:19:13.0595 10248 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll

22:19:13.0655 10248 PeerDistSvc - ok

22:19:13.0713 10248 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

22:19:13.0736 10248 PerfHost - ok

22:19:13.0837 10248 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

22:19:13.0894 10248 pla - ok

22:19:13.0939 10248 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

22:19:13.0977 10248 PlugPlay - ok

22:19:14.0000 10248 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

22:19:14.0029 10248 PNRPAutoReg - ok

22:19:14.0066 10248 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

22:19:14.0077 10248 PNRPsvc - ok

22:19:14.0124 10248 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys

22:19:14.0130 10248 Point64 - ok

22:19:14.0168 10248 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

22:19:14.0213 10248 PolicyAgent - ok

22:19:14.0243 10248 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll

22:19:14.0289 10248 Power - ok

22:19:14.0350 10248 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

22:19:14.0389 10248 PptpMiniport - ok

22:19:14.0405 10248 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

22:19:14.0434 10248 Processor - ok

22:19:14.0482 10248 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

22:19:14.0531 10248 ProfSvc - ok

22:19:14.0553 10248 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:19:14.0561 10248 ProtectedStorage - ok

22:19:14.0601 10248 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

22:19:14.0645 10248 Psched - ok

22:19:14.0714 10248 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

22:19:14.0745 10248 ql2300 - ok

22:19:14.0833 10248 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

22:19:14.0842 10248 ql40xx - ok

22:19:14.0865 10248 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

22:19:14.0882 10248 QWAVE - ok

22:19:14.0895 10248 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

22:19:14.0923 10248 QWAVEdrv - ok

22:19:14.0943 10248 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

22:19:14.0989 10248 RasAcd - ok

22:19:15.0031 10248 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

22:19:15.0058 10248 RasAgileVpn - ok

22:19:15.0083 10248 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

22:19:15.0126 10248 RasAuto - ok

22:19:15.0161 10248 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

22:19:15.0208 10248 Rasl2tp - ok

22:19:15.0235 10248 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

22:19:15.0266 10248 RasMan - ok

22:19:15.0281 10248 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

22:19:15.0328 10248 RasPppoe - ok

22:19:15.0369 10248 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

22:19:15.0410 10248 RasSstp - ok

22:19:15.0431 10248 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

22:19:15.0474 10248 rdbss - ok

22:19:15.0488 10248 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

22:19:15.0515 10248 rdpbus - ok

22:19:15.0531 10248 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

22:19:15.0574 10248 RDPCDD - ok

22:19:15.0621 10248 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys

22:19:15.0647 10248 RDPDR - ok

22:19:15.0687 10248 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

22:19:15.0729 10248 RDPENCDD - ok

22:19:15.0754 10248 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

22:19:15.0780 10248 RDPREFMP - ok

22:19:15.0841 10248 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\windows\system32\drivers\rdpvideominiport.sys

22:19:15.0885 10248 RdpVideoMiniport - ok

22:19:15.0917 10248 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

22:19:15.0961 10248 RDPWD - ok

22:19:16.0000 10248 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

22:19:16.0010 10248 rdyboost - ok

22:19:16.0130 10248 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

22:19:16.0146 10248 RegSrvc - ok

22:19:16.0175 10248 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

22:19:16.0217 10248 RemoteAccess - ok

22:19:16.0256 10248 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

22:19:16.0285 10248 RemoteRegistry - ok

22:19:16.0425 10248 ReportServer (499556b74a1022906de888fab0389bfa) C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

22:19:16.0457 10248 ReportServer - ok

22:19:16.0577 10248 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys

22:19:16.0601 10248 RFCOMM - ok

22:19:16.0629 10248 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

22:19:16.0668 10248 RpcEptMapper - ok

22:19:16.0698 10248 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

22:19:16.0708 10248 RpcLocator - ok

22:19:16.0727 10248 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

22:19:16.0756 10248 RpcSs - ok

22:19:16.0818 10248 RsFx0150 (eb1c539e621a35a49f7692b0eb565ab9) C:\windows\system32\DRIVERS\RsFx0150.sys

22:19:16.0829 10248 RsFx0150 - ok

22:19:16.0876 10248 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

22:19:16.0903 10248 rspndr - ok

22:19:16.0969 10248 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys

22:19:16.0980 10248 RSUSBSTOR - ok

22:19:17.0012 10248 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys

22:19:17.0026 10248 RTL8167 - ok

22:19:17.0050 10248 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:19:17.0058 10248 SamSs - ok

22:19:17.0090 10248 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

22:19:17.0098 10248 sbp2port - ok

22:19:17.0119 10248 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

22:19:17.0167 10248 SCardSvr - ok

22:19:17.0190 10248 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

22:19:17.0235 10248 scfilter - ok

22:19:17.0275 10248 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

22:19:17.0330 10248 Schedule - ok

22:19:17.0370 10248 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

22:19:17.0395 10248 SCPolicySvc - ok

22:19:17.0425 10248 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

22:19:17.0465 10248 SDRSVC - ok

22:19:17.0536 10248 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

22:19:17.0580 10248 secdrv - ok

22:19:17.0604 10248 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

22:19:17.0630 10248 seclogon - ok

22:19:17.0655 10248 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll

22:19:17.0694 10248 SENS - ok

22:19:17.0731 10248 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

22:19:17.0786 10248 SensrSvc - ok

22:19:17.0836 10248 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

22:19:17.0862 10248 Serenum - ok

22:19:17.0898 10248 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

22:19:17.0931 10248 Serial - ok

22:19:17.0984 10248 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

22:19:18.0007 10248 sermouse - ok

22:19:18.0068 10248 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

22:19:18.0109 10248 SessionEnv - ok

22:19:18.0113 10248 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

22:19:18.0144 10248 sffdisk - ok

22:19:18.0147 10248 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

22:19:18.0174 10248 sffp_mmc - ok

22:19:18.0193 10248 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

22:19:18.0222 10248 sffp_sd - ok

22:19:18.0273 10248 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

22:19:18.0303 10248 sfloppy - ok

22:19:18.0419 10248 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

22:19:18.0444 10248 SftService - ok

22:19:18.0567 10248 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

22:19:18.0598 10248 SharedAccess - ok

22:19:18.0656 10248 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

22:19:18.0700 10248 ShellHWDetection - ok

22:19:18.0784 10248 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

22:19:18.0792 10248 SiSRaid2 - ok

22:19:18.0797 10248 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

22:19:18.0805 10248 SiSRaid4 - ok

22:19:18.0919 10248 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

22:19:18.0926 10248 SkypeUpdate - ok

22:19:18.0964 10248 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

22:19:19.0004 10248 Smb - ok

22:19:19.0058 10248 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

22:19:19.0083 10248 SNMPTRAP - ok

22:19:19.0117 10248 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

22:19:19.0125 10248 spldr - ok

22:19:19.0147 10248 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

22:19:19.0180 10248 Spooler - ok

22:19:19.0268 10248 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

22:19:19.0387 10248 sppsvc - ok

22:19:19.0471 10248 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

22:19:19.0499 10248 sppuinotify - ok

22:19:19.0612 10248 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

22:19:19.0620 10248 SQLBrowser - ok

22:19:19.0735 10248 SQLSERVERAGENT (70f05e8ece922c20e785a46224e12183) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE

22:19:19.0745 10248 SQLSERVERAGENT - ok

22:19:19.0808 10248 SQLWriter (f98ddfbfe0ee66d4c4b00693512b9527) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

22:19:19.0815 10248 SQLWriter - ok

22:19:19.0872 10248 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

22:19:19.0906 10248 srv - ok

22:19:19.0917 10248 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

22:19:19.0943 10248 srv2 - ok

22:19:19.0949 10248 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

22:19:19.0958 10248 srvnet - ok

22:19:20.0010 10248 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

22:19:20.0055 10248 SSDPSRV - ok

22:19:20.0060 10248 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

22:19:20.0088 10248 SstpSvc - ok

22:19:20.0228 10248 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe

22:19:20.0238 10248 STacSV - ok

22:19:20.0258 10248 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

22:19:20.0265 10248 stexstor - ok

22:19:20.0311 10248 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys

22:19:20.0346 10248 STHDA - ok

22:19:20.0406 10248 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

22:19:20.0426 10248 stisvc - ok

22:19:20.0444 10248 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

22:19:20.0452 10248 swenum - ok

22:19:20.0487 10248 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

22:19:20.0541 10248 swprv - ok

22:19:20.0569 10248 Synth3dVsc - ok

22:19:20.0638 10248 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

22:19:20.0687 10248 SysMain - ok

22:19:20.0762 10248 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

22:19:20.0793 10248 TabletInputService - ok

22:19:20.0805 10248 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

22:19:20.0853 10248 TapiSrv - ok

22:19:20.0857 10248 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

22:19:20.0884 10248 TBS - ok

22:19:20.0989 10248 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

22:19:21.0026 10248 Tcpip - ok

22:19:21.0187 10248 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

22:19:21.0216 10248 TCPIP6 - ok

22:19:21.0260 10248 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

22:19:21.0301 10248 tcpipreg - ok

22:19:21.0305 10248 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

22:19:21.0325 10248 TDPIPE - ok

22:19:21.0356 10248 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

22:19:21.0383 10248 TDTCP - ok

22:19:21.0406 10248 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

22:19:21.0433 10248 tdx - ok

22:19:21.0449 10248 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

22:19:21.0457 10248 TermDD - ok

22:19:21.0497 10248 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

22:19:21.0548 10248 TermService - ok

22:19:21.0573 10248 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

22:19:21.0586 10248 Themes - ok

22:19:21.0619 10248 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

22:19:21.0645 10248 THREADORDER - ok

22:19:21.0693 10248 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys

22:19:21.0702 10248 tihub3 - ok

22:19:21.0739 10248 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys

22:19:21.0751 10248 tixhci - ok

22:19:21.0776 10248 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

22:19:21.0826 10248 TrkWks - ok

22:19:21.0870 10248 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

22:19:21.0915 10248 TrustedInstaller - ok

22:19:21.0949 10248 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

22:19:21.0995 10248 tssecsrv - ok

22:19:22.0021 10248 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

22:19:22.0043 10248 TsUsbFlt - ok

22:19:22.0046 10248 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

22:19:22.0074 10248 TsUsbGD - ok

22:19:22.0076 10248 tsusbhub - ok

22:19:22.0107 10248 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

22:19:22.0150 10248 tunnel - ok

22:19:22.0205 10248 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys

22:19:22.0211 10248 TurboB - ok

22:19:22.0270 10248 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

22:19:22.0278 10248 TurboBoost - ok

22:19:22.0302 10248 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

22:19:22.0310 10248 uagp35 - ok

22:19:22.0320 10248 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

22:19:22.0365 10248 udfs - ok

22:19:22.0403 10248 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

22:19:22.0414 10248 UI0Detect - ok

22:19:22.0450 10248 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

22:19:22.0458 10248 uliagpkx - ok

22:19:22.0502 10248 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

22:19:22.0530 10248 umbus - ok

22:19:22.0549 10248 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

22:19:22.0557 10248 UmPass - ok

22:19:22.0604 10248 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll

22:19:22.0615 10248 UmRdpService - ok

22:19:22.0791 10248 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

22:19:22.0827 10248 UNS - ok

22:19:22.0908 10248 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

22:19:22.0939 10248 upnphost - ok

22:19:23.0029 10248 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys

22:19:23.0053 10248 usbaudio - ok

22:19:23.0129 10248 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys

22:19:23.0181 10248 usbccgp - ok

22:19:23.0222 10248 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

22:19:23.0234 10248 usbcir - ok

22:19:23.0242 10248 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys

22:19:23.0271 10248 usbehci - ok

22:19:23.0327 10248 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

22:19:23.0354 10248 usbhub - ok

22:19:23.0389 10248 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

22:19:23.0411 10248 usbohci - ok

22:19:23.0450 10248 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

22:19:23.0479 10248 usbprint - ok

22:19:23.0515 10248 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

22:19:23.0563 10248 USBSTOR - ok

22:19:23.0605 10248 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

22:19:23.0635 10248 usbuhci - ok

22:19:23.0668 10248 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

22:19:23.0680 10248 usbvideo - ok

22:19:23.0705 10248 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

22:19:23.0754 10248 UxSms - ok

22:19:23.0794 10248 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

22:19:23.0803 10248 VaultSvc - ok

22:19:23.0848 10248 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

22:19:23.0855 10248 vdrvroot - ok

22:19:23.0875 10248 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

22:19:23.0921 10248 vds - ok

22:19:23.0957 10248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

22:19:23.0968 10248 vga - ok

22:19:23.0986 10248 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

22:19:24.0029 10248 VgaSave - ok

22:19:24.0052 10248 VGPU - ok

22:19:24.0060 10248 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

22:19:24.0070 10248 vhdmp - ok

22:19:24.0102 10248 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

22:19:24.0109 10248 viaide - ok

22:19:24.0157 10248 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

22:19:24.0165 10248 volmgr - ok

22:19:24.0186 10248 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

22:19:24.0199 10248 volmgrx - ok

22:19:24.0208 10248 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

22:19:24.0220 10248 volsnap - ok

22:19:24.0280 10248 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

22:19:24.0290 10248 vsmraid - ok

22:19:24.0439 10248 VSPerfDrv100 (ca64a8838b4674d14bdf88aba2f253ea) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

22:19:24.0446 10248 VSPerfDrv100 - ok

22:19:24.0509 10248 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

22:19:24.0585 10248 VSS - ok

22:19:24.0689 10248 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

22:19:24.0715 10248 vwifibus - ok

22:19:24.0733 10248 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

22:19:24.0767 10248 vwififlt - ok

22:19:24.0793 10248 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

22:19:24.0825 10248 vwifimp - ok

22:19:24.0866 10248 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

22:19:24.0918 10248 W32Time - ok

22:19:24.0957 10248 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

22:19:24.0982 10248 WacomPen - ok

22:19:25.0020 10248 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

22:19:25.0064 10248 WANARP - ok

22:19:25.0066 10248 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

22:19:25.0092 10248 Wanarpv6 - ok

22:19:25.0151 10248 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

22:19:25.0178 10248 WatAdminSvc - ok

22:19:25.0235 10248 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

22:19:25.0300 10248 wbengine - ok

22:19:25.0382 10248 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

22:19:25.0397 10248 WbioSrvc - ok

22:19:25.0414 10248 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

22:19:25.0443 10248 wcncsvc - ok

22:19:25.0467 10248 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

22:19:25.0482 10248 WcsPlugInService - ok

22:19:25.0525 10248 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

22:19:25.0533 10248 Wd - ok

22:19:25.0575 10248 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys

22:19:25.0594 10248 WDC_SAM - ok

22:19:25.0620 10248 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

22:19:25.0637 10248 Wdf01000 - ok

22:19:25.0660 10248 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

22:19:25.0697 10248 WdiServiceHost - ok

22:19:25.0699 10248 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

22:19:25.0713 10248 WdiSystemHost - ok

22:19:25.0735 10248 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

22:19:25.0772 10248 WebClient - ok

22:19:25.0780 10248 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

22:19:25.0812 10248 Wecsvc - ok

22:19:25.0836 10248 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

22:19:25.0864 10248 wercplsupport - ok

22:19:25.0903 10248 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

22:19:25.0930 10248 WerSvc - ok

22:19:25.0997 10248 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

22:19:26.0023 10248 WfpLwf - ok

22:19:26.0079 10248 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys

22:19:26.0089 10248 WimFltr - ok

22:19:26.0108 10248 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

22:19:26.0115 10248 WIMMount - ok

22:19:26.0167 10248 WinDefend - ok

22:19:26.0191 10248 WinHttpAutoProxySvc - ok

22:19:26.0262 10248 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

22:19:26.0291 10248 Winmgmt - ok

22:19:26.0359 10248 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

22:19:26.0410 10248 WinRM - ok

22:19:26.0547 10248 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

22:19:26.0575 10248 WinUsb - ok

22:19:26.0624 10248 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

22:19:26.0666 10248 Wlansvc - ok

22:19:26.0757 10248 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

22:19:26.0763 10248 wlcrasvc - ok

22:19:26.0868 10248 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:19:26.0900 10248 wlidsvc - ok

22:19:27.0010 10248 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

22:19:27.0030 10248 WmiAcpi - ok

22:19:27.0098 10248 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

22:19:27.0122 10248 wmiApSrv - ok

22:19:27.0171 10248 WMPNetworkSvc - ok

22:19:27.0247 10248 WMZuneComm (58540037a4a3eeeefa47c84100e1694f) C:\Program Files\Zune\WMZuneComm.exe

22:19:27.0258 10248 WMZuneComm - ok

22:19:27.0310 10248 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

22:19:27.0333 10248 WPCSvc - ok

22:19:27.0343 10248 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

22:19:27.0355 10248 WPDBusEnum - ok

22:19:27.0377 10248 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

22:19:27.0403 10248 ws2ifsl - ok

22:19:27.0415 10248 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll

22:19:27.0441 10248 wscsvc - ok

22:19:27.0444 10248 WSearch - ok

22:19:27.0534 10248 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

22:19:27.0580 10248 wuauserv - ok

22:19:27.0667 10248 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

22:19:27.0713 10248 WudfPf - ok

22:19:27.0746 10248 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

22:19:27.0784 10248 WUDFRd - ok

22:19:27.0819 10248 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

22:19:27.0846 10248 wudfsvc - ok

22:19:27.0859 10248 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

22:19:27.0889 10248 WwanSvc - ok

22:19:28.0137 10248 ZuneNetworkSvc (d6ef205269c2a584af6b56b9f95010f8) C:\Program Files\Zune\ZuneNss.exe

22:19:28.0240 10248 ZuneNetworkSvc - ok

22:19:28.0323 10248 ZuneWlanCfgSvc (7a565afe58f3822a9e622868e5cc0e5c) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

22:19:28.0335 10248 ZuneWlanCfgSvc - ok

22:19:28.0369 10248 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:19:28.0630 10248 \Device\Harddisk0\DR0 - ok

22:19:28.0633 10248 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

22:19:28.0633 10248 \Device\Harddisk0\DR0\Partition0 - ok

22:19:28.0666 10248 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1

22:19:28.0667 10248 \Device\Harddisk0\DR0\Partition1 - ok

22:19:28.0668 10248 ============================================================

22:19:28.0668 10248 Scan finished

22:19:28.0668 10248 ============================================================

22:19:28.0675 14112 Detected object count: 4

22:19:28.0675 14112 Actual detected object count: 4

22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user

22:20:13.0037 14112 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:20:13.0037 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:20:13.0038 14112 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user

22:20:13.0038 14112 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user

22:20:13.0039 14112 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip

___________________________________________________

The GMER log was empty as it said that it did not find any system changes.

Link to post
Share on other sites

OTL logfile created on: 6/19/2012 8:50:19 PM - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free

11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS

Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/18 23:07:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\alex\Downloads\OTL.exe

PRC - [2012/06/11 15:11:43 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Users\alex\AppData\Roaming\Microsoft\Windows\Templates\sysglobl.exe

PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\alex\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe

PRC - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\alex\AppData\Roaming\Google\Google Talk\googletalk.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/18 03:32:59 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\1cb5f5d54ef9b24b90a51b006181fe71\IAStorUtil.ni.dll

MOD - [2012/06/18 03:29:02 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/18 03:28:55 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll

MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll

MOD - [2012/06/07 03:23:19 | 009,252,040 | ---- | M] () -- C:\Users\alex\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

MOD - [2012/05/10 21:26:16 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\367af7fc22650701edfa7e8ecadcb273\IAStorCommon.ni.dll

MOD - [2012/05/10 20:58:42 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/10 20:58:00 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/10 20:57:56 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/10 20:57:53 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/10 20:57:52 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/10 20:56:23 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2011/09/15 20:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2011/09/15 20:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/09/15 20:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2011/09/15 11:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel® Centrino® Wireless Bluetooth®

SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel®

SRV:64bit: - [2010/11/11 16:00:32 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)

SRV:64bit: - [2010/11/11 16:00:32 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)

SRV:64bit: - [2010/11/11 15:59:36 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)

SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012/04/27 11:27:20 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/04/10 00:31:48 | 000,166,912 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/09/18 04:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/09/15 11:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)

DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)

DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)

DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)

DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)

DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/11/20 23:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®

DRV:64bit: - [2010/04/03 10:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/05/02 17:16:19 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4:64bit: - HKLM..\RunOnce: [*Restore] C:\windows\SysNative\rstrui.exe (Microsoft Corporation) ??? <moderator highlight>

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)

O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)

O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds...ransferCtrl.cab (DLC Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E61C7727-9135-4FA6-A469-5E0F8D1A2667}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F10BFBDE-BDBA-4FB4-8492-A45048F6E38E}: DhcpNameServer = 192.168.0.141 12.127.16.67

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 22:21:48 | 000,000,000 | ---D | C] -- C:\ARK

[2012/06/18 22:12:09 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/06/18 22:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/06/18 22:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/06/18 03:00:47 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2012/06/18 03:00:47 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2012/06/18 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2012/06/18 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2012/06/18 03:00:45 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2012/06/18 03:00:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2012/06/18 03:00:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2012/06/18 03:00:45 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2012/06/18 03:00:43 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2012/06/18 03:00:43 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2012/06/18 03:00:43 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2012/06/18 03:00:42 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2012/06/18 03:00:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2012/06/18 01:30:59 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\jagexcache

[2012/06/18 01:30:12 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\EpicBot

[2012/06/17 23:14:22 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\Documents\Vindictus

[2012/06/17 22:54:32 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\Malwarebytes

[2012/06/17 22:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/06/17 22:53:32 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/06/17 22:53:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/06/17 22:17:34 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2012/06/17 22:17:34 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2012/06/17 22:16:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2012/06/17 22:16:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpwsx.dll

[2012/06/17 22:16:53 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdrmemptylst.exe

[2012/06/17 22:16:22 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe

[2012/06/17 22:16:21 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe

[2012/06/17 22:16:21 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe

[2012/06/17 22:16:02 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll

[2012/06/17 22:15:51 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll

[2012/06/17 20:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft

[2012/06/17 20:02:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared

[2012/06/17 19:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GamesCampus

[2012/06/17 10:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield

[2012/06/14 03:38:21 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\Google

[2012/06/14 03:38:19 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\CRE

[2012/06/08 16:56:38 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll

[2012/06/08 16:56:37 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll

[2012/06/08 16:56:37 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe

[2012/06/08 16:56:27 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll

[2012/06/08 16:56:27 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll

[2012/06/08 16:56:27 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll

[2012/06/08 16:56:07 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

[2012/06/08 16:56:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe

[2012/06/06 21:03:11 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Local\ElevatedDiagnostics

[2012/06/03 22:58:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/06/03 22:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle

[2012/06/03 22:58:14 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\npDeployJava1.dll

[2012/06/03 22:58:14 | 000,227,720 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe

[2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2012/06/03 22:58:02 | 000,174,024 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2012/06/03 22:57:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/05/25 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2

========== Files - Modified Within 30 Days ==========

[2012/06/19 20:39:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/06/19 19:59:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009UA.job

[2012/06/19 18:06:23 | 002,248,934 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/06/19 18:06:23 | 000,769,264 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/06/19 18:06:23 | 000,509,124 | ---- | M] () -- C:\windows\SysNative\prfh0404.dat

[2012/06/19 18:06:23 | 000,492,022 | ---- | M] () -- C:\windows\SysNative\prfh0804.dat

[2012/06/19 18:06:23 | 000,165,854 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/06/19 18:06:23 | 000,163,714 | ---- | M] () -- C:\windows\SysNative\prfc0804.dat

[2012/06/19 18:06:23 | 000,158,800 | ---- | M] () -- C:\windows\SysNative\prfc0404.dat

[2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job

[2012/06/19 18:04:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/06/18 22:17:42 | 000,000,512 | ---- | M] () -- C:\Users\yuantaoli\Desktop\MBR.dat

[2012/06/18 22:11:39 | 000,000,935 | ---- | M] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk

[2012/06/18 22:11:39 | 000,000,916 | ---- | M] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk

[2012/06/18 21:59:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3863715708-3900006494-3946961991-1009Core.job

[2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 17:22:52 | 000,026,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/18 17:12:24 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/18 03:27:09 | 000,418,664 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2012/06/18 01:30:59 | 000,000,048 | ---- | M] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat

[2012/06/17 22:53:39 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe

[2012/06/03 22:57:59 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe

[2012/06/02 18:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll

[2012/06/02 18:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe

[2012/06/02 18:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll

[2012/06/02 18:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll

[2012/06/02 18:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll

[2012/06/02 18:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll

[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll

[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe

========== Files Created - No Company Name ==========

[2012/06/18 22:17:42 | 000,000,512 | ---- | C] () -- C:\Users\yuantaoli\Desktop\MBR.dat

[2012/06/18 22:11:39 | 000,000,935 | ---- | C] () -- C:\Users\yuantaoli\Desktop\NTREGOPT.lnk

[2012/06/18 22:11:39 | 000,000,916 | ---- | C] () -- C:\Users\yuantaoli\Desktop\ERUNT.lnk

[2012/06/18 01:30:59 | 000,000,048 | ---- | C] () -- C:\Users\yuantaoli\jagex_cl_runescape_LIVE.dat

[2012/06/17 22:53:39 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/31 20:33:27 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012/01/31 20:33:27 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012/01/31 20:33:26 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

[2012/01/31 20:33:26 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/01/31 20:33:25 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2012/01/31 19:07:28 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll

[2012/01/31 19:02:34 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll

[2011/11/16 16:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini

[2011/11/16 16:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini

[2011/11/16 16:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini

[2011/11/16 16:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini

[2011/11/16 16:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini

[2011/11/16 16:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini

[2011/11/16 16:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini

[2011/11/16 16:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini

[2011/11/16 15:25:01 | 002,291,324 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2011/05/31 02:39:50 | 000,058,368 | ---- | C] () -- C:\windows\SysWow64\bdmpegv.dll

[2011/05/31 02:38:18 | 000,015,360 | ---- | C] () -- C:\windows\SysWow64\bdmjpeg.dll

========== LOP Check ==========

[2012/05/10 23:57:04 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Dropbox

[2012/04/13 22:55:17 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\Leadertech

[2012/05/18 12:49:38 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient

[2012/05/25 18:02:45 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\LolClient2

[2012/05/12 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\yuantaoli\AppData\Roaming\ooVoo Details

[2012/05/07 16:49:49 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

[2009/07/14 01:08:49 | 000,012,930 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

[2012/06/19 18:04:40 | 000,000,422 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/19/2012 8:50:19 PM - Run 1

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\alex\Downloads

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 62.21% Memory free

11.81 Gb Paging File | 9.10 Gb Available in Paging File | 76.98% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 451.01 Gb Total Space | 357.60 Gb Free Space | 79.29% Space Free | Partition Type: NTFS

Computer Name: HOMESERVER | User Name: yuantaoli | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1EDD092A-B2AC-4CA4-AD9A-B5C551D4E256}" = lport=57044 | protocol=6 | dir=in | name=pando media booster |

"{3C346DE0-5F39-492D-875A-02EFEFAB1E04}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{647F61C1-BD51-4328-B496-01DB7CC204D1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{89EA3FCA-040A-4FD3-B3FA-A5422E021A68}" = lport=57044 | protocol=6 | dir=in | name=pando media booster |

"{CE4B5B3B-2CE2-42EA-AAE7-6DA8155E80BB}" = lport=57044 | protocol=17 | dir=in | name=pando media booster |

"{D0D4CD9A-1A90-4E7C-B80E-773920D5A227}" = lport=57044 | protocol=17 | dir=in | name=pando media booster |

"{D28ADBA5-F423-40C0-8CE1-A6BFFBFAC6CB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03DCD9AD-1EFD-416A-9162-45811EC2C1F6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{0A02483D-EE21-4D34-A539-D2C29045E149}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{12653244-317A-4B8C-80E8-9B1B246F62E0}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{14A81F58-4A2B-4D50-A1F7-D19EEC628AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{1DAED06C-D67A-4644-BFDB-4FD5327C0598}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{20A3AAAA-E4D4-4385-B7B1-6ABA083DDFBA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{2392A503-7129-452A-A081-911F890EFC60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{2E237CFF-76A4-4ABA-ACAD-88D001B20565}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

"{31619217-BDBC-4572-A71D-A520CF454D01}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{3A3161F4-23ED-4145-9232-079E0233DC0D}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |

"{4B2903F2-AF0A-4234-ACC8-1771AB85EFF8}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |

"{4BAB8250-75AB-40FB-8669-2E57682B8504}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{591C19BA-7B95-4B13-B01D-C51B28F0687B}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{6CD49074-6A92-476B-BA69-EBC292B3A479}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{7144C8E2-4057-44BC-95C9-88FED728D28E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{7AEBB167-9306-4EE6-A1A9-5CDA815E9B6E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |

"{804F7894-9243-4E24-8D22-54C0F5B7E199}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{8A3F1BAF-9510-401B-B01F-B09FD3719C8B}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |

"{915E5F8E-B18C-459F-9F60-05311467EAA3}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{B3C6CD17-3F0D-4722-AF2E-AF44856B20B5}" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |

"{B74F2D77-30A1-41DC-90AE-086BBB1AA96B}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{BCCB16CE-07E9-4B73-ADA9-DF0734F74AB4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{BD5A373B-71B1-4393-97D9-1CEE3264B622}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |

"{E1670D38-BE75-4829-8153-4372905CD06C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{E1F1EAF1-93F6-4A83-8772-37496A03FC0C}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{E5011B55-D104-40A6-B833-EEAEA15FA834}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{F9EDF161-3B0E-488E-9234-FD9AC6D98938}" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{03501815-C6CA-4D6F-A56A-973BB5E35D37}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"TCP Query User{78C76519-18D9-4B36-AC77-453AE19817E2}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"TCP Query User{C583ABEC-69F1-4D86-9FFF-0180EA037A9A}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{20778B9C-8ABA-4505-8F39-FEF1EBDB4C15}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |

"UDP Query User{38E794EF-D6D3-4E36-A5C7-514D4210A4FF}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |

"UDP Query User{4D2EA545-969F-47FD-B1F1-9CB09CFB3C0F}C:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center

"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)

"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)

"{0C270C59-8706-42B8-A2AD-6E5EE18BC90B}" = SQL Server 2008 R2 Reporting Services

"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool

"{1330309E-64D3-43F4-AA18-BC856182B5DB}" = SQL Server 2008 R2 BI Development Studio

"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)

"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)

"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 Common Files

"{2453DBC8-ACC4-4711-BD03-0C15353AA3D8}" = SQL Server 2008 R2 Reporting Services

"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java™ 7 Update 1 (64-bit)

"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel® PROSet/Wireless WiFi Software

"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component

"{2D2601B6-157F-4F88-B66B-B52DB21EAB2D}" = SQL Server 2008 R2 Client Tools

"{312E8540-0799-45D5-A02E-DFB8FCA93CCA}" = SQL Server 2008 R2 BI Development Studio

"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client

"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 Common Files

"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 Management Studio

"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English

"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)

"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)

"{6E2EE862-FEF9-408A-90BB-F5B4EC129C8E}" = SQL Server 2008 R2 Analysis Services

"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune

"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 Management Studio

"{7709926E-A1EA-43F1-ADD8-C066BDB97B54}" = SQL Server 2008 R2 Integration Services

"{79FB3E7E-FD92-49A9-AAD1-193EE4CB85D3}" = Microsoft SQL Server 2008 R2 Setup (English)

"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{81455DEB-FC7E-3EE5-85CA-2EBDD9FD61EB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer

"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 Database Engine Shared

"{A4E14A4D-EA7B-4914-9BBF-504401F3D4F7}" = SQL Server 2008 R2 Integration Services

"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files

"{B5FE23CC-0151-4595-84C3-F1DE6F44FE9B}" = SQL Server 2008 R2 Client Tools

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{BB57A765-FFFE-498B-8C1E-6C9CE2AB92BA}" = Microsoft SQL Server 2008 R2 RsFx Driver

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)

"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)

"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)

"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 Database Engine Shared

"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{D57519D3-2E37-3E34-94AF-4D59BFAB87E6}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1

"{EAEBF166-B06A-4D7F-BAF7-6615303D5C7C}" = Microsoft SQL Server 2008 R2 Management Objects (x64)

"{F01EC9B9-21B4-441E-958A-1E01098B03BE}" = SQL Server 2008 R2 Analysis Services

"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program

"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 Database Engine Services

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 Database Engine Services

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"Dell Support Center" = Dell Support Center

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1

"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

"Microsoft Security Client" = Microsoft Security Essentials

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)

"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)

"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"ProInst" = Intel PROSet Wireless

"WinRAR archiver" = WinRAR 4.20 beta 1 (64-bit)

"Zune" = Zune

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{05855322-BE43-41FE-B583-D3AE0C326D58}" = Microsoft Silverlight 4 SDK

"{09C52940-A4D1-4409-A7CC-1AAE630CF578}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0BE273CD-AAB9-361B-8C32-D955EAC929E3}" = Microsoft Visual Studio 2010 SharePoint Developer Tools

"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0

"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK

"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86

"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3612B0B9-F731-4B94-9356-E224AC552801}" = Dell Digital Delivery

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio

"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1

"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{74F7B314-0507-4F91-9A4E-B6C9B027E410}" = Microsoft SQL Server 2008 R2 Books Online

"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects

"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi

"{7A56D81D-6406-40E7-9184-8AC1769C4D69}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project

"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online

"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement

"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio

"{AC76BA86-2052-0000-7760-000000000005}" = Adobe Acrobat X Pro - ChineseS

"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU

"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU

"{BC537AE0-88AF-47ED-B762-33B0D62B5188}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework

"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}" = WCF RIA Services V1.0 SP1

"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage

"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Dell Webcam Central" = Dell Webcam Central

"ERUNT_is1" = ERUNT 1.1j

"InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver

"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1

"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1

"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU

"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools

"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010

"ProInst" = Intel PROSet Wireless

"Vindictus" = Vindictus

"WinLiveSuite" = Windows Live Essentials

"ZinioReader4" = Zinio Reader 4

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1

Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal

-- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown

Structed Exception Stack Trace: stack trace functionality is not implemented for

64 bit.(end stack trace)

Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1

Description = (8360) Asapi: (17:03:38:6630)(8360) PCDExceptionTranslator - Fatal

-- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_5.dmp

Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1

Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal

-- 206 Thread id: 11016 exception code: 3221356545 Structured Exception: Unknown

Structed Exception Stack Trace: stack trace functionality is not implemented for

64 bit.(end stack trace)

Error - 5/2/2012 5:03:38 PM | Computer Name = HomeServer | Source = PC-Doctor | ID = 1

Description = (8360) Asapi: (17:03:38:9130)(8360) PCDExceptionTranslator - Fatal

-- 83 writeDumpFunc() minidump path: C:/ProgramData/PCDr/5803//logs/Pid_8360_11016_6.dmp

Error - 5/5/2012 10:43:43 AM | Computer Name = HomeServer | Source = Application Hang | ID = 1002

Description = The program CivilizationV_DX11.exe version 1.0.1.348 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 440c Start

Time: 01cd2acd37ee0f6b Termination Time: 10 Application Path: E:\Civilization V\CivilizationV_DX11.exe

Report

Id: 9f04c2df-96c0-11e1-b77b-4ceb4204a4b0

Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1000

Description = Faulting application name: DragonAge2.exe, version: 1.0.5174.0, time

stamp: 0x4d4b03e5 Faulting module name: PhysXCore.dll, version: 2.8.4.4, time stamp:

0x4cf3f39e Exception code: 0xc0000006 Fault offset: 0x0010a550 Faulting process id:

0x2f68 Faulting application start time: 0x01cd2c5af0b799ee Faulting application path:

E:\Dragon Age 2\bin_ship\DragonAge2.exe Faulting module path: E:\Dragon Age 2\bin_ship\PhysXCore.dll

Report

Id: 541153fa-984e-11e1-b77b-4ceb4204a4b0

Error - 5/7/2012 10:09:59 AM | Computer Name = HomeServer | Source = Application Error | ID = 1005

Description = Windows cannot access the file for one of the following reasons: there

is a problem with the network connection, the disk that the file is stored on,

or the storage drivers installed on this computer; or the disk is missing. Windows

closed the program Dragon Age II because of this error. Program: Dragon Age II File:

The error value is listed in the Additional Data section. User Action 1. Open the

file again. This situation might be a temporary problem that corrects itself when

the program runs again. 2. If the file still cannot be accessed and - It is on the

network, your network administrator should verify that there is not a problem with

the network and that the server can be contacted. - It is on a removable disk, for

example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the

computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,

click Start, click Run, type CMD, and then click OK. At the command prompt, type

CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from

a backup copy. 5. Determine whether other files on the same disk can be opened.

If not, the disk might be damaged. If it is a hard disk, contact your administrator

or computer hardware vendor for further assistance. Additional Data Error value: C000026E

Disk

type: 0

Error - 5/9/2012 5:13:05 PM | Computer Name = HomeServer | Source = Windows Search Service | ID = 3007

Description =

Error - 5/9/2012 7:34:06 PM | Computer Name = HomeServer | Source = Application Error | ID = 1000

Description = Faulting application name: STacSV64.exe, version: 1.0.6324.0, time

stamp: 0x4d3e867e Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec4aa8e Exception code: 0xc000000d Fault offset: 0x00000000000737e2 Faulting

process id: 0x2d0 Faulting application start time: 0x01cd266e09e8a664 Faulting application

path: C:\Program Files\IDT\WDM\STacSV64.exe Faulting module path: C:\windows\SYSTEM32\ntdll.dll

Report

Id: 77606d48-9a2f-11e1-b77b-4ceb4204a4b0

Error - 5/10/2012 8:55:37 PM | Computer Name = HomeServer | Source = WinMgmt | ID = 10

Description =

[ Dell Events ]

Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 4/13/2012 11:15:43 PM | Computer Name = HomeServer | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 5/18/2012 9:29:54 AM | Computer Name = HomeServer | Source = Disk | ID = 262155

Description = The driver detected a controller error on \Device\Harddisk1\DR6.

Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the SQL

Server Integration Services 10.0 service to connect.

Error - 5/23/2012 4:41:54 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000

Description = The SQL Server Integration Services 10.0 service failed to start due

to the following error: %%1053

Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the SQL

Server Reporting Services (MSSQLSERVER) service to connect.

Error - 5/23/2012 4:42:57 PM | Computer Name = HomeServer | Source = Service Control Manager | ID = 7000

Description = The SQL Server Reporting Services (MSSQLSERVER) service failed to

start due to the following error: %%1053

Error - 5/25/2012 10:44:35 AM | Computer Name = HomeServer | Source = DCOM | ID = 10010

Description =

Error - 5/31/2012 3:11:09 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010

Description =

Error - 6/5/2012 12:55:41 PM | Computer Name = HomeServer | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.0.200

with the system having network hardware address 00-26-22-3A-B9-28. Network operations

on this system may be disrupted as a result.

Error - 6/8/2012 4:44:42 PM | Computer Name = HomeServer | Source = DCOM | ID = 10010

Description =

< End of report >

Results of screen317's Security Check version 0.99.24

Windows 7 x64 (UAC is enabled)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

JavaFX 2.1.0

Java™ 7 Update 4

Out of date Java installed!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

``````````End of Log````````````

Link to post
Share on other sites

Be advised that Backdoor: Win32/Fynloski.A,

a.k.a.,

W32/Fynloski.Q (Norman)

BDS/Bancodor.A (Avira)

BackDoor.Comet.origin (Dr.Web)

Backdoor.Win32.Bancodor (Ikarus)

Backdoor.Badcodor (Symantec)

BKDR_COMDAR.SMI (Trend Micro)

is a severe infection and is a trojan that allows unauthorized access and control of an affected computer.

This system had some serious backdoor trojans, spyware, and likely, a rookit.

This is a point where you need to decide about whether to make a clean start. Advise me of your decison.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions. I would recommend that you do a full reformat and reinstall of Windows rather than clean the system.

I suggest that you backup important files and reinstall everything from scratch. There are so many changes that could have been done if that backdoor was used.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Rootkits: The Obscure Hacker Attack http://www.microsoft...tip/st1005.mspx

Help: I Got Hacked. Now What Do I Do? http://www.microsoft...gmt/sm0504.mspx

Help: I Got Hacked. Now What Do I Do? Part II http://www.microsoft...gmt/sm0704.mspx

Microsoft Says Recovery from Malware Becoming Impossible http://www.eweek.com...,1945808,00.asp

Link to post
Share on other sites

I believe that when I switch user accounts on my computer, the threat doesn't affect the other accounts? I malware scanned while on the other user accounts for my computer and no malicious threats came up. Am I safe to use these other accounts? I don't use this computer for any financial or important things, only gaming.

Link to post
Share on other sites

No, using different user accounts does not get around infections, since the malware can be in areas where it affects all users.

Bear in mind, again, if you do not reformat (wipe) the system and put on Windows fresh (new install) that you cannot consider this 100% trustworthy.

If you still want to try to remove malwares, then start with this. (it will be a long road and won't be quick. this is only a starter).

Turn off your antivirus so that it does not interfere.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Reply with copy & paste of MBAM scan log in a reply.

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Well, I did move all my stuff to an alternate user just in case and I deleted my old one. Now I did the scan from MalwareBytes. Nothing came up though. Here's the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.18.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Test :: HOMESERVER [limited]

6/26/2012 6:21:07 PM

mbam-log-2012-06-26 (18-21-07).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 360222

Time elapsed: 51 minute(s), 35 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Should I still continue to the next step? It was a full scan too.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.