Jump to content

Recommended Posts

Hello. I've seen other people post with this same problem, but the solution has varied by user.

I've picked up Trojan.Dropper.BCMiner from an infected site. When I went to the site, it automatically began downloading a PDF (I didn't click on anyting). I tried to cancel the download, but the download showed completed in my Firefox Downloads window.

Because of the unprompted download, I ran MBAM, and it found the BCMiner trojan. MBAM finds it, quarantines it succesfully, and prompts a reboot, but the trojan is still there on every restart -- MBAM finds it again.

After unsuccessful removal attempts w. MBAM, I ran Trend Micro's HouseCall, which also found the Trojan and also prompted a reboot to finish "fixing" the infection. But after reboot, the Trojan is still there and detectable by both HC and MBAM.

It's causing system slowdown, redirecting links in search results to spam/advertising sites, and opening new browser windows to spam/ad sites when I first launch my browsers.

Please help. I'm over my head here and don't run anything like Combofix or Farfar without instructions. The DDS.txt and Attach.txt logs are below. I can also post my MBAM logs if needed. Any help is very much appreciated.

-------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31

Run by v at 13:37:15 on 2012-06-19

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4816 [GMT -7:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.nytimes.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

uRun: [Google Update] "C:\Users\v\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" -autorun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: alohaenterprise.com\nextstudent

Trusted Zone: nextstudent.com\exchange

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 10.10.1.77 10.10.1.83

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\140707C65602E4564777F627B602564693632693 : DhcpNameServer = 10.0.1.1

TCP: Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}\14E64627F696461405 : DhcpNameServer = 192.168.43.1

TCP: Interfaces\{77690690-0FDD-488C-A672-5196682B4345} : DhcpNameServer = 10.10.1.77 10.10.1.83

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe

mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2010-12-29 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-12-29 13336]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-29 689472]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-29 2320920]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

.

=============== Created Last 30 ================

.

2012-06-19 15:53:34 21520 ----a-w- C:\Windows\DCEBoot64.exe

2012-06-19 15:53:32 129024 ----a-w- C:\Windows\RegBootClean64.exe

2012-06-19 11:12:28 -------- d-----w- C:\Program Files (x86)\Kaspersky

2012-06-19 09:42:39 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-06-16 04:18:10 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04148417-5380-469B-A127-3C937C84097A}\mpengine.dll

2012-06-16 04:13:09 -------- d-----w- C:\Users\v\AppData\Local\Macromedia

2012-05-29 02:01:45 -------- d-----w- C:\Users\v\.swt

2012-05-29 02:01:08 -------- d-----w- C:\Users\v\AppData\Local\CRE

2012-05-29 02:00:59 -------- d-----w- C:\Program Files (x86)\Conduit

2012-05-29 02:00:58 -------- d-----w- C:\Users\v\AppData\Local\Conduit

.

==================== Find3M ====================

.

2012-06-16 04:11:34 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-16 04:11:34 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 18:01:19 60336 ----a-w- C:\Users\v\g2mdlhlpx.exe

2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll

2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-04-21 02:51:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-20 06:22:18 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2012-04-20 05:05:47 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2012-04-20 05:00:31 482816 ----a-w- C:\Windows\System32\html.iec

2012-04-20 04:15:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-20 03:58:07 386048 ----a-w- C:\Windows\SysWow64\html.iec

2012-04-20 03:24:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-02 03:01:19 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-03-31 22:01:36 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2012-03-31 05:52:37 5473136 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:43:25 3970928 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:43:25 3915632 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-30 11:09:53 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 13:37:27.90 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/22/2011 11:58:55 PM

System Uptime: 6/19/2012 12:16:25 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0G62V9

Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | CPU 1 | 2528/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 468.842 GiB free.

D: is CDROM ()

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP142: 5/24/2012 8:34:21 AM - Windows Update

RP143: 5/26/2012 8:51:52 AM - Windows Update

RP144: 5/29/2012 8:48:52 PM - Windows Update

RP145: 6/2/2012 11:03:11 AM - Windows Update

RP146: 6/6/2012 7:09:03 AM - Windows Update

RP147: 6/12/2012 8:21:07 PM - Windows Update

RP148: 6/14/2012 8:01:39 AM - Windows Update

RP149: 6/15/2012 9:16:25 PM - Windows Update

.

==== Installed Programs ======================

.

Across Lite

Adobe Flash Player 11 Plugin

Adobe Reader 9.1

Advanced Audio FX Engine

Apple Application Support

Apple Software Update

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

Consumer In-Home Service Agreement

Cozi

DAEMON Tools Lite

dBpoweramp Music Converter

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Support Center (Support Software)

Dell Webcam Central

Google Chrome

GoToAssist 8.0.0.514

GoToMeeting 5.3.0.970

GPL Ghostscript Lite 8.70

IDT Audio

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Live! Cam Avatar Creator

LoJack Factory Installer

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Office Professional Edition 2003

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

QuickTime

Realtek USB 2.0 Card Reader

Rosetta Stone Version 3

Roxio Burn

Security Update for CAPICOM (KB931906)

Skype Toolbars

Skype™ 4.2

VLC media player 1.1.11

Vuze

WebEx

WildTangent Games

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

6/19/2012 9:40:10 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

6/19/2012 9:40:10 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

6/19/2012 9:38:01 AM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

6/19/2012 9:38:00 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

6/19/2012 9:37:58 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

6/19/2012 9:37:58 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/19/2012 2:06:10 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

6/17/2012 8:48:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AESTFilters service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello suchek! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Please uninstall Vuze, because of our rules:

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Hello, Maniac. Thank you so much for your quick reply. I've been reading through all the help you've been able to provide other users w. this same BCMiner problem. Many thank yous for donating your time and expertise to help people like me who can't do this on our own.

1. I've uninstalled Vuze. I didn't reboot after uninstall; let me know if I need to.

2. OTL text logs are pasted below.

-------------------------------------------------------

OTL logfile created on: 6/19/2012 3:49:20 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\v\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 78.61% Memory free

11.73 Gb Paging File | 10.18 Gb Available in Paging File | 86.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.42 Gb Total Space | 468.85 Gb Free Space | 80.64% Space Free | Partition Type: NTFS

Drive E: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.42% Space Free | Partition Type: FAT32

Computer Name: V-PC | User Name: v | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/19 15:37:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe

PRC - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe

PRC - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

PRC - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/06/08 09:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2009/07/13 18:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE

PRC - [2009/06/24 15:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

PRC - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/19 02:09:14 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll

MOD - [2012/06/19 02:09:09 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll

MOD - [2012/06/15 21:19:46 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\675c8bd801698993255d100c3b350d4b\System.Web.Services.ni.dll

MOD - [2012/05/20 13:33:16 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll

MOD - [2012/05/20 13:33:15 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\58399afa523adfa71b5381d4f86084c8\IAStorUtil.ni.dll

MOD - [2012/05/20 12:01:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll

MOD - [2012/05/20 12:00:55 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll

MOD - [2012/05/20 12:00:49 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll

MOD - [2012/05/20 12:00:45 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll

MOD - [2012/05/20 12:00:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll

MOD - [2012/05/20 12:00:34 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll

MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2010/08/11 17:19:34 | 000,077,024 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

MOD - [2010/08/11 17:19:32 | 000,109,792 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

MOD - [2010/08/11 17:19:32 | 000,072,928 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

MOD - [2010/08/11 17:19:30 | 000,232,672 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

MOD - [2010/08/11 17:19:30 | 000,126,176 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

MOD - [2010/08/11 17:19:30 | 000,119,008 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

MOD - [2010/08/11 17:19:26 | 001,121,504 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll

MOD - [2010/08/11 17:19:16 | 000,781,536 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

MOD - [2010/02/09 12:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2010/02/09 12:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll

MOD - [2010/02/09 12:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2010/02/09 12:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll

MOD - [2010/02/09 12:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll

MOD - [2010/02/09 12:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll

MOD - [2009/10/15 02:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2009/07/13 18:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/17 22:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)

SRV:64bit: - [2010/06/01 23:30:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2010/02/02 21:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2009/12/29 13:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/11/02 11:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)

SRV - [2012/05/05 00:20:22 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/03/31 14:53:33 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/12/29 18:35:35 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2010/08/20 16:53:08 | 000,689,472 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)

SRV - [2010/06/08 09:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2010/03/03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/05 17:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/05/21 07:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/31 15:01:36 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)

DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2010/06/17 22:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)

DRV:64bit: - [2010/06/08 09:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2010/06/01 23:50:28 | 006,857,728 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/06/01 22:42:48 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/05/12 01:37:32 | 000,107,912 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2010/05/12 01:37:32 | 000,027,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2010/03/30 12:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/03/30 12:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2010/03/30 12:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/03/30 12:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2010/03/30 12:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/03/17 14:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/03/17 14:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/03/17 14:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [2010/02/02 21:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2010/02/02 21:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)

DRV:64bit: - [2010/02/02 21:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/11/02 11:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2009/09/17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)

DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.nytimes.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\v\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 00:20:22 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/24 19:15:50 | 000,000,000 | ---D | M]

[2011/05/01 21:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v\AppData\Roaming\Mozilla\Extensions

[2012/05/28 19:09:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\extensions

[2012/05/05 00:20:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/05/05 00:20:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011/12/08 10:11:04 | 000,176,952 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll

[2012/04/20 19:51:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2012/04/20 19:36:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/04/20 19:36:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\v\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\v\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll

CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O4:64bit: - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)

O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..Trusted Domains: alohaenterprise.com ([nextstudent] http in Trusted sites)

O15 - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..Trusted Domains: nextstudent.com ([exchange] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60DC434B-7369-4C0B-AA1A-DBA2FA0F87E9}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77690690-0FDD-488C-A672-5196682B4345}: DhcpNameServer = 10.10.1.77 10.10.1.83

O18:64bit: - Protocol\Handler\cozi - No CLSID value found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (MACHINE BootExecut)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/19 15:48:24 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe

[2012/06/19 13:15:05 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\v\Desktop\dds.scr

[2012/06/19 04:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky

[2012/06/19 02:42:39 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/06/15 21:13:09 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Macromedia

[2012/05/28 19:01:45 | 000,000,000 | ---D | C] -- C:\Users\v\.swt

[2012/05/28 19:01:08 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\CRE

[2012/05/28 19:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit

[2012/05/28 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Conduit

========== Files - Modified Within 30 Days ==========

[2012/06/19 15:43:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/19 15:37:16 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\v\Desktop\OTL.exe

[2012/06/19 15:13:10 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000UA.job

[2012/06/19 13:16:15 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/19 13:16:15 | 000,618,264 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/19 13:16:15 | 000,104,546 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/19 13:01:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\v\Desktop\dds.scr

[2012/06/19 12:57:43 | 000,000,840 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000Core.job

[2012/06/19 10:22:01 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/19 10:22:01 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/19 09:37:49 | 428,879,871 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/19 08:54:59 | 000,001,058 | ---- | M] () -- C:\Windows\DCEBOOT.RST

[2012/06/19 08:53:55 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe

[2012/06/19 08:53:41 | 000,021,520 | ---- | M] () -- C:\Windows\DCEBoot64.exe

[2012/06/19 08:28:48 | 006,134,495 | ---- | M] () -- C:\Users\v\AppData\Local\census.cache

[2012/06/19 08:24:39 | 000,097,048 | ---- | M] () -- C:\Users\v\AppData\Local\ars.cache

[2012/06/18 21:47:45 | 000,197,252 | ---- | M] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2147.jpg

[2012/06/18 20:36:26 | 000,183,977 | ---- | M] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2036.jpg

[2012/06/13 09:08:24 | 000,000,407 | ---- | M] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-13_-_bad_emails_fixed_results0.csv

[2012/06/13 09:03:56 | 000,002,745 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13 - bad emails fixed.csv

[2012/06/13 08:42:55 | 000,214,329 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13_results.csv

[2012/06/12 23:30:51 | 000,032,562 | ---- | M] () -- C:\Users\v\Documents\Af231b163-4fda-4423-9f71-efd89fa1f46c.pdf

[2012/06/09 15:09:52 | 000,009,501 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 35 - dupe updates.csv

[2012/06/09 02:01:44 | 000,048,306 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_35_06092012.csv

[2012/06/09 01:39:14 | 000,007,004 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 34 - dupe updates.csv

[2012/06/09 00:48:43 | 000,050,811 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_34_06092012.csv

[2012/06/09 00:37:55 | 000,005,107 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 33 - dupe updates.csv

[2012/06/08 21:49:14 | 000,051,170 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_33_06082012.csv

[2012/06/08 21:34:45 | 000,000,164 | ---- | M] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-05_Group_32_-_dupe_updates_results0.csv

[2012/06/08 21:30:57 | 000,003,453 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 32 - dupe updates.csv

[2012/06/08 20:46:52 | 000,051,919 | ---- | M] () -- C:\Users\v\Documents\export_2102-06-05_Import_-_Group_32_06082012.csv

[2012/06/08 13:01:01 | 000,870,540 | ---- | M] () -- C:\Users\v\Documents\ET Export Results - thru 2012-06-08.zip

[2012/06/08 12:51:54 | 000,003,708 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 29 - dupe updates.csv

[2012/06/08 12:24:42 | 000,038,987 | ---- | M] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_29_06082012.csv

[2012/06/06 11:01:19 | 000,060,336 | ---- | M] () -- C:\Users\v\g2mdlhlpx.exe

[2012/06/05 10:31:19 | 000,001,577 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05 - bad emails fixed.csv

[2012/06/05 10:08:28 | 000,063,605 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_results.csv

[2012/06/03 22:58:11 | 000,009,222 | ---- | M] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-05-31_results.csv

[2012/05/26 16:41:54 | 000,737,319 | ---- | M] () -- C:\Users\v\Documents\found beagle - Speedway Kolb - 2012-05-26.jpg

[2012/05/21 11:52:17 | 000,363,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/06/19 10:19:01 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@

[2012/06/19 08:55:28 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@

[2012/06/19 08:55:28 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@

[2012/06/19 08:55:27 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@

[2012/06/19 08:55:27 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@

[2012/06/19 08:54:59 | 000,001,058 | ---- | C] () -- C:\Windows\DCEBOOT.RST

[2012/06/19 08:53:34 | 000,021,520 | ---- | C] () -- C:\Windows\DCEBoot64.exe

[2012/06/19 08:53:32 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe

[2012/06/19 02:31:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@

[2012/06/19 02:30:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@

[2012/06/18 21:47:45 | 000,197,252 | ---- | C] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2147.jpg

[2012/06/18 20:36:26 | 000,183,977 | ---- | C] () -- C:\Users\v\Documents\Remarket landing page screenshot - 2012-06-18_2036.jpg

[2012/06/13 09:08:26 | 000,000,407 | ---- | C] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-13_-_bad_emails_fixed_results0.csv

[2012/06/13 09:03:47 | 000,002,745 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13 - bad emails fixed.csv

[2012/06/13 08:42:54 | 000,214,329 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-13_results.csv

[2012/06/12 23:30:51 | 000,032,562 | ---- | C] () -- C:\Users\v\Documents\Af231b163-4fda-4423-9f71-efd89fa1f46c.pdf

[2012/06/09 14:35:05 | 000,009,501 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 35 - dupe updates.csv

[2012/06/09 02:01:43 | 000,048,306 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_35_06092012.csv

[2012/06/09 00:48:43 | 000,050,811 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_34_06092012.csv

[2012/06/09 00:48:28 | 000,007,004 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 34 - dupe updates.csv

[2012/06/08 21:58:34 | 000,005,107 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 33 - dupe updates.csv

[2012/06/08 21:49:14 | 000,051,170 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_33_06082012.csv

[2012/06/08 21:34:47 | 000,000,164 | ---- | C] () -- C:\Users\v\Documents\NS_FFELP_Consol_import_list_-_2012-06-05_Group_32_-_dupe_updates_results0.csv

[2012/06/08 20:46:52 | 000,051,919 | ---- | C] () -- C:\Users\v\Documents\export_2102-06-05_Import_-_Group_32_06082012.csv

[2012/06/08 20:35:41 | 000,003,453 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 32 - dupe updates.csv

[2012/06/08 13:01:00 | 000,870,540 | ---- | C] () -- C:\Users\v\Documents\ET Export Results - thru 2012-06-08.zip

[2012/06/08 12:24:42 | 000,038,987 | ---- | C] () -- C:\Users\v\Documents\export_2012-06-05_Import_-_Group_29_06082012.csv

[2012/06/08 12:15:58 | 000,003,708 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_Group 29 - dupe updates.csv

[2012/06/05 10:31:13 | 000,001,577 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05 - bad emails fixed.csv

[2012/06/05 10:08:28 | 000,063,605 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-06-05_results.csv

[2012/06/03 22:58:34 | 000,009,222 | ---- | C] () -- C:\Users\v\Documents\NS FFELP Consol import list - 2012-05-31_results.csv

[2012/05/26 16:41:54 | 000,737,319 | ---- | C] () -- C:\Users\v\Documents\found beagle - Speedway Kolb - 2012-05-26.jpg

[2012/02/27 22:59:32 | 000,157,184 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@

[2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@

[2011/11/10 21:12:06 | 006,134,495 | ---- | C] () -- C:\Users\v\AppData\Local\census.cache

[2011/11/10 21:08:46 | 000,097,048 | ---- | C] () -- C:\Users\v\AppData\Local\ars.cache

[2011/05/13 20:12:42 | 000,000,016 | ---- | C] () -- C:\Windows\popcinfo.dat

[2011/05/08 15:25:43 | 006,904,040 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe

[2011/05/08 15:25:43 | 000,017,857 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

[2011/05/07 13:09:43 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/07 11:50:07 | 000,000,036 | ---- | C] () -- C:\Users\v\AppData\Local\housecall.guid.cache

[2011/05/01 21:01:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011/01/22 12:56:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/12/29 19:21:44 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2010/12/29 19:18:46 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini

[2010/12/29 19:18:46 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini

[2010/12/29 19:18:46 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini

[2010/12/29 19:18:46 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini

[2010/12/29 19:18:46 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini

[2010/12/29 19:18:46 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini

[2010/12/29 19:18:46 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini

[2010/12/29 18:42:01 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

[2010/12/29 17:33:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2011/05/14 13:46:01 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Across Lite 2.0

[2012/05/28 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Azureus

[2012/03/31 15:04:06 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\DAEMON Tools Lite

[2011/05/08 18:35:46 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\PDF Writer

[2011/12/08 10:11:19 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\webex

[2011/05/13 19:52:29 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\WildTangent

[2012/06/12 20:17:15 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 6/19/2012 3:49:20 PM - Run 1

OTL by OldTimer - Version 3.2.50.0 Folder = C:\Users\v\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.61 Gb Available Physical Memory | 78.61% Memory free

11.73 Gb Paging File | 10.18 Gb Available in Paging File | 86.81% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.42 Gb Total Space | 468.85 Gb Free Space | 80.64% Space Free | Partition Type: NTFS

Drive E: | 3.73 Gb Total Space | 3.52 Gb Free Space | 94.42% Space Free | Partition Type: FAT32

Computer Name: V-PC | User Name: v | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0B591597-EE32-F353-ECAA-FB4F58474691}" = ATI AVIVO64 Codecs

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{8F59A8AC-1D7B-8578-38F7-8F5166FA8580}" = ccc-utility64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock

"{EF5745D9-C0A7-4D40-2900-AD093F232827}" = ATI Catalyst Install Manager

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit

"AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)

"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1304

"DW WLAN Card Utility" = DW WLAN Card Utility

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable

"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1B2BDFB3-3786-A62F-F498-83F9EE3FBD0F}" = CCC Help Japanese

"{20068980-5702-5CA7-F335-6592852F7F59}" = CCC Help Italian

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3D6F16CA-13B8-6425-A71A-B91DB3E14F51}" = CCC Help Danish

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40F4FF7A-B214-4453-B973-080B09CED019}" = LoJack Factory Installer

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DE43CB4-9FB5-82E1-780C-9D38E2F1391E}" = CCC Help Dutch

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{597BBBD5-8A69-CF88-2DE3-67194CE5C071}" = Catalyst Control Center Graphics Previews Common

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{71E015CC-52DA-4536-AF0C-C643BA1E45FB}" = Catalyst Control Center - Branding

"{7677040A-E5AA-998C-8810-59F0B5D3E0A8}" = Catalyst Control Center InstallProxy

"{7CC90569-A7DB-5EA0-A9FE-0C5799A28B11}" = CCC Help Chinese Traditional

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8DEB7DD7-FC6D-76C6-712D-40968A736963}" = CCC Help Swedish

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{92531F24-21E5-C8EC-30E6-D56536FD61C7}" = CCC Help Finnish

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{975EA987-5D79-4A1C-AD71-D27B28347B48}" = Across Lite

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9BC422FB-175A-0191-C141-B8B453DAF06E}" = Catalyst Control Center Graphics Previews Vista

"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack

"{A1C21906-351B-685E-7263-A4C30DF381E0}" = CCC Help German

"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software

"{AB6EE148-B13E-C19D-2732-CD0EB23C39B8}" = CCC Help Portuguese

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BE6A55A2-C71F-57DD-E498-7B8F317C0E15}" = ccc-core-static

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D11D2A79-78FA-EA15-CC16-8F24817EAED2}" = CCC Help Korean

"{D165A6B1-6985-072E-969E-333D759D6777}" = CCC Help Spanish

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DF28B648-9636-5DE8-A072-54A5323B0CDA}" = CCC Help Norwegian

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E8DEB138-8DAC-EB25-87CE-D38A2C1C35CE}" = CCC Help French

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F393B7C2-136F-2956-30A3-1099C8394B51}" = CCC Help Chinese Standard

"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{F6F4AF75-109A-638B-80D5-87283B00CD5E}" = Catalyst Control Center Localization All

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FB46EFDE-44F4-83F1-3044-68F5E95E3D4E}" = CCC Help English

"{FBCCCFB0-D89D-C91F-B9B1-8AB1760C1DD0}" = CCC Help Russian

"ActiveTouchMeetingClient" = WebEx

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Advanced Audio FX Engine" = Advanced Audio FX Engine

"DAEMON Tools Lite" = DAEMON Tools Lite

"dBpoweramp Music Converter" = dBpoweramp Music Converter

"Dell Dock" = Dell Dock

"Dell Webcam Central" = Dell Webcam Central

"GoToAssist" = GoToAssist 8.0.0.514

"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"VLC media player" = VLC media player 1.1.11

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"GoToMeeting" = GoToMeeting 5.3.0.970

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/10/2012 4:18:13 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 4/10/2012 4:18:30 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files (x86)\microsoft\search

enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file

"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"

on line 2. Invalid Xml syntax.

Error - 4/12/2012 12:42:23 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 4/12/2012 12:42:23 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 4/14/2012 1:46:09 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 4/14/2012 1:46:25 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 4/14/2012 1:46:41 AM | Computer Name = v-PC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files (x86)\microsoft\search

enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file

"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"

on line 2. Invalid Xml syntax.

Error - 4/17/2012 3:35:05 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Cozi

Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component

version required by the application conflicts with another component version already

active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.

Error - 4/17/2012 3:35:25 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 4/17/2012 3:35:44 PM | Computer Name = v-PC | Source = SideBySide | ID = 16842811

Description = Activation context generation failed for "c:\program files (x86)\microsoft\search

enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file

"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"

on line 2. Invalid Xml syntax.

Error - 4/18/2012 5:02:48 AM | Computer Name = v-PC | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe_EventSystem, version: 6.1.7600.16385,

time stamp: 0x4a5bc3c1 Faulting module name: RPCRT4.dll, version: 6.1.7600.16385,

time stamp: 0x4a5be035 Exception code: 0xc0000005 Fault offset: 0x00000000000388cb

Faulting

process id: 0x14c Faulting application start time: 0x01cd1d2fa807ad65 Faulting application

path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\RPCRT4.dll

Report

Id: 447d7a50-8935-11e1-89de-eafc7b289c79

[ Dell Events ]

Error - 6/14/2011 12:45:44 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 12:41:01 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 12:41:01 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 2:38:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 2:38:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 3:25:24 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/2/2011 3:25:24 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/3/2011 3:08:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 7/3/2011 3:08:30 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

Error - 9/1/2011 6:21:13 PM | Computer Name = v-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

[ System Events ]

Error - 6/19/2012 11:55:08 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 6/19/2012 11:55:09 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7000

Description = The Security Center service failed to start due to the following error:

%%1079

Error - 6/19/2012 11:56:38 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

Error - 6/19/2012 11:56:38 AM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 6/19/2012 12:37:58 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023

Description = The Computer Browser service terminated with the following error:

%%1060

Error - 6/19/2012 12:37:58 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003

Description = The IKE and AuthIP IPsec Keying Modules service depends the following

service: BFE. This service might not be installed.

Error - 6/19/2012 12:38:00 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7003

Description = The IPsec Policy Agent service depends the following service: BFE.

This service might not be installed.

Error - 6/19/2012 12:38:01 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7000

Description = The Security Center service failed to start due to the following error:

%%1079

Error - 6/19/2012 12:40:10 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7023

Description = The Function Discovery Resource Publication service terminated with

the following error: %%-2147024891

Error - 6/19/2012 12:40:10 PM | Computer Name = v-PC | Source = Service Control Manager | ID = 7001

Description = The HomeGroup Provider service depends on the Function Discovery Resource

Publication service which failed to start because of the following error: %%-2147024891

< End of report >

Link to post
Share on other sites

Thanks for your kind words! :)

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

  1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    tdss_1.jpg
  2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
    tdss_2.jpg
  3. Click the Start Scan button.
    tdss_3.jpg
  4. If a suspicious object is detected, the default action will be Skip, click on Continue.
    tdss_4.jpg
  5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
  6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    tdss_5.jpg
  7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-2731273616-2889505413-518904877-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
    [2012/05/28 19:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
    [2012/05/28 19:00:58 | 000,000,000 | ---D | C] -- C:\Users\v\AppData\Local\Conduit
    [2012/06/19 10:19:01 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@
    [2012/06/19 08:55:28 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@
    [2012/06/19 08:55:28 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@
    [2012/06/19 08:55:27 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
    [2012/06/19 08:55:27 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@
    [2012/06/19 02:31:32 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
    [2012/06/19 02:30:56 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
    [2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2012/01/23 20:48:15 | 000,002,048 | -HS- | C] () -- C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2012/05/28 19:59:58 | 000,000,000 | ---D | M] -- C:\Users\v\AppData\Roaming\Azureus

    :files
    C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
    ipconfig /flushdns /c

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • TDSSKiller log
  • OTL Fix log
  • Malwarebytes' Anti-Malware log

Link to post
Share on other sites

Thank you, Maniac. I've done the following:

1. Run the TDSS Killer. It found 2 suspicious objects, which I skipped, but no malicious objects.

2. Run the OTL Custom Fix that you provided, then rebooted.

3. Run a MBAM Quick Scan. No malicious items were detected, and I wasn't prompted to reboot.

The logs for all three processes are below.

-------------------------------------------------------

16:28:27.0293 2852 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31

16:28:27.0324 2852 ============================================================

16:28:27.0324 2852 Current date / time: 2012/06/19 16:28:27.0324

16:28:27.0324 2852 SystemInfo:

16:28:27.0324 2852

16:28:27.0324 2852 OS Version: 6.1.7600 ServicePack: 0.0

16:28:27.0324 2852 Product type: Workstation

16:28:27.0324 2852 ComputerName: V-PC

16:28:27.0324 2852 UserName: v

16:28:27.0324 2852 Windows directory: C:\Windows

16:28:27.0324 2852 System windows directory: C:\Windows

16:28:27.0324 2852 Running under WOW64

16:28:27.0324 2852 Processor architecture: Intel x64

16:28:27.0324 2852 Number of processors: 4

16:28:27.0324 2852 Page size: 0x1000

16:28:27.0324 2852 Boot type: Normal boot

16:28:27.0324 2852 ============================================================

16:28:27.0636 2852 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:28:27.0652 2852 Drive \Device\Harddisk1\DR5 - Size: 0xEEE00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:28:27.0652 2852 ============================================================

16:28:27.0652 2852 \Device\Harddisk0\DR0:

16:28:27.0652 2852 MBR partitions:

16:28:27.0652 2852 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000

16:28:27.0652 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0

16:28:27.0652 2852 \Device\Harddisk1\DR5:

16:28:27.0652 2852 MBR partitions:

16:28:27.0652 2852 \Device\Harddisk1\DR5\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x775080

16:28:27.0652 2852 ============================================================

16:28:27.0683 2852 C: <-> \Device\Harddisk0\DR0\Partition1

16:28:27.0683 2852 ============================================================

16:28:27.0683 2852 Initialize success

16:28:27.0683 2852 ============================================================

16:29:21.0737 4044 ============================================================

16:29:21.0737 4044 Scan started

16:29:21.0737 4044 Mode: Manual; SigCheck; TDLFS;

16:29:21.0737 4044 ============================================================

16:29:22.0252 4044 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys

16:29:22.0361 4044 1394ohci - ok

16:29:22.0424 4044 ACPI (794ff35015209b9d44f1360c42c9776d) C:\Windows\system32\DRIVERS\ACPI.sys

16:29:22.0455 4044 ACPI - ok

16:29:22.0502 4044 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

16:29:22.0533 4044 AcpiPmi - ok

16:29:22.0580 4044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:29:22.0611 4044 adp94xx - ok

16:29:22.0658 4044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:29:22.0689 4044 adpahci - ok

16:29:22.0720 4044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:29:22.0736 4044 adpu320 - ok

16:29:22.0798 4044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

16:29:22.0923 4044 AeLookupSvc - ok

16:29:23.0048 4044 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe

16:29:23.0079 4044 AESTFilters - ok

16:29:23.0126 4044 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

16:29:23.0157 4044 AFD - ok

16:29:23.0188 4044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

16:29:23.0219 4044 agp440 - ok

16:29:23.0250 4044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

16:29:23.0282 4044 ALG - ok

16:29:23.0313 4044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

16:29:23.0328 4044 aliide - ok

16:29:23.0360 4044 AMD External Events Utility (388e79af1c9e4d84a8559fa77f804cf6) C:\Windows\system32\atiesrxx.exe

16:29:23.0406 4044 AMD External Events Utility - ok

16:29:23.0438 4044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

16:29:23.0453 4044 amdide - ok

16:29:23.0484 4044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:29:23.0500 4044 AmdK8 - ok

16:29:23.0812 4044 amdkmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys

16:29:23.0968 4044 amdkmdag - ok

16:29:24.0093 4044 amdkmdap (6f6d47246fbb0cf65619684a0f89179e) C:\Windows\system32\DRIVERS\atikmpag.sys

16:29:24.0124 4044 amdkmdap - ok

16:29:24.0155 4044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:29:24.0186 4044 AmdPPM - ok

16:29:24.0218 4044 amdsata (ab3166c09438a161fbde13099a72e0af) C:\Windows\system32\DRIVERS\amdsata.sys

16:29:24.0233 4044 amdsata - ok

16:29:24.0280 4044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:29:24.0296 4044 amdsbs - ok

16:29:24.0327 4044 amdxata (5118dcd2065d8c8d752ad5ec0b2d6aa6) C:\Windows\system32\DRIVERS\amdxata.sys

16:29:24.0342 4044 amdxata - ok

16:29:24.0389 4044 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

16:29:24.0483 4044 AppID - ok

16:29:24.0530 4044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

16:29:24.0592 4044 AppIDSvc - ok

16:29:24.0623 4044 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

16:29:24.0639 4044 Appinfo - ok

16:29:24.0779 4044 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:29:24.0779 4044 Apple Mobile Device - ok

16:29:24.0826 4044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:29:24.0826 4044 arc - ok

16:29:24.0857 4044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:29:24.0873 4044 arcsas - ok

16:29:24.0904 4044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:29:24.0935 4044 AsyncMac - ok

16:29:24.0998 4044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

16:29:25.0013 4044 atapi - ok

16:29:25.0122 4044 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

16:29:25.0154 4044 AtiHdmiService - ok

16:29:25.0403 4044 atikmdag (79a11cb10ff02a8425dabbb040249f7d) C:\Windows\system32\DRIVERS\atikmdag.sys

16:29:25.0481 4044 atikmdag - ok

16:29:25.0590 4044 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

16:29:25.0653 4044 AudioEndpointBuilder - ok

16:29:25.0653 4044 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

16:29:25.0700 4044 AudioSrv - ok

16:29:25.0731 4044 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

16:29:25.0793 4044 AxInstSV - ok

16:29:25.0856 4044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:29:25.0887 4044 b06bdrv - ok

16:29:25.0934 4044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:29:25.0949 4044 b57nd60a - ok

16:29:25.0996 4044 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

16:29:25.0996 4044 BCM42RLY - ok

16:29:26.0121 4044 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

16:29:26.0199 4044 BCM43XX - ok

16:29:26.0339 4044 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

16:29:26.0355 4044 BcmVWL - ok

16:29:26.0386 4044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

16:29:26.0417 4044 BDESVC - ok

16:29:26.0448 4044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:29:26.0511 4044 Beep - ok

16:29:26.0542 4044 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

16:29:26.0589 4044 BITS - ok

16:29:26.0620 4044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:29:26.0636 4044 blbdrive - ok

16:29:26.0714 4044 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

16:29:26.0729 4044 Bonjour Service - ok

16:29:26.0776 4044 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

16:29:26.0807 4044 bowser - ok

16:29:26.0838 4044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:29:26.0854 4044 BrFiltLo - ok

16:29:26.0870 4044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:29:26.0885 4044 BrFiltUp - ok

16:29:26.0932 4044 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

16:29:26.0979 4044 Browser - ok

16:29:26.0995 4044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:29:27.0026 4044 Brserid - ok

16:29:27.0041 4044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:29:27.0057 4044 BrSerWdm - ok

16:29:27.0088 4044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:29:27.0104 4044 BrUsbMdm - ok

16:29:27.0135 4044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:29:27.0151 4044 BrUsbSer - ok

16:29:27.0182 4044 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

16:29:27.0197 4044 BthEnum - ok

16:29:27.0213 4044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:29:27.0229 4044 BTHMODEM - ok

16:29:27.0244 4044 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

16:29:27.0260 4044 BthPan - ok

16:29:27.0322 4044 BTHPORT (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\System32\Drivers\BTHport.sys

16:29:27.0369 4044 BTHPORT - ok

16:29:27.0400 4044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

16:29:27.0447 4044 bthserv - ok

16:29:27.0478 4044 BTHUSB (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\System32\Drivers\BTHUSB.sys

16:29:27.0509 4044 BTHUSB - ok

16:29:27.0541 4044 btusbflt (d3466f77c2c49c6e393ba5fba963a33e) C:\Windows\system32\drivers\btusbflt.sys

16:29:27.0541 4044 btusbflt - ok

16:29:27.0572 4044 btwaudio (af838d8029ae7c27470862d63fa54d24) C:\Windows\system32\drivers\btwaudio.sys

16:29:27.0587 4044 btwaudio - ok

16:29:27.0619 4044 btwavdt (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\DRIVERS\btwavdt.sys

16:29:27.0619 4044 btwavdt - ok

16:29:27.0712 4044 btwdins (10ffb5fa51d5713d872b41a59dfc2213) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

16:29:27.0743 4044 btwdins - ok

16:29:27.0775 4044 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

16:29:27.0790 4044 btwl2cap - ok

16:29:27.0806 4044 btwrchid (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys

16:29:27.0806 4044 btwrchid - ok

16:29:27.0837 4044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:29:27.0868 4044 cdfs - ok

16:29:27.0899 4044 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

16:29:27.0899 4044 cdrom - ok

16:29:27.0946 4044 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

16:29:27.0993 4044 CertPropSvc - ok

16:29:28.0009 4044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:29:28.0024 4044 circlass - ok

16:29:28.0055 4044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:29:28.0087 4044 CLFS - ok

16:29:28.0165 4044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:29:28.0180 4044 clr_optimization_v2.0.50727_32 - ok

16:29:28.0227 4044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:29:28.0243 4044 clr_optimization_v2.0.50727_64 - ok

16:29:28.0274 4044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:29:28.0289 4044 CmBatt - ok

16:29:28.0305 4044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

16:29:28.0321 4044 cmdide - ok

16:29:28.0383 4044 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

16:29:28.0430 4044 CNG - ok

16:29:28.0477 4044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:29:28.0477 4044 Compbatt - ok

16:29:28.0508 4044 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

16:29:28.0555 4044 CompositeBus - ok

16:29:28.0570 4044 COMSysApp - ok

16:29:28.0570 4044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:29:28.0586 4044 crcdisk - ok

16:29:28.0617 4044 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

16:29:28.0679 4044 CryptSvc - ok

16:29:28.0711 4044 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

16:29:28.0742 4044 CtClsFlt - ok

16:29:28.0804 4044 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

16:29:28.0851 4044 DcomLaunch - ok

16:29:28.0898 4044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

16:29:28.0945 4044 defragsvc - ok

16:29:28.0960 4044 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

16:29:28.0976 4044 DfsC - ok

16:29:29.0023 4044 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

16:29:29.0085 4044 Dhcp - ok

16:29:29.0132 4044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:29:29.0179 4044 discache - ok

16:29:29.0210 4044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:29:29.0225 4044 Disk - ok

16:29:29.0272 4044 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

16:29:29.0288 4044 Dnscache - ok

16:29:29.0397 4044 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

16:29:29.0413 4044 DockLoginService ( UnsignedFile.Multi.Generic ) - warning

16:29:29.0413 4044 DockLoginService - detected UnsignedFile.Multi.Generic (1)

16:29:29.0428 4044 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

16:29:29.0506 4044 dot3svc - ok

16:29:29.0537 4044 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

16:29:29.0569 4044 DPS - ok

16:29:29.0600 4044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:29:29.0615 4044 drmkaud - ok

16:29:29.0662 4044 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys

16:29:29.0678 4044 dtsoftbus01 - ok

16:29:29.0725 4044 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys

16:29:29.0756 4044 DXGKrnl - ok

16:29:29.0787 4044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

16:29:29.0834 4044 EapHost - ok

16:29:29.0943 4044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:29:30.0005 4044 ebdrv - ok

16:29:30.0083 4044 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

16:29:30.0115 4044 EFS - ok

16:29:30.0193 4044 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

16:29:30.0224 4044 ehRecvr - ok

16:29:30.0255 4044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

16:29:30.0286 4044 ehSched - ok

16:29:30.0380 4044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:29:30.0395 4044 elxstor - ok

16:29:30.0427 4044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

16:29:30.0427 4044 ErrDev - ok

16:29:30.0473 4044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

16:29:30.0505 4044 EventSystem - ok

16:29:30.0551 4044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:29:30.0583 4044 exfat - ok

16:29:30.0614 4044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:29:30.0645 4044 fastfat - ok

16:29:30.0692 4044 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

16:29:30.0739 4044 Fax - ok

16:29:30.0770 4044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:29:30.0785 4044 fdc - ok

16:29:30.0817 4044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

16:29:30.0863 4044 fdPHost - ok

16:29:30.0879 4044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

16:29:30.0910 4044 FDResPub - ok

16:29:30.0926 4044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:29:30.0941 4044 FileInfo - ok

16:29:30.0957 4044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:29:30.0988 4044 Filetrace - ok

16:29:31.0082 4044 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

16:29:31.0113 4044 FLEXnet Licensing Service - ok

16:29:31.0144 4044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:29:31.0160 4044 flpydisk - ok

16:29:31.0175 4044 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

16:29:31.0191 4044 FltMgr - ok

16:29:31.0238 4044 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll

16:29:31.0300 4044 FontCache - ok

16:29:31.0409 4044 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:29:31.0425 4044 FontCache3.0.0.0 - ok

16:29:31.0472 4044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:29:31.0487 4044 FsDepends - ok

16:29:31.0534 4044 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

16:29:31.0550 4044 Fs_Rec - ok

16:29:31.0597 4044 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:29:31.0612 4044 fvevol - ok

16:29:31.0659 4044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:29:31.0675 4044 gagp30kx - ok

16:29:31.0768 4044 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe

16:29:31.0784 4044 GameConsoleService - ok

16:29:31.0831 4044 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

16:29:31.0846 4044 GEARAspiWDM - ok

16:29:31.0877 4044 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

16:29:31.0893 4044 GoToAssist - ok

16:29:31.0955 4044 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

16:29:32.0002 4044 gpsvc - ok

16:29:32.0033 4044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:29:32.0049 4044 hcw85cir - ok

16:29:32.0096 4044 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

16:29:32.0127 4044 HdAudAddService - ok

16:29:32.0189 4044 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

16:29:32.0205 4044 HDAudBus - ok

16:29:32.0236 4044 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

16:29:32.0252 4044 HECIx64 - ok

16:29:32.0283 4044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:29:32.0283 4044 HidBatt - ok

16:29:32.0299 4044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:29:32.0314 4044 HidBth - ok

16:29:32.0330 4044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:29:32.0345 4044 HidIr - ok

16:29:32.0361 4044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

16:29:32.0392 4044 hidserv - ok

16:29:32.0439 4044 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

16:29:32.0470 4044 HidUsb - ok

16:29:32.0501 4044 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

16:29:32.0564 4044 hkmsvc - ok

16:29:32.0564 4044 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

16:29:32.0579 4044 HomeGroupListener - ok

16:29:32.0611 4044 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

16:29:32.0626 4044 HomeGroupProvider - ok

16:29:32.0673 4044 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

16:29:32.0689 4044 HpSAMD - ok

16:29:32.0720 4044 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

16:29:32.0782 4044 HTTP - ok

16:29:32.0798 4044 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

16:29:32.0798 4044 hwpolicy - ok

16:29:32.0829 4044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

16:29:32.0845 4044 i8042prt - ok

16:29:32.0891 4044 iaStor (2064090c9faad92c090d77e50e735b2e) C:\Windows\system32\DRIVERS\iaStor.sys

16:29:32.0907 4044 iaStor - ok

16:29:33.0001 4044 IAStorDataMgrSvc (a9be186abf28b3d3d698cb855edf457e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

16:29:33.0016 4044 IAStorDataMgrSvc - ok

16:29:33.0063 4044 iaStorV (513dc087cfed7d2bb82f005385d3531f) C:\Windows\system32\DRIVERS\iaStorV.sys

16:29:33.0094 4044 iaStorV - ok

16:29:33.0203 4044 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:29:33.0235 4044 idsvc - ok

16:29:33.0437 4044 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys

16:29:33.0593 4044 igfx - ok

16:29:33.0703 4044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:29:33.0718 4044 iirsp - ok

16:29:33.0765 4044 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

16:29:33.0827 4044 IKEEXT - ok

16:29:33.0843 4044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

16:29:33.0859 4044 intelide - ok

16:29:33.0905 4044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:29:33.0905 4044 intelppm - ok

16:29:33.0937 4044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

16:29:33.0968 4044 IPBusEnum - ok

16:29:33.0983 4044 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:29:34.0015 4044 IpFilterDriver - ok

16:29:34.0015 4044 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

16:29:34.0030 4044 IPMIDRV - ok

16:29:34.0046 4044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:29:34.0077 4044 IPNAT - ok

16:29:34.0155 4044 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe

16:29:34.0186 4044 iPod Service - ok

16:29:34.0233 4044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:29:34.0249 4044 IRENUM - ok

16:29:34.0249 4044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

16:29:34.0264 4044 isapnp - ok

16:29:34.0280 4044 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

16:29:34.0295 4044 iScsiPrt - ok

16:29:34.0311 4044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:29:34.0311 4044 kbdclass - ok

16:29:34.0342 4044 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

16:29:34.0342 4044 kbdhid - ok

16:29:34.0405 4044 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

16:29:34.0420 4044 KeyIso - ok

16:29:34.0436 4044 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

16:29:34.0451 4044 KSecDD - ok

16:29:34.0467 4044 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

16:29:34.0483 4044 KSecPkg - ok

16:29:34.0514 4044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:29:34.0545 4044 ksthunk - ok

16:29:34.0576 4044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

16:29:34.0623 4044 KtmRm - ok

16:29:34.0654 4044 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

16:29:34.0670 4044 LanmanServer - ok

16:29:34.0717 4044 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

16:29:34.0748 4044 LanmanWorkstation - ok

16:29:34.0795 4044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:29:34.0841 4044 lltdio - ok

16:29:34.0888 4044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

16:29:34.0935 4044 lltdsvc - ok

16:29:34.0951 4044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

16:29:34.0982 4044 lmhosts - ok

16:29:35.0107 4044 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:29:35.0122 4044 LMS - ok

16:29:35.0169 4044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:29:35.0185 4044 LSI_FC - ok

16:29:35.0216 4044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:29:35.0231 4044 LSI_SAS - ok

16:29:35.0247 4044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:29:35.0247 4044 LSI_SAS2 - ok

16:29:35.0263 4044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:29:35.0278 4044 LSI_SCSI - ok

16:29:35.0294 4044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:29:35.0341 4044 luafv - ok

16:29:35.0387 4044 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

16:29:35.0403 4044 Mcx2Svc - ok

16:29:35.0434 4044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:29:35.0450 4044 megasas - ok

16:29:35.0465 4044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:29:35.0481 4044 MegaSR - ok

16:29:35.0512 4044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:29:35.0559 4044 MMCSS - ok

16:29:35.0590 4044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:29:35.0621 4044 Modem - ok

16:29:35.0653 4044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:29:35.0653 4044 monitor - ok

16:29:35.0684 4044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:29:35.0699 4044 mouclass - ok

16:29:35.0715 4044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:29:35.0731 4044 mouhid - ok

16:29:35.0762 4044 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

16:29:35.0777 4044 mountmgr - ok

16:29:35.0855 4044 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:29:35.0871 4044 MozillaMaintenance - ok

16:29:35.0887 4044 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

16:29:35.0902 4044 mpio - ok

16:29:35.0933 4044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:29:35.0980 4044 mpsdrv - ok

16:29:35.0996 4044 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

16:29:36.0011 4044 MRxDAV - ok

16:29:36.0043 4044 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:29:36.0074 4044 mrxsmb - ok

16:29:36.0089 4044 mrxsmb10 (a8c2d7673c8a010569390c826a0efaf4) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:29:36.0105 4044 mrxsmb10 - ok

16:29:36.0136 4044 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:29:36.0152 4044 mrxsmb20 - ok

16:29:36.0183 4044 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys

16:29:36.0183 4044 msahci - ok

16:29:36.0230 4044 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

16:29:36.0245 4044 msdsm - ok

16:29:36.0261 4044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

16:29:36.0277 4044 MSDTC - ok

16:29:36.0292 4044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:29:36.0339 4044 Msfs - ok

16:29:36.0355 4044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:29:36.0386 4044 mshidkmdf - ok

16:29:36.0401 4044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

16:29:36.0401 4044 msisadrv - ok

16:29:36.0448 4044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

16:29:36.0495 4044 MSiSCSI - ok

16:29:36.0511 4044 msiserver - ok

16:29:36.0542 4044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:29:36.0573 4044 MSKSSRV - ok

16:29:36.0573 4044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:29:36.0604 4044 MSPCLOCK - ok

16:29:36.0620 4044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:29:36.0651 4044 MSPQM - ok

16:29:36.0667 4044 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

16:29:36.0682 4044 MsRPC - ok

16:29:36.0713 4044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

16:29:36.0729 4044 mssmbios - ok

16:29:36.0760 4044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:29:36.0791 4044 MSTEE - ok

16:29:36.0807 4044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:29:36.0807 4044 MTConfig - ok

16:29:36.0854 4044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:29:36.0869 4044 Mup - ok

16:29:36.0916 4044 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

16:29:36.0963 4044 napagent - ok

16:29:37.0025 4044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:29:37.0057 4044 NativeWifiP - ok

16:29:37.0119 4044 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

16:29:37.0166 4044 NDIS - ok

16:29:37.0181 4044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:29:37.0213 4044 NdisCap - ok

16:29:37.0244 4044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:29:37.0275 4044 NdisTapi - ok

16:29:37.0322 4044 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

16:29:37.0369 4044 Ndisuio - ok

16:29:37.0384 4044 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

16:29:37.0431 4044 NdisWan - ok

16:29:37.0431 4044 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

16:29:37.0462 4044 NDProxy - ok

16:29:37.0493 4044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:29:37.0525 4044 NetBIOS - ok

16:29:37.0556 4044 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

16:29:37.0587 4044 NetBT - ok

16:29:37.0618 4044 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

16:29:37.0634 4044 Netlogon - ok

16:29:37.0665 4044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

16:29:37.0727 4044 Netman - ok

16:29:37.0743 4044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

16:29:37.0774 4044 netprofm - ok

16:29:37.0868 4044 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

16:29:37.0883 4044 NetTcpPortSharing - ok

16:29:37.0930 4044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:29:37.0946 4044 nfrd960 - ok

16:29:37.0993 4044 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

16:29:38.0039 4044 NlaSvc - ok

16:29:38.0055 4044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:29:38.0086 4044 Npfs - ok

16:29:38.0117 4044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

16:29:38.0149 4044 nsi - ok

16:29:38.0180 4044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:29:38.0211 4044 nsiproxy - ok

16:29:38.0289 4044 Ntfs (1ad8fef2d6ac7116b68b887a9782fd33) C:\Windows\system32\drivers\Ntfs.sys

16:29:38.0336 4044 Ntfs - ok

16:29:38.0429 4044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:29:38.0492 4044 Null - ok

16:29:38.0523 4044 nvraid (deab10231cbdb0881fc25428ebe11506) C:\Windows\system32\DRIVERS\nvraid.sys

16:29:38.0523 4044 nvraid - ok

16:29:38.0539 4044 nvstor (0af7b8136794e23e87be138992880e64) C:\Windows\system32\DRIVERS\nvstor.sys

16:29:38.0554 4044 nvstor - ok

16:29:38.0570 4044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

16:29:38.0585 4044 nv_agp - ok

16:29:38.0601 4044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

16:29:38.0617 4044 ohci1394 - ok

16:29:38.0679 4044 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:29:38.0695 4044 ose - ok

16:29:38.0741 4044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:29:38.0788 4044 p2pimsvc - ok

16:29:38.0819 4044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

16:29:38.0835 4044 p2psvc - ok

16:29:38.0866 4044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:29:38.0882 4044 Parport - ok

16:29:38.0929 4044 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

16:29:38.0944 4044 partmgr - ok

16:29:38.0975 4044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

16:29:39.0022 4044 PcaSvc - ok

16:29:39.0053 4044 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

16:29:39.0069 4044 pci - ok

16:29:39.0100 4044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

16:29:39.0100 4044 pciide - ok

16:29:39.0116 4044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:29:39.0131 4044 pcmcia - ok

16:29:39.0147 4044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:29:39.0163 4044 pcw - ok

16:29:39.0194 4044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:29:39.0241 4044 PEAUTH - ok

16:29:39.0319 4044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

16:29:39.0334 4044 PerfHost - ok

16:29:39.0397 4044 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

16:29:39.0459 4044 pla - ok

16:29:39.0537 4044 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll

16:29:39.0599 4044 PlugPlay - ok

16:29:39.0615 4044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

16:29:39.0631 4044 PNRPAutoReg - ok

16:29:39.0646 4044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:29:39.0662 4044 PNRPsvc - ok

16:29:39.0709 4044 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

16:29:39.0755 4044 PolicyAgent - ok

16:29:39.0787 4044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

16:29:39.0818 4044 Power - ok

16:29:39.0880 4044 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

16:29:39.0927 4044 PptpMiniport - ok

16:29:39.0943 4044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:29:39.0943 4044 Processor - ok

16:29:39.0989 4044 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

16:29:40.0021 4044 ProfSvc - ok

16:29:40.0052 4044 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

16:29:40.0052 4044 ProtectedStorage - ok

16:29:40.0099 4044 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

16:29:40.0145 4044 Psched - ok

16:29:40.0177 4044 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

16:29:40.0192 4044 PxHlpa64 - ok

16:29:40.0255 4044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:29:40.0301 4044 ql2300 - ok

16:29:40.0411 4044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:29:40.0426 4044 ql40xx - ok

16:29:40.0457 4044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

16:29:40.0489 4044 QWAVE - ok

16:29:40.0504 4044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:29:40.0520 4044 QWAVEdrv - ok

16:29:40.0535 4044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:29:40.0567 4044 RasAcd - ok

16:29:40.0613 4044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:29:40.0660 4044 RasAgileVpn - ok

16:29:40.0691 4044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

16:29:40.0754 4044 RasAuto - ok

16:29:40.0769 4044 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:29:40.0801 4044 Rasl2tp - ok

16:29:40.0832 4044 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

16:29:40.0863 4044 RasMan - ok

16:29:40.0894 4044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:29:40.0925 4044 RasPppoe - ok

16:29:40.0957 4044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:29:40.0988 4044 RasSstp - ok

16:29:41.0003 4044 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

16:29:41.0050 4044 rdbss - ok

16:29:41.0066 4044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:29:41.0081 4044 rdpbus - ok

16:29:41.0097 4044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:29:41.0128 4044 RDPCDD - ok

16:29:41.0159 4044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:29:41.0237 4044 RDPENCDD - ok

16:29:41.0269 4044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:29:41.0300 4044 RDPREFMP - ok

16:29:41.0315 4044 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

16:29:41.0347 4044 RDPWD - ok

16:29:41.0362 4044 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

16:29:41.0378 4044 rdyboost - ok

16:29:41.0409 4044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

16:29:41.0440 4044 RemoteAccess - ok

16:29:41.0471 4044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

16:29:41.0503 4044 RemoteRegistry - ok

16:29:41.0549 4044 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

16:29:41.0581 4044 RFCOMM - ok

16:29:41.0612 4044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

16:29:41.0659 4044 RpcEptMapper - ok

16:29:41.0674 4044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

16:29:41.0690 4044 RpcLocator - ok

16:29:41.0705 4044 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

16:29:41.0752 4044 RpcSs - ok

16:29:41.0783 4044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:29:41.0815 4044 rspndr - ok

16:29:41.0861 4044 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys

16:29:41.0877 4044 RSUSBSTOR - ok

16:29:41.0924 4044 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys

16:29:41.0939 4044 RTL8167 - ok

16:29:41.0986 4044 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

16:29:42.0002 4044 SamSs - ok

16:29:42.0017 4044 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

16:29:42.0033 4044 sbp2port - ok

16:29:42.0064 4044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

16:29:42.0111 4044 SCardSvr - ok

16:29:42.0127 4044 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

16:29:42.0158 4044 scfilter - ok

16:29:42.0205 4044 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

16:29:42.0251 4044 Schedule - ok

16:29:42.0283 4044 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

16:29:42.0314 4044 SCPolicySvc - ok

16:29:42.0345 4044 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

16:29:42.0361 4044 SDRSVC - ok

16:29:42.0454 4044 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

16:29:42.0470 4044 SeaPort - ok

16:29:42.0548 4044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:29:42.0595 4044 secdrv - ok

16:29:42.0626 4044 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

16:29:42.0657 4044 seclogon - ok

16:29:42.0688 4044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

16:29:42.0719 4044 SENS - ok

16:29:42.0735 4044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

16:29:42.0766 4044 SensrSvc - ok

16:29:42.0797 4044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:29:42.0797 4044 Serenum - ok

16:29:42.0829 4044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:29:42.0844 4044 Serial - ok

16:29:42.0875 4044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:29:42.0875 4044 sermouse - ok

16:29:42.0922 4044 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

16:29:42.0953 4044 SessionEnv - ok

16:29:42.0985 4044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

16:29:43.0000 4044 sffdisk - ok

16:29:43.0031 4044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

16:29:43.0047 4044 sffp_mmc - ok

16:29:43.0063 4044 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys

16:29:43.0078 4044 sffp_sd - ok

16:29:43.0094 4044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:29:43.0109 4044 sfloppy - ok

16:29:43.0187 4044 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

16:29:43.0219 4044 SftService - ok

16:29:43.0265 4044 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

16:29:43.0281 4044 ShellHWDetection - ok

16:29:43.0312 4044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:29:43.0328 4044 SiSRaid2 - ok

16:29:43.0343 4044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:29:43.0359 4044 SiSRaid4 - ok

16:29:43.0375 4044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:29:43.0421 4044 Smb - ok

16:29:43.0453 4044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

16:29:43.0468 4044 SNMPTRAP - ok

16:29:43.0499 4044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:29:43.0499 4044 spldr - ok

16:29:43.0546 4044 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

16:29:43.0577 4044 Spooler - ok

16:29:43.0687 4044 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

16:29:43.0780 4044 sppsvc - ok

16:29:43.0889 4044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

16:29:43.0936 4044 sppuinotify - ok

16:29:44.0045 4044 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

16:29:44.0061 4044 sprtsvc_DellSupportCenter - ok

16:29:44.0123 4044 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

16:29:44.0155 4044 srv - ok

16:29:44.0170 4044 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

16:29:44.0201 4044 srv2 - ok

16:29:44.0233 4044 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

16:29:44.0248 4044 srvnet - ok

16:29:44.0279 4044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

16:29:44.0326 4044 SSDPSRV - ok

16:29:44.0342 4044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

16:29:44.0373 4044 SstpSvc - ok

16:29:44.0467 4044 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe

16:29:44.0482 4044 STacSV - ok

16:29:44.0513 4044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:29:44.0529 4044 stexstor - ok

16:29:44.0591 4044 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys

16:29:44.0607 4044 STHDA - ok

16:29:44.0654 4044 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

16:29:44.0701 4044 stisvc - ok

16:29:44.0716 4044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

16:29:44.0732 4044 swenum - ok

16:29:44.0794 4044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

16:29:44.0841 4044 swprv - ok

16:29:44.0888 4044 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys

16:29:44.0903 4044 SynTP - ok

16:29:44.0981 4044 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

16:29:45.0028 4044 SysMain - ok

16:29:45.0122 4044 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

16:29:45.0137 4044 TabletInputService - ok

16:29:45.0169 4044 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

16:29:45.0215 4044 TapiSrv - ok

16:29:45.0231 4044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

16:29:45.0262 4044 TBS - ok

16:29:45.0371 4044 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

16:29:45.0434 4044 Tcpip - ok

16:29:45.0605 4044 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

16:29:45.0637 4044 TCPIP6 - ok

16:29:45.0683 4044 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

16:29:45.0730 4044 tcpipreg - ok

16:29:45.0746 4044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:29:45.0761 4044 TDPIPE - ok

16:29:45.0793 4044 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

16:29:45.0808 4044 TDTCP - ok

16:29:45.0824 4044 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

16:29:45.0871 4044 tdx - ok

16:29:45.0902 4044 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

16:29:45.0917 4044 TermDD - ok

16:29:45.0964 4044 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

16:29:46.0027 4044 TermService - ok

16:29:46.0042 4044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

16:29:46.0058 4044 Themes - ok

16:29:46.0089 4044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:29:46.0120 4044 THREADORDER - ok

16:29:46.0151 4044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

16:29:46.0183 4044 TrkWks - ok

16:29:46.0245 4044 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

16:29:46.0261 4044 TrustedInstaller - ok

16:29:46.0292 4044 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:29:46.0323 4044 tssecsrv - ok

16:29:46.0354 4044 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

16:29:46.0417 4044 tunnel - ok

16:29:46.0448 4044 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

16:29:46.0448 4044 TurboB - ok

16:29:46.0510 4044 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

16:29:46.0526 4044 TurboBoost - ok

16:29:46.0541 4044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:29:46.0557 4044 uagp35 - ok

16:29:46.0588 4044 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys

16:29:46.0604 4044 udfs - ok

16:29:46.0651 4044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

16:29:46.0666 4044 UI0Detect - ok

16:29:46.0682 4044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

16:29:46.0697 4044 uliagpkx - ok

16:29:46.0713 4044 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

16:29:46.0729 4044 umbus - ok

16:29:46.0744 4044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:29:46.0744 4044 UmPass - ok

16:29:46.0931 4044 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:29:46.0978 4044 UNS - ok

16:29:47.0072 4044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

16:29:47.0119 4044 upnphost - ok

16:29:47.0165 4044 usbccgp (945bfba692c0f3cdf5a9d824972188f6) C:\Windows\system32\DRIVERS\usbccgp.sys

16:29:47.0197 4044 usbccgp - ok

16:29:47.0228 4044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

16:29:47.0243 4044 usbcir - ok

16:29:47.0275 4044 usbehci (b6942800840c9466223aefd4d9a74fbf) C:\Windows\system32\DRIVERS\usbehci.sys

16:29:47.0290 4044 usbehci - ok

16:29:47.0321 4044 usbhub (85bc7b6ee233b4e979e024a3cd15cd49) C:\Windows\system32\DRIVERS\usbhub.sys

16:29:47.0337 4044 usbhub - ok

16:29:47.0353 4044 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

16:29:47.0384 4044 usbohci - ok

16:29:47.0399 4044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:29:47.0431 4044 usbprint - ok

16:29:47.0462 4044 USBSTOR (a60e7e0fa88ff067d049d525547cd5e9) C:\Windows\system32\DRIVERS\USBSTOR.SYS

16:29:47.0477 4044 USBSTOR - ok

16:29:47.0477 4044 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

16:29:47.0493 4044 usbuhci - ok

16:29:47.0540 4044 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

16:29:47.0587 4044 usbvideo - ok

16:29:47.0618 4044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

16:29:47.0665 4044 UxSms - ok

16:29:47.0696 4044 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

16:29:47.0696 4044 VaultSvc - ok

16:29:47.0727 4044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

16:29:47.0727 4044 vdrvroot - ok

16:29:47.0758 4044 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

16:29:47.0774 4044 vds - ok

16:29:47.0805 4044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:29:47.0821 4044 vga - ok

16:29:47.0836 4044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:29:47.0867 4044 VgaSave - ok

16:29:47.0883 4044 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

16:29:47.0899 4044 vhdmp - ok

16:29:47.0914 4044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

16:29:47.0930 4044 viaide - ok

16:29:47.0945 4044 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

16:29:47.0945 4044 volmgr - ok

16:29:47.0977 4044 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

16:29:47.0992 4044 volmgrx - ok

16:29:48.0023 4044 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

16:29:48.0039 4044 volsnap - ok

16:29:48.0070 4044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:29:48.0070 4044 vsmraid - ok

16:29:48.0148 4044 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

16:29:48.0195 4044 VSS - ok

16:29:48.0304 4044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

16:29:48.0320 4044 vwifibus - ok

16:29:48.0351 4044 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

16:29:48.0367 4044 vwififlt - ok

16:29:48.0413 4044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

16:29:48.0445 4044 W32Time - ok

16:29:48.0460 4044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:29:48.0476 4044 WacomPen - ok

16:29:48.0507 4044 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:29:48.0538 4044 WANARP - ok

16:29:48.0538 4044 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

16:29:48.0569 4044 Wanarpv6 - ok

16:29:48.0632 4044 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

16:29:48.0679 4044 wbengine - ok

16:29:48.0772 4044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

16:29:48.0788 4044 WbioSrvc - ok

16:29:48.0803 4044 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll

16:29:48.0819 4044 wcncsvc - ok

16:29:48.0835 4044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

16:29:48.0881 4044 WcsPlugInService - ok

16:29:48.0928 4044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:29:48.0944 4044 Wd - ok

16:29:48.0975 4044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:29:49.0006 4044 Wdf01000 - ok

16:29:49.0037 4044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:29:49.0053 4044 WdiServiceHost - ok

16:29:49.0053 4044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:29:49.0069 4044 WdiSystemHost - ok

16:29:49.0100 4044 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll

16:29:49.0115 4044 WebClient - ok

16:29:49.0131 4044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

16:29:49.0178 4044 Wecsvc - ok

16:29:49.0178 4044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

16:29:49.0209 4044 wercplsupport - ok

16:29:49.0271 4044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

16:29:49.0318 4044 WerSvc - ok

16:29:49.0365 4044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:29:49.0412 4044 WfpLwf - ok

16:29:49.0443 4044 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

16:29:49.0459 4044 WimFltr - ok

16:29:49.0459 4044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:29:49.0474 4044 WIMMount - ok

16:29:49.0474 4044 WinHttpAutoProxySvc - ok

16:29:49.0537 4044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

16:29:49.0599 4044 Winmgmt - ok

16:29:49.0661 4044 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

16:29:49.0724 4044 WinRM - ok

16:29:49.0864 4044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

16:29:49.0895 4044 Wlansvc - ok

16:29:49.0973 4044 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

16:29:49.0989 4044 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

16:29:49.0989 4044 wltrysvc - detected UnsignedFile.Multi.Generic (1)

16:29:50.0051 4044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

16:29:50.0067 4044 WmiAcpi - ok

16:29:50.0129 4044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

16:29:50.0161 4044 wmiApSrv - ok

16:29:50.0207 4044 WMPNetworkSvc - ok

16:29:50.0254 4044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

16:29:50.0285 4044 WPCSvc - ok

16:29:50.0301 4044 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

16:29:50.0317 4044 WPDBusEnum - ok

16:29:50.0348 4044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:29:50.0379 4044 ws2ifsl - ok

16:29:50.0410 4044 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

16:29:50.0441 4044 wscsvc - ok

16:29:50.0441 4044 WSearch - ok

16:29:50.0535 4044 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

16:29:50.0613 4044 wuauserv - ok

16:29:50.0707 4044 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys

16:29:50.0738 4044 WudfPf - ok

16:29:50.0769 4044 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:29:50.0785 4044 WUDFRd - ok

16:29:50.0800 4044 wudfsvc (27b9bee5aac00139e3a3af5d6227a0dc) C:\Windows\System32\WUDFSvc.dll

16:29:50.0816 4044 wudfsvc - ok

16:29:50.0847 4044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

16:29:50.0863 4044 WwanSvc - ok

16:29:50.0894 4044 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys

16:29:50.0909 4044 yukonw7 - ok

16:29:50.0941 4044 MBR (0x1B8) (c3220eb08add62e3ed9f72a1f4e4b1bb) \Device\Harddisk0\DR0

16:29:51.0221 4044 \Device\Harddisk0\DR0 - ok

16:29:51.0237 4044 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR5

16:29:51.0736 4044 \Device\Harddisk1\DR5 - ok

16:29:51.0736 4044 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0

16:29:51.0752 4044 \Device\Harddisk0\DR0\Partition0 - ok

16:29:51.0767 4044 Boot (0x1200) (723ffebde086355ce5f5c8e20d4fdb4a) \Device\Harddisk0\DR0\Partition1

16:29:51.0767 4044 \Device\Harddisk0\DR0\Partition1 - ok

16:29:51.0783 4044 Boot (0x1200) (abc797e2965be197cd01f47e78623aec) \Device\Harddisk1\DR5\Partition0

16:29:51.0783 4044 \Device\Harddisk1\DR5\Partition0 - ok

16:29:51.0783 4044 ============================================================

16:29:51.0783 4044 Scan finished

16:29:51.0783 4044 ============================================================

16:29:51.0799 2928 Detected object count: 2

16:29:51.0799 2928 Actual detected object count: 2

16:30:25.0853 2928 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user

16:30:25.0853 2928 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

16:30:25.0853 2928 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

16:30:25.0853 2928 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry value HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.

Registry key HKEY_USERS\S-1-5-21-2731273616-2889505413-518904877-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.

C:\Program Files (x86)\Conduit folder moved successfully.

C:\Users\v\AppData\Local\Conduit folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@ moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully.

C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully.

C:\Users\v\AppData\Roaming\Azureus\torrents folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\tmp\AZU847548663690459923.tmp folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\tmp folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\subs folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\shares folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\rss folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\mlab folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\azutp\x64 folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\azutp\win32 folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\azutp folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\azupnpav folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins\aefeatman_v folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\plugins folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\net folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\logs folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\dht folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\devices folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus\active folder moved successfully.

C:\Users\v\AppData\Roaming\Azureus folder moved successfully.

========== FILES ==========

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.

Folder move failed. C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} scheduled to be moved on reboot.

C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L folder moved successfully.

C:\Users\v\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\v\Desktop\cmd.bat deleted successfully.

C:\Users\v\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: v

->Temp folder emptied: 596479825 bytes

->Temporary Internet Files folder emptied: 60448439 bytes

->Java cache emptied: 326347 bytes

->FireFox cache emptied: 508975819 bytes

->Google Chrome cache emptied: 13810545 bytes

->Flash cache emptied: 7458 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 18542660 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 170329912 bytes

Total Files Cleaned = 1,306.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.50.0 log created on 06192012_171202

Files\Folders moved on Reboot...

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U folder moved successfully.

C:\Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} folder moved successfully.

C:\Users\v\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.19.03

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

v :: V-PC [administrator]

6/19/2012 5:26:54 PM

mbam-log-2012-06-19 (17-26-54).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 203747

Time elapsed: 1 minute(s), 48 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Very good! :)

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hi, Maniac.

I don't have the Combofix log for you yet; I'm not quite sure what to do next.

I've run Combofix before -- last year -- on an XP machine that had a TDSS infection, and the entire process went as described in the Bleeping Computer step-by-step guide. Running Combofix this time, however, on my Win7 machine, went a little differently:

1. Combofix never disconnected me from the Internet.

2. It never changed my clock format.

3. After running the 50 stages, it gave a message that it had detected an infected system file, attempted to restore, and then restored successfully.

4. Then it indicated that it was deleting some files.

5. Then in restarted Windows.

It didn't give me a message that it was preparing a log report or display the log report before it rebooted.

So my computer has been rebooted, and I haven't logged back in yet to the machine. Once I log in, what should I do? Should I look for the log file? Or do I need to do something else w. Combofix?

I tried to turn off Windows Firewall before I ran Combofix, but I got error messages when I tried to access any of the Windows Firewall settings. (I assumed b/c of the current infection.) I don't know if this would have interfered?

Link to post
Share on other sites

ok, ComboFix was preparing the log report after I logged back in:

-------------------------------------------------------

ComboFix 12-06-20.01 - v 06/20/2012 8:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6007.4454 [GMT -7:00]

Running from: c:\users\v\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\v\g2mdlhlpx.exe

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

Infected copy of c:\windows\system32\Services.exe was found and disinfected

Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))

.

.

2012-06-20 15:51 . 2012-06-20 15:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-20 00:12 . 2012-06-20 00:12 -------- d-----w- C:\_OTL

2012-06-19 15:53 . 2012-06-19 15:53 21520 ----a-w- c:\windows\DCEBoot64.exe

2012-06-19 15:53 . 2012-06-19 15:53 129024 ----a-w- c:\windows\RegBootClean64.exe

2012-06-19 11:12 . 2012-06-19 11:13 -------- d-----w- c:\program files (x86)\Kaspersky

2012-06-19 09:42 . 2012-06-19 09:42 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-06-16 04:18 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04148417-5380-469B-A127-3C937C84097A}\mpengine.dll

2012-06-16 04:13 . 2012-06-16 04:13 -------- d-----w- c:\users\v\AppData\Local\Macromedia

2012-05-29 02:01 . 2012-05-29 02:01 -------- d-----w- c:\users\v\.swt

2012-05-29 02:01 . 2012-05-29 02:01 -------- d-----w- c:\users\v\AppData\Local\CRE

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-16 04:11 . 2012-04-04 20:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-16 04:11 . 2011-05-17 05:19 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-21 02:51 . 2011-05-14 04:28 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-04 22:56 . 2011-05-08 22:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-31 22:01 . 2012-03-31 22:01 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\Daemon Tools\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-02 98304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 129976]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000Core.job

- c:\users\v\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 05:27]

.

2012-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2731273616-2889505413-518904877-1000UA.job

- c:\users\v\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-30 05:27]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.nytimes.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: alohaenterprise.com\nextstudent

Trusted Zone: nextstudent.com\exchange

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\v\AppData\Roaming\Mozilla\Firefox\Profiles\g457744h.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\05\02\1d\02\01#é"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

c:\windows\SysWOW64\wscript.exe

.

**************************************************************************

.

Completion time: 2012-06-20 09:29:57 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-20 16:29

.

Pre-Run: 506,999,537,664 bytes free

Post-Run: 506,747,592,704 bytes free

.

- - End Of File - - DD86F03D7F50FDA2E13D41198FCADCDA

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ok, I downloaded the ESET scanner, accepted the Terms of Use, and am getting ready to run the scan.

In the Computer Scan Settings, these options are selected by default:

- Remove found threats

- Scan for potentially unwanted applications

- Enable Anti-Stealth technology

These two options are NOT selected. Should I select either of them?:

- Scan archives

- Scan for potentially unsafe applications

Link to post
Share on other sites

ESET found and cleaned 10 threats. Here's the log:

-------------------------------------------------------

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=29ee5187ebb7154aae31e0aeead4bf45

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-06-20 07:50:18

# local_time=2012-06-20 12:50:18 (-0700, US Mountain Standard Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=5893 16776574 100 94 0 91762638 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=174713

# found=10

# cleaned=10

# scan_time=2630

C:\Program Files (x86)\Daemon Tools\DTLite4453-0297.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.EZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.AD trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Windows\System32\Services.exe.vir Win64/Patched.B.Gen trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06192012_171202\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@ Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06192012_171202\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06192012_171202\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\_OTL\MovedFiles\06192012_171202\C_Windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@ Win64/Sirefef.AE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

So far, everything looks good :)

Programs and processes are moving quickly again. I've launched and conducted searches w. three different browsers (IE, FF, Chrome), and the spam/advertising pop-ups and redirects seem to be gone.

Thank you! I'm so grateful to you for your help.

I have a question that I forgot to ask this in my previous post: I still have the ESET Scanner window open. It has two options that that can be selected before clicking "Finish":

- Uninstall application on close

- Delete quarantined files

Should I select either or both of those?

Link to post
Share on other sites

Thank you, Maniac.

I ran the OTL cleanup, and it's removed itself, ComboFix, TDSS Killer, and all the text logs for these.

For ESET, I selected "Uninstall application on close." There's still an ESET directory in my program files. This directory contains a folder, "Quarantine," that currently holds 21 files (all of *.NDF, *.NDQ, and *.NDI type) totaling 14.2MB: C:\Program Files\ESET\ESET Online Scanner\Quarantine

Should I do anything to delete/remove this Quarantine folder or the files in it?

Link to post
Share on other sites

ok, I did a SHIFT-DELETE to permanently remove the folder. I removed the entire ESET folder, since there was nothing else in it other than the Quarantine sub-folder.

Thank you again, Maniac, for all your help -- your easy-to-follow instructions, your patience in answering my questions, and the consistently quick replies, even while you're assisting several other users at the same time.

Most of all, thank you for your time and generosity in helping a complete stranger. I hope that you'll please keep doing what you're doing here on the MBAM forums. Users like me would be lost to malware if it weren't for the kind help of removal experts like you.

Cheers! And thank you.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.