Jump to content

Unable to remove hijack.userinit


Recommended Posts

Hi, I have something called hijack.userinit which is being picked up by my Malwarebytes software. Each time I run the scan this is deleted but it then appears again. I can only run the scan via the task manager and also don't seem t be able to access any anti-virus type websites - including this one. I am writing this via my IPad and keeping my laptop offline for the time being. Many thanks in advance for your assistance.

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please download the following tools and transfer them via a usb to your infected laptop.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com).

  • There are 3 different versions. If one of them won't run then download and try to run the other one.
  • Vista and Win7 users need to right click and choose Run as Admin.
  • You only need to get one of them to run, not all of them.

rkill.exe

rkill.com

rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the Desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Before proceeding any further the processes that belong to Windows Recovery need to be terminated so that it does not interfere with the cleaning procedure.

Double-click on the RKill.exe icon in order to automatically attempt to stop any processes associated with Windows Recovery and other Rogue programs.

===

Please do not reboot your computer.

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

==========

Finally, please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

Please provide the following in your reply:

  • ComboFix.txt.
  • TDSSKiller log.

How is your laptop currently running?

Link to post
Share on other sites

ComboFix 12-08-10.02 - Seb 14/08/2012  11:09:04.4.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.4021.2387 [GMT 8:00]

Running from: c:\users\Seb\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe

c:\windows\SysWow64\DEBUG.log

.

.

(((((((((((((((((((((((((   Files Created from 2012-07-14 to 2012-08-14  )))))))))))))))))))))))))))))))

.

.

2012-08-14 03:17 . 2012-08-14 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll

2012-08-10 03:51 . 2012-08-14 03:16 -------- d-----w- c:\users\Seb\AppData\Local\fxjagetq

2012-08-10 03:51 . 2012-08-10 03:51 94120 --s---w- c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe

2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe

2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2012-08-14_01.21.53   )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-03 03:13 . 2012-08-14 03:04 84498              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-14 03:04 34030              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-11 06:50 . 2012-08-14 03:04 20380              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin

+ 2010-03-10 18:05 . 2012-08-14 03:07 32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-10 18:05 . 2012-08-14 03:07 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-13 15:11 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-14 03:07 16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 03:01 . 2012-08-14 03:01 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 03:01 . 2012-08-14 03:01 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-08-14 01:04 311200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-14 02:43 311200              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-07 00:14 . 2012-08-14 02:43 8166628              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

- 2011-07-07 00:14 . 2012-08-14 01:04 8166628              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 08:54 175912 -c--a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}]

2011-05-09 09:49 176936 -c--a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

2011-01-17 08:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2010-09-28 14:44 1400712 -c--a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

"{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-12 6380400]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

"NebMqedh"="c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"FAStartup"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]

.

c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]

nebmqedh.exe [2012-8-10 94120]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ    scecli FAPassSync

Security Packages REG_MULTI_SZ    kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bbc.co.uk/

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-14  11:19:50

ComboFix-quarantined-files.txt  2012-08-14 03:19

ComboFix2.txt  2012-08-14 02:57

ComboFix3.txt  2012-08-14 02:21

ComboFix4.txt  2012-08-14 01:24

.

Pre-Run: 16,768,778,240 bytes free

Post-Run: 16,610,557,952 bytes free

.

- - End Of File - - 8E5B3792776335B836C1D041F2B52E4F

Link to post
Share on other sites

11:20:05.0259 2140 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

11:20:06.0135 2140 ============================================================

11:20:06.0135 2140 Current date / time: 2012/08/14 11:20:06.0135

11:20:06.0135 2140 SystemInfo:

11:20:06.0135 2140 

11:20:06.0135 2140 OS Version: 6.1.7601 ServicePack: 1.0

11:20:06.0135 2140 Product type: Workstation

11:20:06.0136 2140 ComputerName: SEB-PC

11:20:06.0136 2140 UserName: Seb

11:20:06.0136 2140 Windows directory: C:\Windows

11:20:06.0136 2140 System windows directory: C:\Windows

11:20:06.0136 2140 Running under WOW64

11:20:06.0136 2140 Processor architecture: Intel x64

11:20:06.0136 2140 Number of processors: 4

11:20:06.0136 2140 Page size: 0x1000

11:20:06.0136 2140 Boot type: Normal boot

11:20:06.0136 2140 ============================================================

11:20:07.0170 2140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:20:07.0175 2140 ============================================================

11:20:07.0175 2140 \Device\Harddisk0\DR0:

11:20:07.0175 2140 MBR partitions:

11:20:07.0175 2140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000

11:20:07.0175 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B

11:20:07.0175 2140 ============================================================

11:20:07.0212 2140 C: <-> \Device\Harddisk0\DR0\Partition1

11:20:07.0212 2140 ============================================================

11:20:07.0212 2140 Initialize success

11:20:07.0212 2140 ============================================================

11:20:11.0113 3192 ============================================================

11:20:11.0113 3192 Scan started

11:20:11.0113 3192 Mode: Manual;

11:20:11.0113 3192 ============================================================

11:20:12.0708 3192 1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:20:12.0717 3192 1394ohci - ok

11:20:12.0781 3192 ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:20:12.0793 3192 ACPI - ok

11:20:12.0829 3192 AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:20:12.0830 3192 AcpiPmi - ok

11:20:12.0962 3192 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:20:12.0972 3192 AdobeFlashPlayerUpdateSvc - ok

11:20:13.0058 3192 adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:20:13.0074 3192 adp94xx - ok

11:20:13.0126 3192 adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:20:13.0139 3192 adpahci - ok

11:20:13.0169 3192 adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:20:13.0180 3192 adpu320 - ok

11:20:13.0208 3192 AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:20:13.0210 3192 AeLookupSvc - ok

11:20:13.0281 3192 AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:20:13.0297 3192 AFD - ok

11:20:13.0397 3192 agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:20:13.0399 3192 agp440 - ok

11:20:13.0471 3192 ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:20:13.0474 3192 ALG - ok

11:20:13.0482 3192 aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:20:13.0484 3192 aliide - ok

11:20:13.0537 3192 AMD External Events Utility (5989d711769200f0f3e145319250472b) C:\Windows\system32\atiesrxx.exe

11:20:13.0546 3192 AMD External Events Utility - ok

11:20:13.0552 3192 amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:20:13.0553 3192 amdide - ok

11:20:13.0594 3192 AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:20:13.0596 3192 AmdK8 - ok

11:20:13.0616 3192 AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:20:13.0618 3192 AmdPPM - ok

11:20:13.0672 3192 amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:20:13.0674 3192 amdsata - ok

11:20:13.0707 3192 amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:20:13.0710 3192 amdsbs - ok

11:20:13.0729 3192 amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:20:13.0730 3192 amdxata - ok

11:20:13.0789 3192 AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:20:13.0792 3192 AppID - ok

11:20:13.0820 3192 AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:20:13.0822 3192 AppIDSvc - ok

11:20:13.0866 3192 Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:20:13.0869 3192 Appinfo - ok

11:20:13.0993 3192 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:20:13.0995 3192 Apple Mobile Device - ok

11:20:14.0067 3192 arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:20:14.0068 3192 arc - ok

11:20:14.0092 3192 arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:20:14.0094 3192 arcsas - ok

11:20:14.0198 3192 aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:20:14.0200 3192 aspnet_state - ok

11:20:14.0222 3192 AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:20:14.0223 3192 AsyncMac - ok

11:20:14.0259 3192 atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:20:14.0260 3192 atapi - ok

11:20:14.0302 3192 AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

11:20:14.0317 3192 AtiHdmiService - ok

11:20:14.0819 3192 atikmdag        (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys

11:20:14.0910 3192 atikmdag - ok

11:20:15.0102 3192 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:20:15.0117 3192 AudioEndpointBuilder - ok

11:20:15.0133 3192 AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:20:15.0140 3192 AudioSrv - ok

11:20:15.0181 3192 AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:20:15.0198 3192 AxInstSV - ok

11:20:15.0276 3192 b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:20:15.0283 3192 b06bdrv - ok

11:20:15.0344 3192 b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:20:15.0361 3192 b57nd60a - ok

11:20:15.0467 3192 BBSvc           (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

11:20:15.0481 3192 BBSvc - ok

11:20:15.0508 3192 BCM42RLY        (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys

11:20:15.0510 3192 BCM42RLY - ok

11:20:15.0769 3192 BCM43XX         (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys

11:20:15.0797 3192 BCM43XX - ok

11:20:15.0948 3192 BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:20:15.0950 3192 BDESVC - ok

11:20:16.0008 3192 Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:20:16.0010 3192 Beep - ok

11:20:16.0107 3192 BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:20:16.0120 3192 BFE - ok

11:20:16.0234 3192 BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

11:20:16.0243 3192 BITS - ok

11:20:16.0312 3192 blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:20:16.0313 3192 blbdrive - ok

11:20:16.0422 3192 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:20:16.0431 3192 Bonjour Service - ok

11:20:16.0474 3192 bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:20:16.0480 3192 bowser - ok

11:20:16.0514 3192 BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:20:16.0516 3192 BrFiltLo - ok

11:20:16.0525 3192 BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:20:16.0526 3192 BrFiltUp - ok

11:20:16.0576 3192 BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:20:16.0581 3192 BridgeMP - ok

11:20:16.0624 3192 Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:20:16.0627 3192 Browser - ok

11:20:16.0664 3192 Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:20:16.0680 3192 Brserid - ok

11:20:16.0698 3192 BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:20:16.0700 3192 BrSerWdm - ok

11:20:16.0724 3192 BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:20:16.0725 3192 BrUsbMdm - ok

11:20:16.0741 3192 BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:20:16.0742 3192 BrUsbSer - ok

11:20:16.0791 3192 BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

11:20:16.0793 3192 BthEnum - ok

11:20:16.0814 3192 BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:20:16.0820 3192 BTHMODEM - ok

11:20:16.0855 3192 BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

11:20:16.0870 3192 BthPan - ok

11:20:16.0930 3192 BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys

11:20:16.0951 3192 BTHPORT - ok

11:20:16.0998 3192 bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:20:17.0004 3192 bthserv - ok

11:20:17.0028 3192 BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys

11:20:17.0034 3192 BTHUSB - ok

11:20:17.0079 3192 btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys

11:20:17.0081 3192 btwaudio - ok

11:20:17.0117 3192 btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys

11:20:17.0131 3192 btwavdt - ok

11:20:17.0271 3192 btwdins         (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

11:20:17.0302 3192 btwdins - ok

11:20:17.0328 3192 btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys

11:20:17.0329 3192 btwl2cap - ok

11:20:17.0342 3192 btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys

11:20:17.0343 3192 btwrchid - ok

11:20:17.0347 3192 catchme - ok

11:20:17.0390 3192 cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:20:17.0396 3192 cdfs - ok

11:20:17.0473 3192 cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

11:20:17.0488 3192 cdrom - ok

11:20:17.0538 3192 CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:20:17.0541 3192 CertPropSvc - ok

11:20:17.0577 3192 cfwids          (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

11:20:17.0579 3192 cfwids - ok

11:20:17.0619 3192 circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:20:17.0621 3192 circlass - ok

11:20:17.0686 3192 CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:20:17.0697 3192 CLFS - ok

11:20:17.0770 3192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:20:17.0772 3192 clr_optimization_v2.0.50727_32 - ok

11:20:17.0812 3192 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:20:17.0818 3192 clr_optimization_v2.0.50727_64 - ok

11:20:17.0927 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:20:17.0941 3192 clr_optimization_v4.0.30319_32 - ok

11:20:18.0001 3192 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:20:18.0014 3192 clr_optimization_v4.0.30319_64 - ok

11:20:18.0040 3192 CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:20:18.0042 3192 CmBatt - ok

11:20:18.0079 3192 cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:20:18.0081 3192 cmdide - ok

11:20:18.0152 3192 CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:20:18.0158 3192 CNG - ok

11:20:18.0199 3192 Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:20:18.0200 3192 Compbatt - ok

11:20:18.0241 3192 CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:20:18.0243 3192 CompositeBus - ok

11:20:18.0259 3192 COMSysApp - ok

11:20:18.0281 3192 crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:20:18.0283 3192 crcdisk - ok

11:20:18.0334 3192 CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:20:18.0337 3192 CryptSvc - ok

11:20:18.0380 3192 CtClsFlt        (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys

11:20:18.0391 3192 CtClsFlt - ok

11:20:18.0470 3192 DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:20:18.0478 3192 DcomLaunch - ok

11:20:18.0697 3192 defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:20:18.0703 3192 defragsvc - ok

11:20:18.0899 3192 DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:20:18.0904 3192 DfsC - ok

11:20:18.0977 3192 Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:20:18.0991 3192 Dhcp - ok

11:20:19.0018 3192 discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:20:19.0020 3192 discache - ok

11:20:19.0061 3192 Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:20:19.0067 3192 Disk - ok

11:20:19.0118 3192 Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:20:19.0129 3192 Dnscache - ok

11:20:19.0226 3192 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe

11:20:19.0228 3192 DockLoginService - ok

11:20:19.0280 3192 dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:20:19.0298 3192 dot3svc - ok

11:20:19.0341 3192 DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:20:19.0353 3192 DPS - ok

11:20:19.0385 3192 drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:20:19.0387 3192 drmkaud - ok

11:20:19.0496 3192 DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:20:19.0520 3192 DXGKrnl - ok

11:20:19.0561 3192 EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:20:19.0576 3192 EapHost - ok

11:20:19.0781 3192 ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:20:19.0853 3192 ebdrv - ok

11:20:19.0968 3192 EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:20:19.0970 3192 EFS - ok

11:20:20.0097 3192 ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:20:20.0112 3192 ehRecvr - ok

11:20:20.0146 3192 ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:20:20.0161 3192 ehSched - ok

11:20:20.0262 3192 elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:20:20.0273 3192 elxstor - ok

11:20:20.0345 3192 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

11:20:20.0348 3192 EPSON_EB_RPCV4_01 - ok

11:20:20.0371 3192 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

11:20:20.0372 3192 EPSON_PM_RPCV4_01 - ok

11:20:20.0396 3192 ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:20:20.0397 3192 ErrDev - ok

11:20:20.0472 3192 EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:20:20.0478 3192 EventSystem - ok

11:20:20.0534 3192 exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:20:20.0544 3192 exfat - ok

11:20:20.0597 3192 FACAP           (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys

11:20:20.0605 3192 FACAP - ok

11:20:20.0870 3192 FAService       (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe

11:20:20.0881 3192 FAService - ok

11:20:21.0012 3192 fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:20:21.0022 3192 fastfat - ok

11:20:21.0117 3192 Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:20:21.0133 3192 Fax - ok

11:20:21.0151 3192 fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:20:21.0152 3192 fdc - ok

11:20:21.0187 3192 fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:20:21.0189 3192 fdPHost - ok

11:20:21.0200 3192 FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:20:21.0202 3192 FDResPub - ok

11:20:21.0229 3192 FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:20:21.0231 3192 FileInfo - ok

11:20:21.0244 3192 Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:20:21.0246 3192 Filetrace - ok

11:20:21.0263 3192 flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:20:21.0264 3192 flpydisk - ok

11:20:21.0321 3192 FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:20:21.0337 3192 FltMgr - ok

11:20:21.0460 3192 FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:20:21.0485 3192 FontCache - ok

11:20:21.0563 3192 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:20:21.0565 3192 FontCache3.0.0.0 - ok

11:20:21.0610 3192 FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:20:21.0612 3192 FsDepends - ok

11:20:21.0628 3192 Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:20:21.0629 3192 Fs_Rec - ok

11:20:21.0684 3192 fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:20:21.0692 3192 fvevol - ok

11:20:21.0720 3192 gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:20:21.0722 3192 gagp30kx - ok

11:20:21.0764 3192 GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:20:21.0766 3192 GEARAspiWDM - ok

11:20:21.0878 3192 gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:20:21.0899 3192 gpsvc - ok

11:20:22.0036 3192 gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:20:22.0040 3192 gupdate - ok

11:20:22.0067 3192 gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:20:22.0069 3192 gupdatem - ok

11:20:22.0127 3192 gusvc           (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

11:20:22.0130 3192 gusvc - ok

11:20:22.0177 3192 hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:20:22.0178 3192 hcw85cir - ok

11:20:22.0232 3192 HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:20:22.0247 3192 HDAudBus - ok

11:20:22.0268 3192 HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:20:22.0269 3192 HidBatt - ok

11:20:22.0290 3192 HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:20:22.0296 3192 HidBth - ok

11:20:22.0327 3192 HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:20:22.0329 3192 HidIr - ok

11:20:22.0353 3192 hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:20:22.0355 3192 hidserv - ok

11:20:22.0410 3192 HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

11:20:22.0411 3192 HidUsb - ok

11:20:22.0455 3192 hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:20:22.0472 3192 hkmsvc - ok

11:20:22.0522 3192 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:20:22.0530 3192 HomeGroupListener - ok

11:20:22.0575 3192 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:20:22.0585 3192 HomeGroupProvider - ok

11:20:22.0624 3192 HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:20:22.0631 3192 HpSAMD - ok

11:20:22.0733 3192 HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:20:22.0754 3192 HTTP - ok

11:20:22.0782 3192 hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:20:22.0784 3192 hwpolicy - ok

11:20:22.0845 3192 i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:20:22.0859 3192 i8042prt - ok

11:20:22.0933 3192 iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:20:22.0951 3192 iaStorV - ok

11:20:23.0089 3192 idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:20:23.0102 3192 idsvc - ok

11:20:23.0137 3192 iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:20:23.0138 3192 iirsp - ok

11:20:23.0217 3192 IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:20:23.0232 3192 IKEEXT - ok

11:20:23.0267 3192 Impcd           (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys

11:20:23.0280 3192 Impcd - ok

11:20:23.0325 3192 intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:20:23.0326 3192 intelide - ok

11:20:23.0347 3192 intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:20:23.0350 3192 intelppm - ok

11:20:23.0404 3192 IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:20:23.0421 3192 IPBusEnum - ok

11:20:23.0484 3192 IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:20:23.0486 3192 IpFilterDriver - ok

11:20:23.0566 3192 iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:20:23.0575 3192 iphlpsvc - ok

11:20:23.0615 3192 IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:20:23.0621 3192 IPMIDRV - ok

11:20:23.0656 3192 IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:20:23.0671 3192 IPNAT - ok

11:20:23.0815 3192 iPod Service    (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

11:20:23.0844 3192 iPod Service - ok

11:20:23.0873 3192 IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:20:23.0874 3192 IRENUM - ok

11:20:24.0049 3192 isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:20:24.0051 3192 isapnp - ok

11:20:24.0207 3192 iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:20:24.0226 3192 iScsiPrt - ok

11:20:24.0258 3192 itecir          (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys

11:20:24.0260 3192 itecir - ok

11:20:24.0319 3192 k57nd60a        (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys

11:20:24.0333 3192 k57nd60a - ok

11:20:24.0372 3192 kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

11:20:24.0373 3192 kbdclass - ok

11:20:24.0416 3192 kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

11:20:24.0417 3192 kbdhid - ok

11:20:24.0445 3192 KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:20:24.0448 3192 KeyIso - ok

11:20:24.0483 3192 KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:20:24.0485 3192 KSecDD - ok

11:20:24.0510 3192 KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:20:24.0512 3192 KSecPkg - ok

11:20:24.0535 3192 ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:20:24.0536 3192 ksthunk - ok

11:20:24.0591 3192 KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:20:24.0602 3192 KtmRm - ok

11:20:24.0673 3192 LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:20:24.0681 3192 LanmanServer - ok

11:20:24.0740 3192 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:20:24.0755 3192 LanmanWorkstation - ok

11:20:24.0787 3192 lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:20:24.0788 3192 lltdio - ok

11:20:24.0838 3192 lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:20:24.0853 3192 lltdsvc - ok

11:20:24.0880 3192 lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:20:24.0882 3192 lmhosts - ok

11:20:24.0920 3192 LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:20:24.0923 3192 LSI_FC - ok

11:20:24.0962 3192 LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:20:24.0977 3192 LSI_SAS - ok

11:20:25.0007 3192 LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:20:25.0009 3192 LSI_SAS2 - ok

11:20:25.0032 3192 LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:20:25.0046 3192 LSI_SCSI - ok

11:20:25.0067 3192 luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:20:25.0073 3192 luafv - ok

11:20:25.0215 3192 McMPFSvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:25.0243 3192 McMPFSvc - ok

11:20:25.0250 3192 mcmscsvc        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:25.0253 3192 mcmscsvc - ok

11:20:25.0260 3192 McNaiAnn        (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:25.0264 3192 McNaiAnn - ok

11:20:25.0292 3192 McNASvc         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:25.0294 3192 McNASvc - ok

11:20:25.0390 3192 McODS           (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe

11:20:25.0404 3192 McODS - ok

11:20:25.0410 3192 McProxy         (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:25.0413 3192 McProxy - ok

11:20:25.0485 3192 McShield        (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

11:20:25.0497 3192 McShield - ok

11:20:25.0532 3192 Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:20:25.0535 3192 Mcx2Svc - ok

11:20:25.0557 3192 megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:20:25.0558 3192 megasas - ok

11:20:25.0596 3192 MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:20:25.0613 3192 MegaSR - ok

11:20:25.0646 3192 mfeapfk         (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

11:20:25.0659 3192 mfeapfk - ok

11:20:25.0693 3192 mfeavfk         (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

11:20:25.0701 3192 mfeavfk - ok

11:20:25.0724 3192 mfeavfk01 - ok

11:20:25.0765 3192 mfefire         (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

11:20:25.0775 3192 mfefire - ok

11:20:25.0841 3192 mfefirek        (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

11:20:25.0857 3192 mfefirek - ok

11:20:25.0952 3192 mfehidk         (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

11:20:25.0988 3192 mfehidk - ok

11:20:26.0043 3192 mfenlfk         (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

11:20:26.0046 3192 mfenlfk - ok

11:20:26.0080 3192 mferkdet        (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

11:20:26.0096 3192 mferkdet - ok

11:20:26.0132 3192 mfevtp          (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

11:20:26.0145 3192 mfevtp - ok

11:20:26.0202 3192 mfewfpk         (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

11:20:26.0217 3192 mfewfpk - ok

11:20:26.0252 3192 MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:20:26.0255 3192 MMCSS - ok

11:20:26.0282 3192 Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:20:26.0284 3192 Modem - ok

11:20:26.0310 3192 monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:20:26.0312 3192 monitor - ok

11:20:26.0348 3192 mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

11:20:26.0350 3192 mouclass - ok

11:20:26.0380 3192 mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:20:26.0381 3192 mouhid - ok

11:20:26.0417 3192 mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:20:26.0422 3192 mountmgr - ok

11:20:26.0457 3192 mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:20:26.0470 3192 mpio - ok

11:20:26.0495 3192 mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:20:26.0498 3192 mpsdrv - ok

11:20:26.0586 3192 MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:20:26.0602 3192 MpsSvc - ok

11:20:26.0647 3192 MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:20:26.0662 3192 MRxDAV - ok

11:20:26.0702 3192 mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:20:26.0714 3192 mrxsmb - ok

11:20:26.0771 3192 mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:20:26.0787 3192 mrxsmb10 - ok

11:20:26.0808 3192 mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:20:26.0811 3192 mrxsmb20 - ok

11:20:26.0842 3192 msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:20:26.0843 3192 msahci - ok

11:20:26.0940 3192 MSCamSvc        (ab94aa7a8c00ad8d9ed6c9b8261b0c1e) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

11:20:26.0950 3192 MSCamSvc - ok

11:20:26.0995 3192 msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:20:27.0009 3192 msdsm - ok

11:20:27.0057 3192 MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:20:27.0070 3192 MSDTC - ok

11:20:27.0100 3192 Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:20:27.0102 3192 Msfs - ok

11:20:27.0113 3192 mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:20:27.0114 3192 mshidkmdf - ok

11:20:27.0140 3192 msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:20:27.0142 3192 msisadrv - ok

11:20:27.0181 3192 MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:20:27.0194 3192 MSiSCSI - ok

11:20:27.0199 3192 msiserver - ok

11:20:27.0326 3192 MSK80Service    (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

11:20:27.0329 3192 MSK80Service - ok

11:20:27.0376 3192 MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:20:27.0378 3192 MSKSSRV - ok

11:20:27.0394 3192 MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:20:27.0395 3192 MSPCLOCK - ok

11:20:27.0414 3192 MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:20:27.0415 3192 MSPQM - ok

11:20:27.0471 3192 MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:20:27.0483 3192 MsRPC - ok

11:20:27.0524 3192 mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:20:27.0526 3192 mssmbios - ok

11:20:27.0659 3192 MSSQL$SQLEXPRESS - ok

11:20:27.0716 3192 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

11:20:27.0717 3192 MSSQLServerADHelper - ok

11:20:27.0743 3192 MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:20:27.0744 3192 MSTEE - ok

11:20:27.0757 3192 MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:20:27.0758 3192 MTConfig - ok

11:20:27.0787 3192 Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:20:27.0788 3192 Mup - ok

11:20:27.0844 3192 napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:20:27.0852 3192 napagent - ok

11:20:27.0896 3192 NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:20:27.0911 3192 NativeWifiP - ok

11:20:28.0029 3192 NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:20:28.0038 3192 NDIS - ok

11:20:28.0050 3192 NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:20:28.0051 3192 NdisCap - ok

11:20:28.0079 3192 NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:20:28.0080 3192 NdisTapi - ok

11:20:28.0123 3192 Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:20:28.0125 3192 Ndisuio - ok

11:20:28.0176 3192 NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:20:28.0188 3192 NdisWan - ok

11:20:28.0230 3192 NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:20:28.0233 3192 NDProxy - ok

11:20:28.0253 3192 NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:20:28.0254 3192 NetBIOS - ok

11:20:28.0307 3192 NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:20:28.0314 3192 NetBT - ok

11:20:28.0356 3192 Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:20:28.0358 3192 Netlogon - ok

11:20:28.0402 3192 Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:20:28.0407 3192 Netman - ok

11:20:28.0536 3192 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:20:28.0550 3192 NetMsmqActivator - ok

11:20:28.0556 3192 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:20:28.0558 3192 NetPipeActivator - ok

11:20:28.0612 3192 netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:20:28.0628 3192 netprofm - ok

11:20:28.0633 3192 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:20:28.0635 3192 NetTcpActivator - ok

11:20:28.0639 3192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:20:28.0641 3192 NetTcpPortSharing - ok

11:20:28.0709 3192 nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:20:28.0711 3192 nfrd960 - ok

11:20:28.0775 3192 NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:20:28.0790 3192 NlaSvc - ok

11:20:28.0802 3192 Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:20:28.0804 3192 Npfs - ok

11:20:28.0831 3192 nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:20:28.0834 3192 nsi - ok

11:20:28.0850 3192 nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:20:28.0851 3192 nsiproxy - ok

11:20:28.0996 3192 Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:20:29.0004 3192 Ntfs - ok

11:20:29.0114 3192 Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:20:29.0115 3192 Null - ok

11:20:29.0178 3192 nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:20:29.0191 3192 nvraid - ok

11:20:29.0266 3192 nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:20:29.0269 3192 nvstor - ok

11:20:29.0315 3192 nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:20:29.0329 3192 nv_agp - ok

11:20:29.0458 3192 odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

11:20:29.0480 3192 odserv - ok

11:20:29.0512 3192 ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:20:29.0518 3192 ohci1394 - ok

11:20:29.0601 3192 OpenVPNService  (c929013e74a4335b9814e428088a508b) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe

11:20:29.0603 3192 OpenVPNService - ok

11:20:29.0645 3192 ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:20:29.0659 3192 ose - ok

11:20:29.0716 3192 p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:20:29.0723 3192 p2pimsvc - ok

11:20:29.0766 3192 p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:20:29.0784 3192 p2psvc - ok

11:20:29.0815 3192 Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:20:29.0820 3192 Parport - ok

11:20:29.0854 3192 partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:20:29.0861 3192 partmgr - ok

11:20:29.0895 3192 PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:20:29.0905 3192 PcaSvc - ok

11:20:30.0004 3192 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms

11:20:30.0006 3192 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok

11:20:30.0055 3192 pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:20:30.0065 3192 pci - ok

11:20:30.0112 3192 pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:20:30.0114 3192 pciide - ok

11:20:30.0156 3192 pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:20:30.0164 3192 pcmcia - ok

11:20:30.0187 3192 pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:20:30.0189 3192 pcw - ok

11:20:30.0248 3192 PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:20:30.0275 3192 PEAUTH - ok

11:20:30.0366 3192 PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:20:30.0369 3192 PerfHost - ok

11:20:30.0526 3192 pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:20:30.0555 3192 pla - ok

11:20:30.0639 3192 PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:20:30.0660 3192 PlugPlay - ok

11:20:30.0686 3192 PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:20:30.0689 3192 PNRPAutoReg - ok

11:20:30.0726 3192 PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:20:30.0731 3192 PNRPsvc - ok

11:20:30.0801 3192 PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:20:30.0815 3192 PolicyAgent - ok

11:20:30.0855 3192 Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:20:30.0860 3192 Power - ok

11:20:30.0925 3192 PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:20:30.0940 3192 PptpMiniport - ok

11:20:30.0966 3192 Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:20:30.0968 3192 Processor - ok

11:20:31.0008 3192 ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:20:31.0018 3192 ProfSvc - ok

11:20:31.0045 3192 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:20:31.0047 3192 ProtectedStorage - ok

11:20:31.0084 3192 Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:20:31.0087 3192 Psched - ok

11:20:31.0129 3192 PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

11:20:31.0131 3192 PxHlpa64 - ok

11:20:31.0279 3192 ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:20:31.0313 3192 ql2300 - ok

11:20:31.0441 3192 ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:20:31.0456 3192 ql40xx - ok

11:20:31.0501 3192 QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:20:31.0520 3192 QWAVE - ok

11:20:31.0535 3192 QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:20:31.0537 3192 QWAVEdrv - ok

11:20:31.0556 3192 RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:20:31.0557 3192 RasAcd - ok

11:20:31.0589 3192 RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:20:31.0591 3192 RasAgileVpn - ok

11:20:31.0624 3192 RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:20:31.0640 3192 RasAuto - ok

11:20:31.0685 3192 Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:20:31.0700 3192 Rasl2tp - ok

11:20:31.0759 3192 RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:20:31.0771 3192 RasMan - ok

11:20:31.0801 3192 RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:20:31.0806 3192 RasPppoe - ok

11:20:31.0820 3192 RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:20:31.0823 3192 RasSstp - ok

11:20:31.0884 3192 rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:20:31.0899 3192 rdbss - ok

11:20:31.0916 3192 rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:20:31.0917 3192 rdpbus - ok

11:20:31.0937 3192 RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:20:31.0940 3192 RDPCDD - ok

11:20:31.0957 3192 RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:20:31.0959 3192 RDPENCDD - ok

11:20:31.0980 3192 RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:20:31.0981 3192 RDPREFMP - ok

11:20:32.0027 3192 RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:20:32.0035 3192 RDPWD - ok

11:20:32.0116 3192 rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:20:32.0124 3192 rdyboost - ok

11:20:32.0163 3192 RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:20:32.0179 3192 RemoteAccess - ok

11:20:32.0239 3192 RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:20:32.0243 3192 RemoteRegistry - ok

11:20:32.0288 3192 RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

11:20:32.0301 3192 RFCOMM - ok

11:20:32.0336 3192 rimspci         (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys

11:20:32.0338 3192 rimspci - ok

11:20:32.0376 3192 RimUsb          (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

11:20:32.0378 3192 RimUsb - ok

11:20:32.0404 3192 risdpcie        (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys

11:20:32.0410 3192 risdpcie - ok

11:20:32.0424 3192 rixdpcie        (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys

11:20:32.0426 3192 rixdpcie - ok

11:20:32.0631 3192 RoxMediaDB10    (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

11:20:32.0673 3192 RoxMediaDB10 - ok

11:20:32.0702 3192 RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:20:32.0705 3192 RpcEptMapper - ok

11:20:32.0735 3192 RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:20:32.0737 3192 RpcLocator - ok

11:20:32.0813 3192 RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:20:32.0820 3192 RpcSs - ok

11:20:32.0893 3192 rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:20:32.0899 3192 rspndr - ok

11:20:32.0909 3192 RxFilter - ok

11:20:32.0934 3192 SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:20:32.0936 3192 SamSs - ok

11:20:32.0982 3192 sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:20:32.0987 3192 sbp2port - ok

11:20:33.0023 3192 SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:20:33.0034 3192 SCardSvr - ok

11:20:33.0071 3192 scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:20:33.0073 3192 scfilter - ok

11:20:33.0189 3192 Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:20:33.0200 3192 Schedule - ok

11:20:33.0239 3192 SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:20:33.0241 3192 SCPolicySvc - ok

11:20:33.0285 3192 SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:20:33.0298 3192 SDRSVC - ok

11:20:33.0400 3192 SeaPort         (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

11:20:33.0403 3192 SeaPort - ok

11:20:33.0477 3192 secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:20:33.0479 3192 secdrv - ok

11:20:33.0512 3192 seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:20:33.0515 3192 seclogon - ok

11:20:33.0562 3192 SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:20:33.0565 3192 SENS - ok

11:20:33.0579 3192 SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:20:33.0583 3192 SensrSvc - ok

11:20:33.0599 3192 Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:20:33.0600 3192 Serenum - ok

11:20:33.0627 3192 Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:20:33.0629 3192 Serial - ok

11:20:33.0668 3192 sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:20:33.0670 3192 sermouse - ok

11:20:33.0712 3192 SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:20:33.0729 3192 SessionEnv - ok

11:20:33.0784 3192 SessionLauncher - ok

11:20:33.0816 3192 sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:20:33.0818 3192 sffdisk - ok

11:20:33.0825 3192 sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:20:33.0827 3192 sffp_mmc - ok

11:20:33.0834 3192 sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:20:33.0835 3192 sffp_sd - ok

11:20:33.0866 3192 sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:20:33.0868 3192 sfloppy - ok

11:20:34.0042 3192 SftService      (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

11:20:34.0058 3192 SftService - ok

11:20:34.0203 3192 SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:20:34.0215 3192 SharedAccess - ok

11:20:34.0529 3192 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:20:34.0535 3192 ShellHWDetection - ok

11:20:34.0590 3192 SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:20:34.0592 3192 SiSRaid2 - ok

11:20:34.0614 3192 SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:20:34.0620 3192 SiSRaid4 - ok

11:20:34.0965 3192 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

11:20:34.0980 3192 Skype C2C Service - ok

11:20:35.0081 3192 SkypeUpdate     (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

11:20:35.0094 3192 SkypeUpdate - ok

11:20:35.0249 3192 Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:20:35.0255 3192 Smb - ok

11:20:35.0305 3192 SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:20:35.0308 3192 SNMPTRAP - ok

11:20:35.0324 3192 spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:20:35.0326 3192 spldr - ok

11:20:35.0397 3192 Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:20:35.0405 3192 Spooler - ok

11:20:35.0729 3192 sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:20:35.0789 3192 sppsvc - ok

11:20:35.0898 3192 sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:20:35.0906 3192 sppuinotify - ok

11:20:36.0017 3192 SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

11:20:36.0020 3192 SQLBrowser - ok

11:20:36.0112 3192 SQLWriter       (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

11:20:36.0148 3192 SQLWriter - ok

11:20:36.0232 3192 srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:20:36.0239 3192 srv - ok

11:20:36.0288 3192 srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:20:36.0296 3192 srv2 - ok

11:20:36.0321 3192 srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:20:36.0332 3192 srvnet - ok

11:20:36.0381 3192 SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:20:36.0385 3192 SSDPSRV - ok

11:20:36.0405 3192 SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:20:36.0412 3192 SstpSvc - ok

11:20:36.0532 3192 STacSV          (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe

11:20:36.0540 3192 STacSV - ok

11:20:36.0560 3192 stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:20:36.0562 3192 stexstor - ok

11:20:36.0628 3192 STHDA           (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys

11:20:36.0642 3192 STHDA - ok

11:20:36.0719 3192 stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:20:36.0738 3192 stisvc - ok

11:20:36.0833 3192 stllssvr        (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

11:20:36.0836 3192 stllssvr - ok

11:20:36.0863 3192 swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:20:36.0864 3192 swenum - ok

11:20:36.0930 3192 swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:20:36.0945 3192 swprv - ok

11:20:37.0012 3192 SynTP           (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys

11:20:37.0027 3192 SynTP - ok

11:20:37.0199 3192 SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:20:37.0232 3192 SysMain - ok

11:20:37.0362 3192 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:20:37.0378 3192 TabletInputService - ok

11:20:37.0452 3192 tap0901         (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys

11:20:37.0454 3192 tap0901 - ok

11:20:37.0509 3192 TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:20:37.0515 3192 TapiSrv - ok

11:20:37.0537 3192 TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:20:37.0541 3192 TBS - ok

11:20:37.0724 3192 Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:20:37.0735 3192 Tcpip - ok

11:20:37.0994 3192 TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:20:38.0005 3192 TCPIP6 - ok

11:20:38.0099 3192 tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:20:38.0101 3192 tcpipreg - ok

11:20:38.0129 3192 TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:20:38.0130 3192 TDPIPE - ok

11:20:38.0167 3192 TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:20:38.0169 3192 TDTCP - ok

11:20:38.0218 3192 tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:20:38.0220 3192 tdx - ok

11:20:38.0259 3192 TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:20:38.0261 3192 TermDD - ok

11:20:38.0340 3192 TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:20:38.0349 3192 TermService - ok

11:20:38.0377 3192 Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:20:38.0381 3192 Themes - ok

11:20:38.0407 3192 THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:20:38.0409 3192 THREADORDER - ok

11:20:38.0438 3192 TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:20:38.0454 3192 TrkWks - ok

11:20:38.0516 3192 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:20:38.0526 3192 TrustedInstaller - ok

11:20:38.0563 3192 tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:20:38.0565 3192 tssecsrv - ok

11:20:38.0619 3192 TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:20:38.0621 3192 TsUsbFlt - ok

11:20:38.0680 3192 tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:20:38.0695 3192 tunnel - ok

11:20:38.0723 3192 uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:20:38.0725 3192 uagp35 - ok

11:20:38.0777 3192 udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:20:38.0790 3192 udfs - ok

11:20:38.0828 3192 UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:20:38.0832 3192 UI0Detect - ok

11:20:38.0886 3192 uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:20:38.0888 3192 uliagpkx - ok

11:20:38.0925 3192 umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:20:38.0927 3192 umbus - ok

11:20:38.0973 3192 UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:20:38.0974 3192 UmPass - ok

11:20:39.0012 3192 upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:20:39.0028 3192 upnphost - ok

11:20:39.0053 3192 USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

11:20:39.0055 3192 USBAAPL64 - ok

11:20:39.0114 3192 usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

11:20:39.0130 3192 usbaudio - ok

11:20:39.0168 3192 usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:20:39.0173 3192 usbccgp - ok

11:20:39.0214 3192 usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:20:39.0219 3192 usbcir - ok

11:20:39.0241 3192 usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:20:39.0243 3192 usbehci - ok

11:20:39.0282 3192 usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:20:39.0288 3192 usbhub - ok

11:20:39.0303 3192 usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:20:39.0305 3192 usbohci - ok

11:20:39.0350 3192 usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:20:39.0352 3192 usbprint - ok

11:20:39.0378 3192 usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

11:20:39.0380 3192 usbscan - ok

11:20:39.0396 3192 USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:20:39.0401 3192 USBSTOR - ok

11:20:39.0420 3192 usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:20:39.0421 3192 usbuhci - ok

11:20:39.0464 3192 usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

11:20:39.0475 3192 usbvideo - ok

11:20:39.0506 3192 UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:20:39.0510 3192 UxSms - ok

11:20:39.0556 3192 VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:20:39.0558 3192 VaultSvc - ok

11:20:39.0589 3192 vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:20:39.0590 3192 vdrvroot - ok

11:20:39.0661 3192 vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:20:39.0683 3192 vds - ok

11:20:39.0723 3192 vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:20:39.0725 3192 vga - ok

11:20:39.0731 3192 VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:20:39.0733 3192 VgaSave - ok

11:20:39.0780 3192 vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:20:39.0789 3192 vhdmp - ok

11:20:39.0806 3192 viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:20:39.0808 3192 viaide - ok

11:20:39.0844 3192 volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:20:39.0847 3192 volmgr - ok

11:20:39.0905 3192 volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:20:39.0917 3192 volmgrx - ok

11:20:39.0958 3192 volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:20:39.0982 3192 volsnap - ok

11:20:40.0017 3192 vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:20:40.0030 3192 vsmraid - ok

11:20:40.0182 3192 VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:20:40.0208 3192 VSS - ok

11:20:40.0321 3192 vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

11:20:40.0323 3192 vwifibus - ok

11:20:40.0353 3192 vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

11:20:40.0355 3192 vwififlt - ok

11:20:40.0378 3192 vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

11:20:40.0379 3192 vwifimp - ok

11:20:40.0550 3192 VX3000          (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys

11:20:40.0608 3192 VX3000 - ok

11:20:40.0744 3192 W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:20:40.0755 3192 W32Time - ok

11:20:40.0809 3192 WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:20:40.0811 3192 WacomPen - ok

11:20:40.0866 3192 WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:20:40.0884 3192 WANARP - ok

11:20:40.0893 3192 Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:20:40.0894 3192 Wanarpv6 - ok

11:20:41.0059 3192 WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:20:41.0087 3192 WatAdminSvc - ok

11:20:41.0238 3192 wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:20:41.0274 3192 wbengine - ok

11:20:41.0392 3192 WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:20:41.0402 3192 WbioSrvc - ok

11:20:41.0456 3192 wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:20:41.0467 3192 wcncsvc - ok

11:20:41.0485 3192 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:20:41.0489 3192 WcsPlugInService - ok

11:20:41.0532 3192 Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:20:41.0533 3192 Wd - ok

11:20:41.0594 3192 Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:20:41.0610 3192 Wdf01000 - ok

11:20:41.0627 3192 WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:20:41.0644 3192 WdiServiceHost - ok

11:20:41.0649 3192 WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:20:41.0653 3192 WdiSystemHost - ok

11:20:41.0702 3192 WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:20:41.0720 3192 WebClient - ok

11:20:41.0763 3192 Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:20:41.0782 3192 Wecsvc - ok

11:20:41.0805 3192 wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:20:41.0822 3192 wercplsupport - ok

11:20:41.0848 3192 WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:20:41.0854 3192 WerSvc - ok

11:20:41.0910 3192 WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:20:41.0912 3192 WfpLwf - ok

11:20:41.0955 3192 WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys

11:20:41.0965 3192 WimFltr - ok

11:20:42.0001 3192 WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:20:42.0003 3192 WIMMount - ok

11:20:42.0033 3192 WinDefend - ok

11:20:42.0060 3192 WinHttpAutoProxySvc - ok

11:20:42.0141 3192 Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:20:42.0159 3192 Winmgmt - ok

11:20:42.0362 3192 WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:20:42.0409 3192 WinRM - ok

11:20:42.0584 3192 WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:20:42.0586 3192 WinUsb - ok

11:20:42.0702 3192 Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:20:42.0725 3192 Wlansvc - ok

11:20:43.0003 3192 wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:20:43.0035 3192 wlidsvc - ok

11:20:43.0079 3192 wltrysvc        (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

11:20:43.0081 3192 wltrysvc - ok

11:20:43.0236 3192 WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:20:43.0238 3192 WmiAcpi - ok

11:20:43.0295 3192 wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:20:43.0305 3192 wmiApSrv - ok

11:20:43.0352 3192 WMPNetworkSvc - ok

11:20:43.0386 3192 WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:20:43.0390 3192 WPCSvc - ok

11:20:43.0430 3192 WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:20:43.0445 3192 WPDBusEnum - ok

11:20:43.0479 3192 ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:20:43.0481 3192 ws2ifsl - ok

11:20:43.0506 3192 wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:20:43.0522 3192 wscsvc - ok

11:20:43.0528 3192 WSearch - ok

11:20:43.0748 3192 wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:20:43.0781 3192 wuauserv - ok

11:20:43.0926 3192 WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:20:43.0942 3192 WudfPf - ok

11:20:43.0987 3192 WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:20:44.0022 3192 WUDFRd - ok

11:20:44.0071 3192 wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:20:44.0088 3192 wudfsvc - ok

11:20:44.0137 3192 WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:20:44.0156 3192 WwanSvc - ok

11:20:44.0202 3192 MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

11:20:44.0533 3192 \Device\Harddisk0\DR0 - ok

11:20:44.0537 3192 Boot (0x1200)   (f80ba36281b72ae08c1e05f0b21ba570) \Device\Harddisk0\DR0\Partition0

11:20:44.0540 3192 \Device\Harddisk0\DR0\Partition0 - ok

11:20:44.0554 3192 Boot (0x1200)   (bf09d52bc2b2840ee708124250ef6323) \Device\Harddisk0\DR0\Partition1

11:20:44.0556 3192 \Device\Harddisk0\DR0\Partition1 - ok

11:20:44.0557 3192 ============================================================

11:20:44.0557 3192 Scan finished

11:20:44.0557 3192 ============================================================

11:20:44.0570 6292 Detected object count: 0

11:20:44.0570 6292 Actual detected object count: 0

11:21:04.0763 5004 Deinitialize success

Link to post
Share on other sites

I ran the programs in the safe mode but was unable to conneect to the Internet to send the above logs. However after having run in safe mode, I was able to access McAfee in normal mode and so run from there. I am not quite sure if it has worked and am running the full Malwarebytes scan now.

Link to post
Share on other sites

Good afternoon Flyte. :)

That scan has come up clean. Is there anything else that I can do to ensure that the problem has been competent resolved? Many thanks.

Please do the following to cleanup some leftovers.

You also have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

Your logs also show that you Conduit installed. This program has been to known to exhibit suspicious behaviour and it is for this reason I recommend removing it (please see here for more information).

I see that you have a P2P (Peer-to-Peer) file sharing program installed (BitTorrent and Vuze). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but please realise that it's likely only a matter of time before you are infected again.

Please see here for our policy on P2P programs.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following programs (if present):

  • AskBarDis
  • BitTorrent
  • BitTorrentBar2
  • Conduit
  • Conduit Motor
  • Conduit Search Engine
  • Vuze

Please restart your computer after these program removals.

==========

Next, please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    DDS::
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    File::
    c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe
    Folder::
    c:\users\Seb\AppData\Local\fxjagetq
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

===========

Finally, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========

Please provide the following in your reply:

  • ComboFix.txt.
  • checkup.txt.

Are there any remaining issues on your computer?

Link to post
Share on other sites

Thanks. I will read and o he above. I have in the meantime restarted my laptop and run a full scan. This shows that the problem is still there. Vendor is Hijack.Userinit. category is Redistry Data. Item is HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winloquon|Userinit. Other is Bad(C:\Windows\system32\userinit.exe,,C:\Users\Seb\AppData\Local\fxjaqetq\nebmqedh.exe) Good: (userinit.exe).

Link to post
Share on other sites

ComboFix 12-08-10.02 - Seb 14/08/2012 14:53:52.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2664 [GMT 8:00]

Running from: c:\users\Seb\Desktop\ComboFix.exe

Command switches used :: c:\users\Seb\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Seb\AppData\Local\fxjagetq

c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe

c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe

c:\windows\SysWow64\DEBUG.log

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll

2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe

2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.21.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-03 03:13 . 2012-08-14 07:01 85160 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-14 07:01 34086 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-11 06:50 . 2012-08-14 03:04 20380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin

+ 2010-03-10 18:05 . 2012-08-14 06:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-10 18:05 . 2012-08-14 06:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-13 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-14 06:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 06:59 . 2012-08-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 06:59 . 2012-08-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-08-14 01:04 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-14 06:58 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-07 00:14 . 2012-08-14 06:58 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

- 2011-07-07 00:14 . 2012-08-14 01:04 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

"NebMqedh"="c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"FAStartup"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]

.

c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bbc.co.uk/

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

.

**************************************************************************

.

Completion time: 2012-08-14 15:06:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-14 07:06

ComboFix2.txt 2012-08-14 03:19

ComboFix3.txt 2012-08-14 02:57

ComboFix4.txt 2012-08-14 02:21

ComboFix5.txt 2012-08-14 06:53

.

Pre-Run: 16,424,374,272 bytes free

Post-Run: 16,425,177,088 bytes free

.

- - End Of File - - FD57B9099A76297F19B56FE36F864DF1

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.43

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

McAfee Anti-Virus and Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 31

Java version out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Google Chrome 21.0.1180.75

Google Chrome 21.0.1180.77

Google Chrome VisualElementsManifest.xml..

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hello Flyte75. :)

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    File::
    c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NebMqedh"=-
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

==========

Please run a new scan with MBAM and post its log in your reply.

==========

In your next post please provide ComboFix.txt. and the log from MBAM. :)

Link to post
Share on other sites

Combo fix below. MBAM to follow in about one hour 20 mins. Scan takes quite a long time.

ComboFix 12-08-13.01 - Seb 14/08/2012 15:38:11.6.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2514 [GMT 8:00]

Running from: c:\users\Seb\Desktop\ComboFix.exe

Command switches used :: c:\users\Seb\Desktop\CFScript.txt

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\DEBUG.log

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-14 07:42 . 2012-08-14 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll

2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe

2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.21.53 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-03-03 03:13 . 2012-08-14 07:46 85176 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-14 07:46 34094 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-03-11 06:50 . 2012-08-14 07:46 20522 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin

+ 2010-03-10 18:05 . 2012-08-14 06:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-03-10 18:05 . 2012-08-14 06:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-13 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-14 06:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 07:43 . 2012-08-14 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-14 07:43 . 2012-08-14 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-08-14 01:04 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-14 07:42 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-07-07 00:14 . 2012-08-14 07:42 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

- 2011-07-07 00:14 . 2012-08-14 01:04 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032]

"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"FAStartup"="" [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184]

.

c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912]

R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job

- c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17]

.

2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job

- c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.bbc.co.uk/

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1 192.168.1.1

DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab

DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab

DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]

"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\ExpressFiles\EFupdater.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe

c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe

.

**************************************************************************

.

Completion time: 2012-08-14 15:51:41 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-14 07:51

ComboFix2.txt 2012-08-14 07:06

ComboFix3.txt 2012-08-14 03:19

ComboFix4.txt 2012-08-14 02:57

ComboFix5.txt 2012-08-14 07:36

.

Pre-Run: 16,303,022,080 bytes free

Post-Run: 16,302,739,456 bytes free

.

- - End Of File - - 3510AC9A7DD806E1F25D2A27ADE27053

Link to post
Share on other sites

And the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Seb :: SEB-PC [administrator]

14/08/2012 16:02:27

mbam-log-2012-08-14 (16-02-27).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 351497

Time elapsed: 52 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Good evening Flyte75. :)

MBAM looks clean.

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

============

In your reply please provide log.txt, with a description of any current issues on your computer. :)

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=88d6f9ab4e561b45995ea47d426dc8c8

# end=stopped

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-14 09:49:48

# local_time=2012-08-14 05:49:48 (+0800, Ulaanbaatar Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5121 16777213 100 75 4892907 10184456 0 0

# compatibility_mode=5893 16776573 100 94 0 96567210 0 0

# compatibility_mode=8192 67108863 100 0 234 234 0 0

# scanned=13148

# found=8

# cleaned=0

# scan_time=427

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEIPlug.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEZSETP.dll Win32/Toolbar.MyWebSearch.Q application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\NP3kEISb.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=88d6f9ab4e561b45995ea47d426dc8c8

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-14 10:44:11

# local_time=2012-08-14 06:44:11 (+0800, Ulaanbaatar Standard Time)

# country="United Kingdom"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5121 16777213 100 75 4893557 10185106 0 0

# compatibility_mode=5893 16776573 100 94 0 96567860 0 0

# compatibility_mode=8192 67108863 100 0 884 884 0 0

# scanned=180127

# found=6

# cleaned=0

# scan_time=3040

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEIPlug.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEZSETP.dll Win32/Toolbar.MyWebSearch.Q application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\NP3kEISb.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

C:\Program Files (x86)\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles application (unable to clean) 00000000000000000000000000000000 I

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Good evening Flyte75. :)

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

  • Babylon
  • Babylon Toolbar
  • CrazyForCricket
  • CrazyForCricket_3kEl
  • Tarma
  • Tarma Installer
  • Yontoo Layers

Then, please navigate to these entries and delete them (if present):

C:\Program Files (x86)\BabylonToolbar

C:\Program Files (x86)\CrazyForCricket_3kEI

C:\ProgramData\Tarma Installer

==========

Once you have done the above, please go to the following link to uninstall Internet Explorer 9:

http://windows.micro...rnet-explorer-9

After it has uninstalled, please see if the issue is present in Internet Explorer 8.

==========

Does the issue remain with IE? Are there any other issues on your computer?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.