Jump to content

D-Fred-Brown can you look at this log and see if you see anything?


Recommended Posts

Yesterday morning an employees laptop booted up but would not start any programs. They tried to reboot the computer and this time it would not boot up. My boss had me run Combofix and TDSSKiller. I also ran the dds log tool when I was done. Later while looking over the log file I ran across a couple files I have concerns about. I flagged the files I am concerned about. Let me know what you think.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16483

Run by *** at 9:10:12 on 2013-06-10

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7974.5651 [GMT -4:00]

.

AV: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Endpoint Security 10 for Windows *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\windows\system32\nvvsvc.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\WUDFHost.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\WUDFHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\System32\rundll32.exe

C:\windows\system32\Dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\PrintIsolationHost.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Microsoft Device Center\itype.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

C:\windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\x64\wmi64.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe

C:\Program Files\Samsung\S Agent\CommonAgent.exe

C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mStart Page = hxxp://samsung.msn.com

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab

TCP: NameServer = 192.168.16.101

TCP: Interfaces\{07FC8C6C-69DC-468D-988E-1F8BA2034A16}\945435750514 : DHCPNameServer = 192.168.16.101

TCP: Interfaces\{07FC8C6C-69DC-468D-988E-1F8BA2034A16}\E456470434163716 : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38

TCP: Interfaces\{6DB2BF02-3910-4BF4-B9B8-E566BF31D6F6} : DHCPNameServer = 192.168.16.101

TCP: Interfaces\{BB9E29BB-F069-445B-B646-7A2F02928075} : DHCPNameServer = 192.168.16.101

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;C:\windows\System32\drivers\dlkmdldr.sys [2012-8-21 15184]

R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-4-26 80688]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-31 16152]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]

R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-4-26 23344]

R1 KLFLTDEV;Kaspersky Lab KLFltDev;C:\windows\System32\drivers\klfltdev.sys [2012-9-13 32088]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2012-11-23 28504]

R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2012-11-22 54104]

R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2012-11-16 178008]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-4-26 13824]

R2 avp;Kaspersky Endpoint Security Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe -r [?]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-12-13 8448944]

R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-4-26 128280]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-4-26 161560]

R2 klnagent;Kaspersky Lab Network Agent;C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [2013-1-22 127632]

R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-4-26 31624]

R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]

R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2012-12-27 2879176]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-7 594704]

R3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-12-13 94720]

R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-12-13 747008]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-8-17 31216]

R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\windows\System32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys [2012-8-21 17408]

R3 dlcdcecm;dlcdcecm;C:\windows\System32\drivers\dlcdcecm.sys [2011-12-13 38400]

R3 dlkmd;dlkmd;C:\windows\System32\drivers\dlkmd.sys [2012-8-21 308560]

R3 dlusbaudio;dlusbaudio;C:\windows\System32\drivers\dlusbaudio_x64.sys [2011-12-13 185464]

R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-5-9 280912]

R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-6 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-31 355096]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-31 786200]

R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496]

R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SamsungAllShareV2.0;Samsung AllShare PC;C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [2012-1-19 25504]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-4-26 363800]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584]

S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-7 273168]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]

S3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-4-26 648808]

S3 Samsung UPD Service2;Samsung UPD Service2;C:\windows\System32\SUPDSvc2.exe [2011-12-2 165456]

S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\windows\System32\drivers\silabenm.sys [2007-11-2 23040]

S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;C:\windows\System32\drivers\silabser.sys [2007-11-2 69120]

S3 SimpleSlideShowServer;SimpleSlideShowServer;C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [2012-1-19 27584]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2012-4-26 27648]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-10-24 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-10 1255736]

.

=============== Created Last 30 ================

.

2013-06-10 13:09:23 -------- d-sh--w- C:\$RECYCLE.BIN

2013-06-10 12:40:34 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1228E306-2E49-4A74-B037-3B48CFF219E2}\offreg.dll

2013-06-10 12:32:20 98816 ----a-w- C:\windows\sed.exe

2013-06-10 12:32:20 256000 ----a-w- C:\windows\PEV.exe

2013-06-10 12:32:20 208896 ----a-w- C:\windows\MBR.exe

2013-06-07 12:05:53 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1228E306-2E49-4A74-B037-3B48CFF219E2}\mpengine.dll

2013-05-20 12:26:43 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-05-20 12:26:28 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-05-17 15:01:41 539984 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2013-05-15 13:06:30 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

2013-05-15 13:06:30 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-05-15 13:06:30 144384 ----a-w- C:\windows\System32\cdd.dll

2013-05-15 13:05:24 111448 ----a-w- C:\windows\System32\consent.exe

2013-05-15 13:05:21 70144 ----a-w- C:\windows\System32\appinfo.dll

2013-05-15 13:05:20 1930752 ----a-w- C:\windows\System32\authui.dll

2013-05-15 13:05:20 1796096 ----a-w- C:\windows\SysWow64\authui.dll

2013-05-15 13:05:08 48640 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-05-15 13:05:08 230400 ----a-w- C:\windows\System32\wwansvc.dll

2013-05-15 13:04:52 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-05-15 13:01:18 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-05-15 13:01:18 2382848 ----a-w- C:\windows\System32\mshtml.tlb

.

==================== Find3M ====================

.

2013-05-02 06:06:08 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\windows\SysWow64\vbscript.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

.

============= FINISH: 9:11:38.86 ===============

Link to post
Share on other sites

Sure thing :).

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

----------Step 5----------------

In your next reply, please include the following:

  • TDSSKiller's logfile
  • MBAR mbar-log.txt and system-log.txt
  • ComboFix's report (C:\ComboFix.txt)
  • Security Check checkup.txt

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask. :)

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

Link to post
Share on other sites

Here is the first log file D-Fred-Brown:

TDSSKiller Log File

============================================================

16:56:57.0464 7076 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

16:56:57.0901 7076 ============================================================

16:56:57.0901 7076 Current date / time: 2013/06/11 16:56:57.0901

16:56:57.0901 7076 SystemInfo:

16:56:57.0901 7076

16:56:57.0901 7076 OS Version: 6.1.7601 ServicePack: 1.0

16:56:57.0901 7076 Product type: Workstation

16:56:57.0901 7076 ComputerName: TIM-LAPTOP

16:56:57.0901 7076 UserName: tim

16:56:57.0901 7076 Windows directory: C:\windows

16:56:57.0901 7076 System windows directory: C:\windows

16:56:57.0901 7076 Running under WOW64

16:56:57.0901 7076 Processor architecture: Intel x64

16:56:57.0901 7076 Number of processors: 8

16:56:57.0901 7076 Page size: 0x1000

16:56:57.0901 7076 Boot type: Normal boot

16:56:57.0901 7076 ============================================================

16:56:58.0432 7076 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

16:56:58.0432 7076 Drive \Device\Harddisk1\DR1 - Size: 0x1DD936000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CA5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x10, Type 'K0', Flags 0x00000040

16:56:58.0447 7076 Drive \Device\Harddisk2\DR3 - Size: 0x775F8000 (1.87 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

16:56:58.0447 7076 ============================================================

16:56:58.0447 7076 \Device\Harddisk0\DR0:

16:56:58.0447 7076 MBR partitions:

16:56:58.0447 7076 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:56:58.0447 7076 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x5465E800

16:56:58.0447 7076 \Device\Harddisk1\DR1:

16:56:58.0447 7076 MBR partitions:

16:56:58.0447 7076 \Device\Harddisk2\DR3:

16:56:58.0447 7076 MBR partitions:

16:56:58.0447 7076 \Device\Harddisk2\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3BAD41

16:56:58.0447 7076 ============================================================

16:56:58.0494 7076 C: <-> \Device\Harddisk0\DR0\Partition2

16:56:58.0494 7076 ============================================================

16:56:58.0494 7076 Initialize success

16:56:58.0494 7076 ============================================================

16:57:02.0113 2280 ============================================================

16:57:02.0113 2280 Scan started

16:57:02.0113 2280 Mode: Manual;

16:57:02.0113 2280 ============================================================

16:57:02.0784 2280 ================ Scan system memory ========================

16:57:02.0784 2280 System memory - ok

16:57:02.0784 2280 ================ Scan services =============================

16:57:02.0987 2280 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys

16:57:03.0003 2280 1394ohci - ok

16:57:03.0018 2280 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys

16:57:03.0034 2280 ACPI - ok

16:57:03.0112 2280 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\windows\system32\DRIVERS\acpials.sys

16:57:03.0112 2280 acpials - ok

16:57:03.0159 2280 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys

16:57:03.0159 2280 AcpiPmi - ok

16:57:03.0330 2280 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

16:57:03.0377 2280 AdobeARMservice - ok

16:57:03.0424 2280 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys

16:57:03.0455 2280 adp94xx - ok

16:57:03.0471 2280 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys

16:57:03.0486 2280 adpahci - ok

16:57:03.0502 2280 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys

16:57:03.0517 2280 adpu320 - ok

16:57:03.0517 2280 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll

16:57:03.0517 2280 AeLookupSvc - ok

16:57:03.0564 2280 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys

16:57:03.0564 2280 AFD - ok

16:57:03.0580 2280 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys

16:57:03.0595 2280 agp440 - ok

16:57:03.0611 2280 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe

16:57:03.0627 2280 ALG - ok

16:57:03.0642 2280 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys

16:57:03.0658 2280 aliide - ok

16:57:03.0658 2280 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys

16:57:03.0673 2280 amdide - ok

16:57:03.0689 2280 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys

16:57:03.0689 2280 AmdK8 - ok

16:57:03.0705 2280 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys

16:57:03.0705 2280 AmdPPM - ok

16:57:03.0736 2280 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys

16:57:03.0736 2280 amdsata - ok

16:57:03.0767 2280 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys

16:57:03.0767 2280 amdsbs - ok

16:57:03.0783 2280 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys

16:57:03.0783 2280 amdxata - ok

16:57:03.0845 2280 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPAL C:\windows\system32\DRIVERS\AMPPAL.sys

16:57:03.0845 2280 AMPPAL - ok

16:57:03.0845 2280 [ 449D90F1FB6402773C2F1ECCEAE15F74 ] AMPPALP C:\windows\system32\DRIVERS\amppal.sys

16:57:03.0845 2280 AMPPALP - ok

16:57:04.0017 2280 [ AB6E5B9333101E414D8F04BC570064F1 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

16:57:04.0032 2280 AMPPALR3 - ok

16:57:04.0079 2280 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys

16:57:04.0095 2280 AppID - ok

16:57:04.0110 2280 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll

16:57:04.0126 2280 AppIDSvc - ok

16:57:04.0141 2280 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll

16:57:04.0141 2280 Appinfo - ok

16:57:04.0204 2280 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

16:57:04.0219 2280 Apple Mobile Device - ok

16:57:04.0235 2280 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll

16:57:04.0251 2280 AppMgmt - ok

16:57:04.0297 2280 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys

16:57:04.0313 2280 arc - ok

16:57:04.0329 2280 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys

16:57:04.0329 2280 arcsas - ok

16:57:04.0407 2280 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:57:04.0422 2280 aspnet_state - ok

16:57:04.0453 2280 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys

16:57:04.0469 2280 AsyncMac - ok

16:57:04.0500 2280 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys

16:57:04.0500 2280 atapi - ok

16:57:04.0531 2280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

16:57:04.0547 2280 AudioEndpointBuilder - ok

16:57:04.0563 2280 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll

16:57:04.0578 2280 AudioSrv - ok

16:57:04.0625 2280 avp - ok

16:57:04.0672 2280 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll

16:57:04.0687 2280 AxInstSV - ok

16:57:04.0750 2280 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys

16:57:04.0750 2280 b06bdrv - ok

16:57:04.0781 2280 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys

16:57:04.0781 2280 b57nd60a - ok

16:57:04.0812 2280 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll

16:57:04.0828 2280 BDESVC - ok

16:57:04.0843 2280 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys

16:57:04.0859 2280 Beep - ok

16:57:04.0875 2280 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll

16:57:04.0921 2280 BFE - ok

16:57:04.0937 2280 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll

16:57:04.0937 2280 BITS - ok

16:57:04.0953 2280 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys

16:57:04.0953 2280 blbdrive - ok

16:57:05.0046 2280 [ 05981C3E51D827ED6B8101A54B05E392 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

16:57:05.0327 2280 Bluetooth Device Monitor - ok

16:57:05.0358 2280 [ BBFAF63BF768047FE2441B4139E803E3 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

16:57:05.0748 2280 Bluetooth Media Service - ok

16:57:05.0811 2280 [ 41D8F56E6BBE0111244D87BE2FA90374 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

16:57:06.0107 2280 Bluetooth OBEX Service - ok

16:57:06.0169 2280 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

16:57:06.0201 2280 Bonjour Service - ok

16:57:06.0216 2280 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys

16:57:06.0216 2280 bowser - ok

16:57:06.0247 2280 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys

16:57:06.0247 2280 BrFiltLo - ok

16:57:06.0263 2280 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys

16:57:06.0263 2280 BrFiltUp - ok

16:57:06.0294 2280 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys

16:57:06.0310 2280 BridgeMP - ok

16:57:06.0341 2280 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll

16:57:06.0357 2280 Browser - ok

16:57:06.0372 2280 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys

16:57:06.0388 2280 Brserid - ok

16:57:06.0403 2280 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys

16:57:06.0419 2280 BrSerWdm - ok

16:57:06.0435 2280 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys

16:57:06.0450 2280 BrUsbMdm - ok

16:57:06.0466 2280 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys

16:57:06.0466 2280 BrUsbSer - ok

16:57:06.0481 2280 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys

16:57:06.0497 2280 BthEnum - ok

16:57:06.0513 2280 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys

16:57:06.0528 2280 BTHMODEM - ok

16:57:06.0544 2280 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys

16:57:06.0559 2280 BthPan - ok

16:57:06.0575 2280 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys

16:57:06.0606 2280 BTHPORT - ok

16:57:06.0637 2280 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll

16:57:06.0637 2280 bthserv - ok

16:57:06.0669 2280 [ 588762F716C2B7A2054AFBC3D58E5C21 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

16:57:06.0684 2280 BTHSSecurityMgr - ok

16:57:06.0700 2280 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys

16:57:06.0715 2280 BTHUSB - ok

16:57:06.0731 2280 [ 988CC6CC49303665D3B2435C51505C3F ] btmaux C:\windows\system32\DRIVERS\btmaux.sys

16:57:06.0747 2280 btmaux - ok

16:57:06.0778 2280 [ 2B4B508AFAC2A563931AF1FE875A5B16 ] btmhsf C:\windows\system32\DRIVERS\btmhsf.sys

16:57:06.0793 2280 btmhsf - ok

16:57:06.0793 2280 catchme - ok

16:57:06.0825 2280 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys

16:57:06.0840 2280 cdfs - ok

16:57:06.0872 2280 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys

16:57:06.0887 2280 cdrom - ok

16:57:06.0918 2280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll

16:57:06.0934 2280 CertPropSvc - ok

16:57:06.0950 2280 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys

16:57:06.0965 2280 circlass - ok

16:57:06.0981 2280 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys

16:57:06.0981 2280 CLFS - ok

16:57:07.0028 2280 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:57:07.0074 2280 clr_optimization_v2.0.50727_32 - ok

16:57:07.0106 2280 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:57:07.0106 2280 clr_optimization_v2.0.50727_64 - ok

16:57:07.0152 2280 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:57:07.0184 2280 clr_optimization_v4.0.30319_32 - ok

16:57:07.0184 2280 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:57:07.0199 2280 clr_optimization_v4.0.30319_64 - ok

16:57:07.0230 2280 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\windows\system32\DRIVERS\clwvd.sys

16:57:07.0246 2280 clwvd - ok

16:57:07.0262 2280 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys

16:57:07.0277 2280 CmBatt - ok

16:57:07.0293 2280 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys

16:57:07.0308 2280 cmdide - ok

16:57:07.0340 2280 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys

16:57:07.0355 2280 CNG - ok

16:57:07.0355 2280 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys

16:57:07.0355 2280 Compbatt - ok

16:57:07.0371 2280 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys

16:57:07.0386 2280 CompositeBus - ok

16:57:07.0386 2280 COMSysApp - ok

16:57:07.0449 2280 [ 4928D99A96895EF905FDFC6274B08B8D ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe

16:57:07.0511 2280 cphs - ok

16:57:07.0527 2280 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys

16:57:07.0542 2280 crcdisk - ok

16:57:07.0574 2280 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll

16:57:07.0589 2280 CryptSvc - ok

16:57:07.0605 2280 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys

16:57:07.0636 2280 CSC - ok

16:57:07.0652 2280 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll

16:57:07.0652 2280 CscService - ok

16:57:07.0698 2280 [ C7259495924D21F1AFA26467D9F4DAE0 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys

16:57:07.0698 2280 dc3d - ok

16:57:07.0730 2280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll

16:57:07.0730 2280 DcomLaunch - ok

16:57:07.0761 2280 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll

16:57:07.0761 2280 defragsvc - ok

16:57:07.0792 2280 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys

16:57:07.0792 2280 DfsC - ok

16:57:07.0792 2280 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll

16:57:07.0823 2280 Dhcp - ok

16:57:07.0839 2280 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys

16:57:07.0839 2280 discache - ok

16:57:07.0870 2280 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys

16:57:07.0870 2280 Disk - ok

16:57:08.0026 2280 [ 26068C33767D467A27C7F609040C3435 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

16:57:08.0151 2280 DisplayLinkService - ok

16:57:08.0182 2280 [ CDE8B5BD143F5717B359801D49CFF706 ] DisplayLinkUsbPort C:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys

16:57:08.0182 2280 DisplayLinkUsbPort - ok

16:57:08.0198 2280 [ C84DFC6832AA675483D02BC62953C0C7 ] dlcdcecm C:\windows\system32\DRIVERS\dlcdcecm.sys

16:57:08.0213 2280 dlcdcecm - ok

16:57:08.0244 2280 [ 08BDDD5509E9DFBF283BC2681C7DAB2F ] dlkmd C:\windows\system32\drivers\dlkmd.sys

16:57:08.0260 2280 dlkmd - ok

16:57:08.0291 2280 [ 057B164A75B242CC455EDCF41429C9A6 ] dlkmdldr C:\windows\system32\drivers\dlkmdldr.sys

16:57:08.0291 2280 dlkmdldr - ok

16:57:08.0307 2280 [ CB991809348BC15FE5218CC4EE9066D5 ] dlusbaudio C:\windows\system32\DRIVERS\dlusbaudio_x64.sys

16:57:08.0322 2280 dlusbaudio - ok

16:57:08.0338 2280 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\windows\system32\drivers\dmvsc.sys

16:57:08.0354 2280 dmvsc - ok

16:57:08.0385 2280 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\windows\system32\DRIVERS\dne64x.sys

16:57:08.0400 2280 DNE - ok

16:57:08.0416 2280 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll

16:57:08.0432 2280 Dnscache - ok

16:57:08.0463 2280 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll

16:57:08.0478 2280 dot3svc - ok

16:57:08.0494 2280 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll

16:57:08.0510 2280 DPS - ok

16:57:08.0525 2280 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys

16:57:08.0541 2280 drmkaud - ok

16:57:08.0572 2280 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys

16:57:08.0603 2280 DXGKrnl - ok

16:57:08.0603 2280 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll

16:57:08.0619 2280 EapHost - ok

16:57:08.0666 2280 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys

16:57:08.0712 2280 ebdrv - ok

16:57:08.0728 2280 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe

16:57:08.0728 2280 EFS - ok

16:57:08.0775 2280 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe

16:57:08.0790 2280 ehRecvr - ok

16:57:08.0790 2280 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe

16:57:08.0790 2280 ehSched - ok

16:57:08.0837 2280 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys

16:57:08.0853 2280 elxstor - ok

16:57:08.0868 2280 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys

16:57:08.0868 2280 ErrDev - ok

16:57:08.0900 2280 [ F9B5EFCE2A856BBA9DA2A28252180036 ] ETD C:\windows\system32\DRIVERS\ETD.sys

16:57:08.0915 2280 ETD - ok

16:57:08.0946 2280 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll

16:57:08.0946 2280 EventSystem - ok

16:57:09.0009 2280 [ 64D25284A4E9D11CA0722AF3F30FD970 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

16:57:09.0024 2280 EvtEng - ok

16:57:09.0056 2280 [ F5EDAE6D881BEC339AB53020082F6C61 ] excfs C:\windows\system32\DRIVERS\excfs.sys

16:57:09.0056 2280 excfs - ok

16:57:09.0071 2280 [ 01F4DE24BF8ADB020F2515B69A6255E7 ] excsd C:\windows\system32\DRIVERS\excsd.sys

16:57:09.0071 2280 excsd - ok

16:57:09.0087 2280 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys

16:57:09.0118 2280 exfat - ok

16:57:09.0134 2280 [ 76BCB62E9BF82AF629B70A6553BF7428 ] ExpressCache C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

16:57:09.0134 2280 ExpressCache - ok

16:57:09.0149 2280 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys

16:57:09.0165 2280 fastfat - ok

16:57:09.0212 2280 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe

16:57:09.0243 2280 Fax - ok

16:57:09.0290 2280 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys

16:57:09.0305 2280 fdc - ok

16:57:09.0321 2280 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll

16:57:09.0336 2280 fdPHost - ok

16:57:09.0336 2280 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll

16:57:09.0352 2280 FDResPub - ok

16:57:09.0368 2280 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys

16:57:09.0368 2280 FileInfo - ok

16:57:09.0383 2280 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys

16:57:09.0383 2280 Filetrace - ok

16:57:09.0414 2280 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys

16:57:09.0414 2280 flpydisk - ok

16:57:09.0430 2280 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys

16:57:09.0446 2280 FltMgr - ok

16:57:09.0461 2280 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll

16:57:09.0492 2280 FontCache - ok

16:57:09.0524 2280 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:57:09.0539 2280 FontCache3.0.0.0 - ok

16:57:09.0555 2280 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys

16:57:09.0555 2280 FsDepends - ok

16:57:09.0586 2280 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys

16:57:09.0586 2280 Fs_Rec - ok

16:57:09.0617 2280 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys

16:57:09.0617 2280 fvevol - ok

16:57:09.0648 2280 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys

16:57:09.0664 2280 gagp30kx - ok

16:57:09.0695 2280 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys

16:57:09.0711 2280 GEARAspiWDM - ok

16:57:09.0758 2280 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll

16:57:09.0758 2280 gpsvc - ok

16:57:09.0789 2280 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys

16:57:09.0804 2280 hcw85cir - ok

16:57:09.0836 2280 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

16:57:09.0851 2280 HdAudAddService - ok

16:57:09.0882 2280 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys

16:57:09.0898 2280 HDAudBus - ok

16:57:09.0914 2280 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys

16:57:09.0929 2280 HidBatt - ok

16:57:09.0945 2280 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys

16:57:09.0960 2280 HidBth - ok

16:57:09.0992 2280 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys

16:57:10.0007 2280 HidIr - ok

16:57:10.0023 2280 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll

16:57:10.0038 2280 hidserv - ok

16:57:10.0054 2280 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys

16:57:10.0054 2280 HidUsb - ok

16:57:10.0070 2280 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll

16:57:10.0085 2280 hkmsvc - ok

16:57:10.0085 2280 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

16:57:10.0101 2280 HomeGroupListener - ok

16:57:10.0116 2280 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

16:57:10.0116 2280 HomeGroupProvider - ok

16:57:10.0132 2280 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys

16:57:10.0148 2280 HpSAMD - ok

16:57:10.0163 2280 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys

16:57:10.0163 2280 HTTP - ok

16:57:10.0179 2280 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys

16:57:10.0179 2280 hwpolicy - ok

16:57:10.0179 2280 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys

16:57:10.0194 2280 i8042prt - ok

16:57:10.0210 2280 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys

16:57:10.0210 2280 iaStor - ok

16:57:10.0241 2280 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys

16:57:10.0241 2280 iaStorV - ok

16:57:10.0257 2280 [ 9E3D44CE737388F6BBBB6DD4A1C1847C ] ibtfltcoex C:\windows\system32\DRIVERS\iBtFltCoex.sys

16:57:10.0272 2280 ibtfltcoex - ok

16:57:10.0319 2280 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:57:10.0350 2280 idsvc - ok

16:57:10.0569 2280 [ 3FB253E8059A1AAC3A8B83A31D094CC5 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys

16:57:10.0756 2280 igfx - ok

16:57:10.0787 2280 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys

16:57:10.0787 2280 iirsp - ok

16:57:10.0803 2280 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll

16:57:10.0834 2280 IKEEXT - ok

16:57:10.0850 2280 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys

16:57:10.0865 2280 intaud_WaveExtensible - ok

16:57:10.0943 2280 [ 8524178B895E4BC04776B319DA3A70EC ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

16:57:10.0974 2280 IntcAzAudAddService - ok

16:57:11.0006 2280 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys

16:57:11.0006 2280 IntcDAud - ok

16:57:11.0052 2280 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

16:57:11.0084 2280 Intel® Capability Licensing Service Interface - ok

16:57:11.0130 2280 [ 9571D8BDB56EBC52280E8020574508E6 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

16:57:11.0177 2280 Intel® ME Service - ok

16:57:11.0193 2280 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys

16:57:11.0208 2280 intelide - ok

16:57:11.0255 2280 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys

16:57:11.0271 2280 intelppm - ok

16:57:11.0302 2280 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll

16:57:11.0318 2280 IPBusEnum - ok

16:57:11.0333 2280 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys

16:57:11.0349 2280 IpFilterDriver - ok

16:57:11.0380 2280 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll

16:57:11.0380 2280 iphlpsvc - ok

16:57:11.0396 2280 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys

16:57:11.0411 2280 IPMIDRV - ok

16:57:11.0427 2280 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys

16:57:11.0442 2280 IPNAT - ok

16:57:11.0474 2280 [ B474C756C13960793C7583B766F904C4 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

16:57:11.0505 2280 iPod Service - ok

16:57:11.0520 2280 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys

16:57:11.0520 2280 IRENUM - ok

16:57:11.0552 2280 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys

16:57:11.0552 2280 isapnp - ok

16:57:11.0567 2280 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys

16:57:11.0583 2280 iScsiPrt - ok

16:57:11.0598 2280 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys

16:57:11.0598 2280 iusb3hcs - ok

16:57:11.0614 2280 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys

16:57:11.0630 2280 iusb3hub - ok

16:57:11.0645 2280 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys

16:57:11.0676 2280 iusb3xhc - ok

16:57:11.0692 2280 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\windows\system32\DRIVERS\iwdbus.sys

16:57:11.0692 2280 iwdbus - ok

16:57:11.0723 2280 [ DBD76BC1D498FE368F2C8CB76C3E00A4 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

16:57:11.0786 2280 jhi_service - ok

16:57:11.0801 2280 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys

16:57:11.0801 2280 kbdclass - ok

16:57:11.0832 2280 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys

16:57:11.0832 2280 kbdhid - ok

16:57:11.0848 2280 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe

16:57:11.0864 2280 KeyIso - ok

16:57:11.0895 2280 [ 8B5219318DF5895ABD230C373F2DF18A ] KL1 C:\windows\system32\DRIVERS\kl1.sys

16:57:11.0910 2280 KL1 - ok

16:57:11.0926 2280 [ 73A82E89C9F52B8B3B0D40F28976A110 ] KLFLTDEV C:\windows\system32\DRIVERS\klfltdev.sys

16:57:11.0926 2280 KLFLTDEV - ok

16:57:11.0942 2280 [ 8C6A7FFCF235E03DF09CB66A909F80DD ] KLIF C:\windows\system32\DRIVERS\klif.sys

16:57:11.0957 2280 KLIF - ok

16:57:11.0988 2280 [ F360C8591E1C0DA4BF6F07E1026E3D76 ] KLIM6 C:\windows\system32\DRIVERS\klim6.sys

16:57:12.0004 2280 KLIM6 - ok

16:57:12.0066 2280 [ CF3B093523E5D2E6B149308CF1CE2CD7 ] klnagent C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe

16:57:12.0066 2280 klnagent - ok

16:57:12.0113 2280 [ 50965746A05FE99565A0FBE0B5BFB666 ] kltdi C:\windows\system32\DRIVERS\kltdi.sys

16:57:12.0129 2280 kltdi - ok

16:57:12.0144 2280 [ F66771306AEEE7B105BBBD758B721A28 ] kneps C:\windows\system32\DRIVERS\kneps.sys

16:57:12.0160 2280 kneps - ok

16:57:12.0176 2280 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys

16:57:12.0176 2280 KSecDD - ok

16:57:12.0191 2280 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys

16:57:12.0191 2280 KSecPkg - ok

16:57:12.0222 2280 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys

16:57:12.0222 2280 ksthunk - ok

16:57:12.0238 2280 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll

16:57:12.0269 2280 KtmRm - ok

16:57:12.0300 2280 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll

16:57:12.0316 2280 LanmanServer - ok

16:57:12.0347 2280 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

16:57:12.0363 2280 LanmanWorkstation - ok

16:57:12.0394 2280 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys

16:57:12.0410 2280 lltdio - ok

16:57:12.0425 2280 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll

16:57:12.0456 2280 lltdsvc - ok

16:57:12.0472 2280 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll

16:57:12.0488 2280 lmhosts - ok

16:57:12.0519 2280 [ 86E4CC39C953D11EF57CF54C4DC78238 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

16:57:12.0581 2280 LMS - ok

16:57:12.0597 2280 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys

16:57:12.0612 2280 LSI_FC - ok

16:57:12.0644 2280 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys

16:57:12.0659 2280 LSI_SAS - ok

16:57:12.0675 2280 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys

16:57:12.0690 2280 LSI_SAS2 - ok

16:57:12.0690 2280 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys

16:57:12.0706 2280 LSI_SCSI - ok

16:57:12.0737 2280 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys

16:57:12.0737 2280 luafv - ok

16:57:12.0753 2280 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll

16:57:12.0753 2280 Mcx2Svc - ok

16:57:12.0815 2280 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

16:57:12.0831 2280 MDM - ok

16:57:12.0846 2280 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys

16:57:12.0862 2280 megasas - ok

16:57:12.0878 2280 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys

16:57:12.0893 2280 MegaSR - ok

16:57:12.0924 2280 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys

16:57:12.0940 2280 MEIx64 - ok

16:57:12.0987 2280 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

16:57:13.0034 2280 Microsoft Office Groove Audit Service - ok

16:57:13.0065 2280 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll

16:57:13.0065 2280 MMCSS - ok

16:57:13.0080 2280 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys

16:57:13.0096 2280 Modem - ok

16:57:13.0112 2280 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys

16:57:13.0127 2280 monitor - ok

16:57:13.0143 2280 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys

16:57:13.0158 2280 mouclass - ok

16:57:13.0174 2280 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys

16:57:13.0174 2280 mouhid - ok

16:57:13.0205 2280 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys

16:57:13.0205 2280 mountmgr - ok

16:57:13.0221 2280 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys

16:57:13.0236 2280 mpio - ok

16:57:13.0252 2280 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys

16:57:13.0252 2280 mpsdrv - ok

16:57:13.0299 2280 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll

16:57:13.0299 2280 MpsSvc - ok

16:57:13.0330 2280 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys

16:57:13.0346 2280 MRxDAV - ok

16:57:13.0361 2280 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys

16:57:13.0361 2280 mrxsmb - ok

16:57:13.0377 2280 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys

16:57:13.0377 2280 mrxsmb10 - ok

16:57:13.0377 2280 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys

16:57:13.0377 2280 mrxsmb20 - ok

16:57:13.0392 2280 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys

16:57:13.0392 2280 msahci - ok

16:57:13.0392 2280 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys

16:57:13.0408 2280 msdsm - ok

16:57:13.0424 2280 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe

16:57:13.0424 2280 MSDTC - ok

16:57:13.0439 2280 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys

16:57:13.0439 2280 Msfs - ok

16:57:13.0455 2280 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys

16:57:13.0455 2280 mshidkmdf - ok

16:57:13.0470 2280 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys

16:57:13.0470 2280 msisadrv - ok

16:57:13.0486 2280 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll

16:57:13.0502 2280 MSiSCSI - ok

16:57:13.0502 2280 msiserver - ok

16:57:13.0517 2280 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys

16:57:13.0533 2280 MSKSSRV - ok

16:57:13.0533 2280 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys

16:57:13.0533 2280 MSPCLOCK - ok

16:57:13.0533 2280 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys

16:57:13.0548 2280 MSPQM - ok

16:57:13.0548 2280 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys

16:57:13.0564 2280 MsRPC - ok

16:57:13.0564 2280 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys

16:57:13.0580 2280 mssmbios - ok

16:57:13.0580 2280 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys

16:57:13.0580 2280 MSTEE - ok

16:57:13.0595 2280 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys

16:57:13.0595 2280 MTConfig - ok

16:57:13.0595 2280 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys

16:57:13.0595 2280 Mup - ok

16:57:13.0626 2280 [ E3B58E3011B207C5289D11173B30E298 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

16:57:13.0626 2280 MyWiFiDHCPDNS - ok

16:57:13.0658 2280 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll

16:57:13.0658 2280 napagent - ok

16:57:13.0704 2280 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys

16:57:13.0704 2280 NativeWifiP - ok

16:57:13.0736 2280 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys

16:57:13.0751 2280 NDIS - ok

16:57:13.0767 2280 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys

16:57:13.0767 2280 NdisCap - ok

16:57:13.0782 2280 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys

16:57:13.0798 2280 NdisTapi - ok

16:57:13.0814 2280 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys

16:57:13.0814 2280 Ndisuio - ok

16:57:13.0814 2280 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys

16:57:13.0829 2280 NdisWan - ok

16:57:13.0845 2280 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys

16:57:13.0845 2280 NDProxy - ok

16:57:13.0860 2280 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys

16:57:13.0860 2280 NetBIOS - ok

16:57:13.0876 2280 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys

16:57:13.0876 2280 NetBT - ok

16:57:13.0892 2280 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe

16:57:13.0892 2280 Netlogon - ok

16:57:13.0907 2280 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll

16:57:13.0923 2280 Netman - ok

16:57:13.0970 2280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:57:13.0970 2280 NetMsmqActivator - ok

16:57:13.0985 2280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:57:13.0985 2280 NetPipeActivator - ok

16:57:14.0001 2280 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll

16:57:14.0016 2280 netprofm - ok

16:57:14.0016 2280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:57:14.0016 2280 NetTcpActivator - ok

16:57:14.0016 2280 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:57:14.0016 2280 NetTcpPortSharing - ok

16:57:14.0188 2280 [ B51E9AD4F4E4F8DBE0AB882756BC5DAB ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys

16:57:14.0360 2280 NETwNs64 - ok

16:57:14.0391 2280 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys

16:57:14.0391 2280 nfrd960 - ok

16:57:14.0422 2280 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll

16:57:14.0422 2280 NlaSvc - ok

16:57:14.0438 2280 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys

16:57:14.0438 2280 Npfs - ok

16:57:14.0453 2280 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll

16:57:14.0453 2280 nsi - ok

16:57:14.0484 2280 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys

16:57:14.0484 2280 nsiproxy - ok

16:57:14.0531 2280 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys

16:57:14.0562 2280 Ntfs - ok

16:57:14.0578 2280 [ A2F750E416D1C628BDCDC2075AC33BC6 ] NuidFltr C:\windows\system32\DRIVERS\NuidFltr.sys

16:57:14.0594 2280 NuidFltr - ok

16:57:14.0609 2280 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys

16:57:14.0609 2280 Null - ok

16:57:14.0812 2280 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys

16:57:14.0999 2280 nvlddmkm - ok

16:57:15.0015 2280 [ 918841B2454F4F2BD94479692079490B ] nvpciflt C:\windows\system32\DRIVERS\nvpciflt.sys

16:57:15.0031 2280 nvpciflt - ok

16:57:15.0046 2280 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys

16:57:15.0062 2280 nvraid - ok

16:57:15.0093 2280 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys

16:57:15.0109 2280 nvstor - ok

16:57:15.0155 2280 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\windows\system32\nvvsvc.exe

16:57:15.0155 2280 nvsvc - ok

16:57:15.0218 2280 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

16:57:15.0233 2280 nvUpdatusService - ok

16:57:15.0296 2280 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys

16:57:15.0311 2280 nv_agp - ok

16:57:15.0358 2280 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

16:57:15.0421 2280 odserv - ok

16:57:15.0436 2280 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys

16:57:15.0436 2280 ohci1394 - ok

16:57:15.0483 2280 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:57:15.0514 2280 ose - ok

16:57:15.0670 2280 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:57:15.0701 2280 osppsvc - ok

16:57:15.0733 2280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll

16:57:15.0733 2280 p2pimsvc - ok

16:57:15.0748 2280 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll

16:57:15.0764 2280 p2psvc - ok

16:57:15.0779 2280 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys

16:57:15.0779 2280 Parport - ok

16:57:15.0795 2280 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys

16:57:15.0795 2280 partmgr - ok

16:57:15.0811 2280 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll

16:57:15.0826 2280 PcaSvc - ok

16:57:15.0826 2280 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys

16:57:15.0826 2280 pci - ok

16:57:15.0842 2280 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys

16:57:15.0857 2280 pciide - ok

16:57:15.0873 2280 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys

16:57:15.0889 2280 pcmcia - ok

16:57:15.0889 2280 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys

16:57:15.0889 2280 pcw - ok

16:57:15.0904 2280 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys

16:57:15.0920 2280 PEAUTH - ok

16:57:15.0951 2280 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll

16:57:15.0967 2280 PeerDistSvc - ok

16:57:16.0013 2280 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe

16:57:16.0029 2280 PerfHost - ok

16:57:16.0091 2280 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll

16:57:16.0107 2280 pla - ok

16:57:16.0138 2280 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll

16:57:16.0169 2280 PlugPlay - ok

16:57:16.0185 2280 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll

16:57:16.0185 2280 PNRPAutoReg - ok

16:57:16.0201 2280 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll

16:57:16.0201 2280 PNRPsvc - ok

16:57:16.0232 2280 [ 32D374C60778253B81FA76C2FE19E155 ] Point64 C:\windows\system32\DRIVERS\point64.sys

16:57:16.0232 2280 Point64 - ok

16:57:16.0263 2280 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll

16:57:16.0279 2280 PolicyAgent - ok

16:57:16.0294 2280 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll

16:57:16.0310 2280 Power - ok

16:57:16.0341 2280 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys

16:57:16.0341 2280 PptpMiniport - ok

16:57:16.0372 2280 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys

16:57:16.0372 2280 Processor - ok

16:57:16.0388 2280 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll

16:57:16.0403 2280 ProfSvc - ok

16:57:16.0419 2280 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

16:57:16.0419 2280 ProtectedStorage - ok

16:57:16.0435 2280 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys

16:57:16.0435 2280 Psched - ok

16:57:16.0497 2280 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys

16:57:16.0513 2280 ql2300 - ok

16:57:16.0528 2280 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys

16:57:16.0528 2280 ql40xx - ok

16:57:16.0544 2280 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll

16:57:16.0559 2280 QWAVE - ok

16:57:16.0559 2280 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys

16:57:16.0575 2280 QWAVEdrv - ok

16:57:16.0591 2280 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys

16:57:16.0591 2280 RasAcd - ok

16:57:16.0606 2280 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys

16:57:16.0622 2280 RasAgileVpn - ok

16:57:16.0637 2280 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll

16:57:16.0653 2280 RasAuto - ok

16:57:16.0669 2280 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys

16:57:16.0669 2280 Rasl2tp - ok

16:57:16.0684 2280 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll

16:57:16.0684 2280 RasMan - ok

16:57:16.0700 2280 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys

16:57:16.0700 2280 RasPppoe - ok

16:57:16.0715 2280 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys

16:57:16.0715 2280 RasSstp - ok

16:57:16.0731 2280 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys

16:57:16.0731 2280 rdbss - ok

16:57:16.0747 2280 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys

16:57:16.0747 2280 rdpbus - ok

16:57:16.0762 2280 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys

16:57:16.0762 2280 RDPCDD - ok

16:57:16.0793 2280 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys

16:57:16.0809 2280 RDPDR - ok

16:57:16.0825 2280 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys

16:57:16.0825 2280 RDPENCDD - ok

16:57:16.0825 2280 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys

16:57:16.0825 2280 RDPREFMP - ok

16:57:16.0856 2280 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys

16:57:16.0856 2280 RdpVideoMiniport - ok

16:57:16.0871 2280 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys

16:57:16.0887 2280 RDPWD - ok

16:57:16.0903 2280 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys

16:57:16.0903 2280 rdyboost - ok

16:57:16.0934 2280 [ F3AF2B43F35DBB3A0EB9FEEEC7D62217 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

16:57:16.0949 2280 RegSrvc - ok

16:57:16.0981 2280 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll

16:57:16.0996 2280 RemoteAccess - ok

16:57:17.0012 2280 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll

16:57:17.0027 2280 RemoteRegistry - ok

16:57:17.0043 2280 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys

16:57:17.0059 2280 RFCOMM - ok

16:57:17.0121 2280 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

16:57:17.0137 2280 RichVideo - ok

16:57:17.0137 2280 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll

16:57:17.0152 2280 RpcEptMapper - ok

16:57:17.0168 2280 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe

16:57:17.0183 2280 RpcLocator - ok

16:57:17.0199 2280 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll

16:57:17.0199 2280 RpcSs - ok

16:57:17.0230 2280 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys

16:57:17.0246 2280 rspndr - ok

16:57:17.0308 2280 [ 6CF9DB101A75360E98659F823852E540 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys

16:57:17.0339 2280 RTL8167 - ok

16:57:17.0371 2280 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys

16:57:17.0386 2280 s3cap - ok

16:57:17.0402 2280 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\windows\system32\Drivers\SABI.sys

16:57:17.0417 2280 SABI - ok

16:57:17.0417 2280 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe

16:57:17.0417 2280 SamSs - ok

16:57:17.0464 2280 [ 2C31378A5695526E99ADAB928157B992 ] Samsung UPD Service2 C:\windows\System32\SUPDSvc2.exe

16:57:17.0480 2280 Samsung UPD Service2 - ok

16:57:17.0542 2280 [ 9D19E17449C8E8759D6872F662104321 ] SamsungAllShareV2.0 C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

16:57:17.0558 2280 SamsungAllShareV2.0 - ok

16:57:17.0605 2280 [ 5E66ABD041D76C46CBF55AEF910FCA56 ] SamsungDeviceConfigurationWinService C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

16:57:17.0636 2280 SamsungDeviceConfigurationWinService - ok

16:57:17.0729 2280 SBIOSIO - ok

16:57:17.0761 2280 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys

16:57:17.0776 2280 sbp2port - ok

16:57:17.0792 2280 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll

16:57:17.0807 2280 SCardSvr - ok

16:57:17.0807 2280 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys

16:57:17.0807 2280 scfilter - ok

16:57:17.0823 2280 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll

16:57:17.0839 2280 Schedule - ok

16:57:17.0854 2280 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll

16:57:17.0854 2280 SCPolicySvc - ok

16:57:17.0854 2280 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll

16:57:17.0854 2280 SDRSVC - ok

16:57:17.0870 2280 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys

16:57:17.0885 2280 secdrv - ok

16:57:17.0885 2280 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll

16:57:17.0901 2280 seclogon - ok

16:57:17.0917 2280 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll

16:57:17.0917 2280 SENS - ok

16:57:17.0917 2280 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll

16:57:17.0932 2280 SensrSvc - ok

16:57:17.0948 2280 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys

16:57:17.0948 2280 Serenum - ok

16:57:17.0963 2280 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys

16:57:17.0963 2280 Serial - ok

16:57:17.0995 2280 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys

16:57:17.0995 2280 sermouse - ok

16:57:18.0010 2280 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll

16:57:18.0026 2280 SessionEnv - ok

16:57:18.0026 2280 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys

16:57:18.0041 2280 sffdisk - ok

16:57:18.0041 2280 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys

16:57:18.0057 2280 sffp_mmc - ok

16:57:18.0057 2280 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys

16:57:18.0073 2280 sffp_sd - ok

16:57:18.0088 2280 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys

16:57:18.0088 2280 sfloppy - ok

16:57:18.0135 2280 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll

16:57:18.0151 2280 SharedAccess - ok

16:57:18.0151 2280 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

16:57:18.0166 2280 ShellHWDetection - ok

16:57:18.0182 2280 [ 720088AAD691FF1D90BE8EC28727F6CA ] silabenm C:\windows\system32\DRIVERS\silabenm.sys

16:57:18.0197 2280 silabenm - ok

16:57:18.0197 2280 [ 8902654A3106CE3AD77D1AE72248FEE0 ] silabser C:\windows\system32\DRIVERS\silabser.sys

16:57:18.0213 2280 silabser - ok

16:57:18.0244 2280 [ 1435BF57B18B3FD2C28060EF4374E704 ] SimpleSlideShowServer C:\Program Files (x86)\Samsung\AllShare\AllShareSlideShowService.exe

16:57:18.0244 2280 SimpleSlideShowServer - ok

16:57:18.0275 2280 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys

16:57:18.0275 2280 SiSRaid2 - ok

16:57:18.0307 2280 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys

16:57:18.0307 2280 SiSRaid4 - ok

16:57:18.0322 2280 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys

16:57:18.0338 2280 Smb - ok

16:57:18.0385 2280 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe

16:57:18.0400 2280 SNMPTRAP - ok

16:57:18.0416 2280 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys

16:57:18.0416 2280 spldr - ok

16:57:18.0447 2280 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe

16:57:18.0463 2280 Spooler - ok

16:57:18.0509 2280 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe

16:57:18.0556 2280 sppsvc - ok

16:57:18.0556 2280 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll

16:57:18.0572 2280 sppuinotify - ok

16:57:18.0587 2280 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys

16:57:18.0587 2280 srv - ok

16:57:18.0587 2280 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys

16:57:18.0587 2280 srv2 - ok

16:57:18.0603 2280 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys

16:57:18.0603 2280 srvnet - ok

16:57:18.0619 2280 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll

16:57:18.0619 2280 SSDPSRV - ok

16:57:18.0634 2280 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll

16:57:18.0634 2280 SstpSvc - ok

16:57:18.0650 2280 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys

16:57:18.0665 2280 stexstor - ok

16:57:18.0681 2280 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys

16:57:18.0681 2280 StillCam - ok

16:57:18.0712 2280 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll

16:57:18.0743 2280 stisvc - ok

16:57:18.0759 2280 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys

16:57:18.0759 2280 storflt - ok

16:57:18.0775 2280 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll

16:57:18.0790 2280 StorSvc - ok

16:57:18.0806 2280 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys

16:57:18.0821 2280 storvsc - ok

16:57:18.0837 2280 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys

16:57:18.0853 2280 swenum - ok

16:57:18.0899 2280 SWGVCSvc - ok

16:57:18.0915 2280 [ 1E036F98E6C780DD7669F516E8BE0CEA ] SWIPsec C:\windows\system32\Drivers\SWIPsec.sys

16:57:18.0931 2280 SWIPsec - ok

16:57:18.0946 2280 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll

16:57:18.0962 2280 swprv - ok

16:57:18.0977 2280 SWUpdateService - ok

16:57:19.0009 2280 [ DCF11E08A8524B19EC47515C22BE492E ] SWVNIC C:\windows\system32\DRIVERS\swvnic.sys

16:57:19.0024 2280 SWVNIC - ok

16:57:19.0055 2280 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll

16:57:19.0087 2280 SysMain - ok

16:57:19.0087 2280 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

16:57:19.0102 2280 TabletInputService - ok

16:57:19.0102 2280 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll

16:57:19.0118 2280 TapiSrv - ok

16:57:19.0118 2280 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll

16:57:19.0118 2280 TBS - ok

16:57:19.0165 2280 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\windows\system32\drivers\tcpip.sys

16:57:19.0180 2280 Tcpip - ok

16:57:19.0211 2280 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys

16:57:19.0211 2280 TCPIP6 - ok

16:57:19.0243 2280 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys

16:57:19.0243 2280 tcpipreg - ok

16:57:19.0274 2280 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys

16:57:19.0289 2280 TDPIPE - ok

16:57:19.0305 2280 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys

16:57:19.0321 2280 TDTCP - ok

16:57:19.0336 2280 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys

16:57:19.0336 2280 tdx - ok

16:57:19.0352 2280 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys

16:57:19.0352 2280 TermDD - ok

16:57:19.0414 2280 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll

16:57:19.0430 2280 TermService - ok

16:57:19.0445 2280 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll

16:57:19.0461 2280 Themes - ok

16:57:19.0492 2280 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll

16:57:19.0492 2280 THREADORDER - ok

16:57:19.0508 2280 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys

16:57:19.0523 2280 TPM - ok

16:57:19.0539 2280 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll

16:57:19.0555 2280 TrkWks - ok

16:57:19.0586 2280 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

16:57:19.0586 2280 TrustedInstaller - ok

16:57:19.0601 2280 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys

16:57:19.0601 2280 tssecsrv - ok

16:57:19.0633 2280 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys

16:57:19.0648 2280 TsUsbFlt - ok

16:57:19.0664 2280 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys

16:57:19.0679 2280 TsUsbGD - ok

16:57:19.0695 2280 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys

16:57:19.0711 2280 tunnel - ok

16:57:19.0726 2280 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys

16:57:19.0742 2280 uagp35 - ok

16:57:19.0773 2280 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys

16:57:19.0789 2280 udfs - ok

16:57:19.0820 2280 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe

16:57:19.0820 2280 UI0Detect - ok

16:57:19.0851 2280 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys

16:57:19.0867 2280 uliagpkx - ok

16:57:19.0898 2280 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys

16:57:19.0898 2280 umbus - ok

16:57:19.0913 2280 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys

16:57:19.0913 2280 UmPass - ok

16:57:19.0929 2280 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll

16:57:19.0945 2280 UmRdpService - ok

16:57:20.0007 2280 [ D80B1075B69B57A3AB78F750CE463ECE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

16:57:20.0069 2280 UNS - ok

16:57:20.0085 2280 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll

16:57:20.0085 2280 upnphost - ok

16:57:20.0101 2280 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys

16:57:20.0116 2280 USBAAPL64 - ok

16:57:20.0147 2280 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys

16:57:20.0163 2280 usbccgp - ok

16:57:20.0179 2280 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys

16:57:20.0179 2280 usbcir - ok

16:57:20.0194 2280 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys

16:57:20.0210 2280 usbehci - ok

16:57:20.0210 2280 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys

16:57:20.0225 2280 usbhub - ok

16:57:20.0241 2280 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys

16:57:20.0241 2280 usbohci - ok

16:57:20.0257 2280 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\drivers\usbprint.sys

16:57:20.0272 2280 usbprint - ok

16:57:20.0288 2280 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS

16:57:20.0288 2280 USBSTOR - ok

16:57:20.0303 2280 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys

16:57:20.0319 2280 usbuhci - ok

16:57:20.0335 2280 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys

16:57:20.0350 2280 usbvideo - ok

16:57:20.0366 2280 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll

16:57:20.0366 2280 UxSms - ok

16:57:20.0397 2280 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe

16:57:20.0397 2280 VaultSvc - ok

16:57:20.0428 2280 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys

16:57:20.0428 2280 vdrvroot - ok

16:57:20.0444 2280 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe

16:57:20.0475 2280 vds - ok

16:57:20.0475 2280 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys

16:57:20.0491 2280 vga - ok

16:57:20.0491 2280 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys

16:57:20.0506 2280 VgaSave - ok

16:57:20.0522 2280 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys

16:57:20.0522 2280 vhdmp - ok

16:57:20.0537 2280 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys

16:57:20.0537 2280 viaide - ok

16:57:20.0569 2280 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys

16:57:20.0569 2280 vmbus - ok

16:57:20.0584 2280 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys

16:57:20.0584 2280 VMBusHID - ok

16:57:20.0615 2280 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys

16:57:20.0615 2280 volmgr - ok

16:57:20.0615 2280 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys

16:57:20.0615 2280 volmgrx - ok

16:57:20.0631 2280 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys

16:57:20.0631 2280 volsnap - ok

16:57:20.0647 2280 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys

16:57:20.0662 2280 vsmraid - ok

16:57:20.0693 2280 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe

16:57:20.0709 2280 VSS - ok

16:57:20.0725 2280 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys

16:57:20.0725 2280 vwifibus - ok

16:57:20.0756 2280 [ 13A0DECD1794DE60A8427862C8669D27 ] VWiFiFlt C:\windows\system32\DRIVERS\vwififlt.sys

16:57:20.0756 2280 VWiFiFlt - ok

16:57:20.0771 2280 [ 49003B357D101CDC474937437ECF5ABC ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys

16:57:20.0771 2280 vwifimp - ok

16:57:20.0803 2280 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll

16:57:20.0818 2280 W32Time - ok

16:57:20.0834 2280 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys

16:57:20.0834 2280 WacomPen - ok

16:57:20.0865 2280 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys

16:57:20.0865 2280 WANARP - ok

16:57:20.0865 2280 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys

16:57:20.0865 2280 Wanarpv6 - ok

16:57:20.0927 2280 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe

16:57:20.0943 2280 WatAdminSvc - ok

16:57:20.0974 2280 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe

16:57:21.0005 2280 wbengine - ok

16:57:21.0021 2280 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll

16:57:21.0021 2280 WbioSrvc - ok

16:57:21.0037 2280 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll

16:57:21.0052 2280 wcncsvc - ok

16:57:21.0052 2280 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

16:57:21.0052 2280 WcsPlugInService - ok

16:57:21.0083 2280 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys

16:57:21.0083 2280 Wd - ok

16:57:21.0115 2280 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys

16:57:21.0130 2280 Wdf01000 - ok

16:57:21.0146 2280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll

16:57:21.0146 2280 WdiServiceHost - ok

16:57:21.0161 2280 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll

16:57:21.0161 2280 WdiSystemHost - ok

16:57:21.0177 2280 [ 63CE387483E74A0BD79EE4E5EBA1FD2E ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys

16:57:21.0177 2280 wdkmd - ok

16:57:21.0193 2280 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll

16:57:21.0208 2280 WebClient - ok

16:57:21.0224 2280 [ D5BA7D43FA2EF656BF7E98A188391E40 ] Wecsvc C:\windows\system32\wecsvc.dll

16:57:21.0239 2280 Wecsvc - ok

16:57:21.0239 2280 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll

16:57:21.0255 2280 wercplsupport - ok

16:57:21.0286 2280 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll

16:57:21.0286 2280 WerSvc - ok

16:57:21.0302 2280 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys

16:57:21.0317 2280 WfpLwf - ok

16:57:21.0317 2280 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys

16:57:21.0333 2280 WIMMount - ok

16:57:21.0349 2280 WinDefend - ok

16:57:21.0364 2280 WinHttpAutoProxySvc - ok

16:57:21.0395 2280 [ 136760C1E9697BAF4ECDEAE5590A0806 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll

16:57:21.0411 2280 Winmgmt - ok

16:57:21.0489 2280 [ 3BB6B401A780BF434C8F58137DE10BF7 ] WinRM C:\windows\system32\WsmSvc.dll

16:57:21.0520 2280 WinRM - ok

16:57:21.0551 2280 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys

16:57:21.0551 2280 WinUsb - ok

16:57:21.0583 2280 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll

16:57:21.0598 2280 Wlansvc - ok

16:57:21.0614 2280 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys

16:57:21.0614 2280 WmiAcpi - ok

16:57:21.0629 2280 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe

16:57:21.0629 2280 wmiApSrv - ok

16:57:21.0645 2280 WMPNetworkSvc - ok

16:57:21.0676 2280 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll

16:57:21.0676 2280 WPCSvc - ok

16:57:21.0692 2280 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll

16:57:21.0692 2280 WPDBusEnum - ok

16:57:21.0692 2280 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys

16:57:21.0692 2280 ws2ifsl - ok

16:57:21.0707 2280 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll

16:57:21.0723 2280 wscsvc - ok

16:57:21.0723 2280 WSearch - ok

16:57:21.0770 2280 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll

16:57:21.0785 2280 wuauserv - ok

16:57:21.0801 2280 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys

16:57:21.0817 2280 WudfPf - ok

16:57:21.0832 2280 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys

16:57:21.0832 2280 WUDFRd - ok

16:57:21.0848 2280 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll

16:57:21.0848 2280 wudfsvc - ok

16:57:21.0863 2280 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll

16:57:21.0863 2280 WwanSvc - ok

16:57:21.0926 2280 [ 74713CB32792F9C7632DAA7DA22CA974 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

16:57:21.0957 2280 ZeroConfigService - ok

16:57:21.0988 2280 ================ Scan global ===============================

16:57:22.0004 2280 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

16:57:22.0019 2280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:57:22.0019 2280 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll

16:57:22.0051 2280 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

16:57:22.0082 2280 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

16:57:22.0082 2280 [Global] - ok

16:57:22.0082 2280 ================ Scan MBR ==================================

16:57:22.0097 2280 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0

16:57:22.0378 2280 \Device\Harddisk0\DR0 - ok

16:57:22.0378 2280 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1

16:57:22.0425 2280 \Device\Harddisk1\DR1 - ok

16:57:22.0425 2280 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk2\DR3

16:57:22.0425 2280 \Device\Harddisk2\DR3 - ok

16:57:22.0425 2280 ================ Scan VBR ==================================

16:57:22.0425 2280 [ 32155315AB908EFE6960DEF3F6B4C2CC ] \Device\Harddisk0\DR0\Partition1

16:57:22.0425 2280 \Device\Harddisk0\DR0\Partition1 - ok

16:57:22.0441 2280 [ BBD0330635624475C6DE8DF564C733DF ] \Device\Harddisk0\DR0\Partition2

16:57:22.0441 2280 \Device\Harddisk0\DR0\Partition2 - ok

16:57:22.0441 2280 [ 0C31A72305AA2593807CDA1A90E50F44 ] \Device\Harddisk2\DR3\Partition1

16:57:22.0441 2280 \Device\Harddisk2\DR3\Partition1 - ok

16:57:22.0441 2280 ============================================================

16:57:22.0441 2280 Scan finished

16:57:22.0441 2280 ============================================================

16:57:22.0456 1380 Detected object count: 0

16:57:22.0456 1380 Actual detected object count: 0

Link to post
Share on other sites

Here is round two of the log files:

MBAR Log File

========================================================

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.07.10

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

6/11/2013 5:03:58 PM

mbar-log-2013-06-11 (17-03-58).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 368114

Time elapsed: 17 minute(s), 47 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

MBAR System Log File

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 8360857600, free: 5296926720

=======================================

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 2.294000 GHz

Memory total: 8360857600, free: 5271003136

Initializing...

------------ Kernel report ------------

06/11/2013 17:03:55

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\excsd.sys

\SystemRoot\system32\DRIVERS\kl1.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\DRIVERS\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\nvpciflt.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\system32\DRIVERS\iusb3hcs.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\dlkmdldr.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\excfs.sys

\SystemRoot\system32\DRIVERS\klif.sys

\SystemRoot\system32\DRIVERS\klflt.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\kltdi.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\klim6.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\??\C:\windows\system32\Drivers\SABI.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\system32\DRIVERS\kneps.sys

\SystemRoot\system32\DRIVERS\klfltdev.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\system32\drivers\dlkmd.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\system32\DRIVERS\iusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\ETD.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\tpm.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\AMPPAL.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\dne64x.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\iwdbus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\WDKMD.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\iusb3hub.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\dc3d.sys

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\point64.sys

\SystemRoot\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys

\SystemRoot\system32\DRIVERS\dlusbaudio_x64.sys

\SystemRoot\system32\DRIVERS\dlcdcecm.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\acpials.sys

\SystemRoot\system32\DRIVERS\WUDFRd.sys

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\??\C:\windows\system32\drivers\mbamchameleon.sys

\??\C:\windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\comdlg32.dll

\Windows\System32\difxapi.dll

\Windows\System32\iertutil.dll

\Windows\System32\shell32.dll

\Windows\System32\advapi32.dll

\Windows\System32\lpk.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\urlmon.dll

\Windows\System32\wininet.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ws2_32.dll

\Windows\System32\setupapi.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msctf.dll

\Windows\System32\ole32.dll

\Windows\System32\imm32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\sechost.dll

\Windows\System32\oleaut32.dll

\Windows\System32\user32.dll

\Windows\System32\psapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\usp10.dll

\Windows\System32\kernel32.dll

\Windows\System32\normaliz.dll

\Windows\System32\shlwapi.dll

\Windows\System32\nsi.dll

\Windows\System32\crypt32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\comctl32.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR3

Upper Device Object: 0xfffffa8007842200

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\000000cb\

Lower Device Object: 0xfffffa8012404200

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8009a99790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-2\

Lower Device Object: 0xfffffa8009a98050

Lower Device Driver Name: \Driver\iaStor\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8009a9b790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8009a9a050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8009a9b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800877a8e0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800877b980, DeviceName: Unknown, DriverName: \Driver\excsd\

DevicePointer: 0xfffffa8009a9b790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009a9a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\excsd\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: A242F6BF

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 1415964672

Partition 2 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 1416171520 Numsec = 48975872

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xfffffa8009a99790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa800877db90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa800877c980, DeviceName: Unknown, DriverName: \Driver\excsd\

DevicePointer: 0xfffffa8009a99790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8009a98050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\excsd\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 74F02DEA

Partition information:

Partition 0 type is Other (0x73)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 15644672

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 8012390400 bytes

Sector size: 512 bytes

Done!

Physical Sector Size: 512

Drive: 2, DevicePointer: 0xfffffa8007842200, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8013dd0a60, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007842200, DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8012404200, DeviceName: \Device\000000cb\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk2\DR3\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 2

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5525669F

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 63 Numsec = 3910977

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2002747392 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_1_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_2_r.mbam...

Removal finished

Combofix Log File

ComboFix 13-06-08.02 - user 06/12/2013 7:39.3.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7974.4663 [GMT -4:00]

Running from: c:\users\user\Desktop\ComboFix.exe

AV: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Endpoint Security 10 for Windows *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\kladminkit\165f9878-495b-45b2-8b7a-669adff71338\esm.cache\vlns3_engine.dll.ef52c5bfa66f4958978194fda17f1a65

c:\windows\TEMP\kladminkit\b43a89e8-f027-4dc9-93b7-a55e126d116a.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-05-12 to 2013-06-12 )))))))))))))))))))))))))))))))

.

.

2013-05-20 12:26 . 2013-05-20 12:26 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-05-20 12:26 . 2013-05-20 12:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-05-17 15:01 . 2013-05-17 15:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2013-05-15 13:06 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 13:06 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 13:06 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 13:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 13:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 13:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 13:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 13:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 13:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 13:05 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 13:05 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 13:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-15 13:01 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-15 13:01 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-15 13:01 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 13:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 13:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 13:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 13:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 13:06 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 13:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 21:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-19 06:04 . 2013-04-11 11:58 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 11:58 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 11:58 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 11:58 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 11:58 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 11:58 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe" [2013-01-20 729744]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DelayedDesktopSwitchTimeout"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]

R3 SBIOSIO;SBIOSIO;c:\users\tim\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\tim\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]

S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]

S1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys;c:\windows\SYSNATIVE\DRIVERS\klfltdev.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]

S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 klnagent;Kaspersky Lab Network Agent;c:\program files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe ;c:\program files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [x]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]

S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]

S3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]

S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 93970384

*Deregistered* - 93970384

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]

.

2013-06-11 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]

"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-07 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-07 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-07 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.16.101

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-12 07:51:03

ComboFix-quarantined-files.txt 2013-06-12 11:51

ComboFix2.txt 2013-06-10 13:07

ComboFix3.txt 2013-06-10 12:50

.

Pre-Run: 650,633,994,240 bytes free

Post-Run: 650,528,714,752 bytes free

.

- - End Of File - - 4F28E1659173A4B1E0275A33F853684A

D41D8CD98F00B204E9800998ECF8427E

Security Check

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Kaspersky Endpoint Security 10 for Windows

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player 10 Flash Player out of Date!

````````Process Check: objlist.exe by Laurent````````

Kaspersky Lab NetworkAgent klnagent.exe

Kaspersky Lab NetworkAgent vapm.exe

Kaspersky Lab Kaspersky Endpoint Security 10 for Windows avp.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End

Link to post
Share on other sites

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

93970384

File::

C:\Windows\System32\Drivers\93970384.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

Link to post
Share on other sites

Ok here goes the last combofix log. Everything seems to be running pretty good according to the user. No problems to note. Everything is opening and closing, system speed and all seems good, and no errors.

ComboFix 13-06-08.02 - tim 06/13/2013 15:06:19.4.8 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.7974.5334 [GMT -4:00]

Running from: e:\malware programs\ComboFix.exe

Command switches used :: e:\malware programs\CFScript.txt

AV: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

FW: Kaspersky Endpoint Security 10 for Windows *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

SP: Kaspersky Endpoint Security 10 for Windows *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\System32\Drivers\93970384.sys"

.

/wow section - STAGE 3

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\TEMP\kladminkit\1c4f3764-1d9a-4742-a4fc-ed147a2c39fb\esm.cache\vlns3_engine.dll.ef52c5bfa66f4958978194fda17f1a65

c:\windows\TEMP\kladminkit\4521d695-a946-4ddf-8b19-0299eb981304.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_93970384

.

.

((((((((((((((((((((((((( Files Created from 2013-05-13 to 2013-06-13 )))))))))))))))))))))))))))))))

.

.

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\UpdatusUser.LAPTOP\AppData\Local\temp

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\SysAdmin\AppData\Local\temp

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\netadmin\AppData\Local\temp

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-13 19:15 . 2013-06-13 19:15 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-06-13 12:12 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-13 12:07 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-06-13 12:07 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-06-13 12:06 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-13 12:06 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-06-13 12:05 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll

2013-06-13 12:05 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-06-13 12:05 . 2013-05-13 05:51 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-13 12:05 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-06-13 12:05 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-13 12:05 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-06-13 12:05 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-06-13 12:05 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-06-13 12:05 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-06-13 12:05 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-06-11 21:03 . 2013-06-12 11:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-06-11 21:03 . 2013-06-11 21:03 -------- d-----w- c:\programdata\Malwarebytes

2013-06-11 09:57 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9308D40D-AE62-4244-9118-77C1527743D8}\mpengine.dll

2013-06-10 13:21 . 2013-06-10 13:21 -------- d-----w- c:\program files (x86)\ESET

2013-05-20 12:26 . 2013-05-20 12:26 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-05-20 12:26 . 2013-05-20 12:26 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-05-17 15:01 . 2013-05-17 15:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2013-05-15 13:06 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 13:06 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 13:06 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 13:05 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 13:05 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 13:05 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 13:05 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 13:05 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 13:05 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 13:05 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 13:05 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 13:04 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 13:06 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 13:06 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 13:06 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 13:06 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 13:06 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 13:06 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 21:24 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-19 06:04 . 2013-04-11 11:58 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 11:58 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 11:58 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 11:58 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 11:58 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 11:58 112640 ----a-w- c:\windows\system32\smss.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe" [2013-01-20 729744]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"DelayedDesktopSwitchTimeout"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe;c:\windows\SYSNATIVE\SUPDSvc2.exe [x]

R3 SBIOSIO;SBIOSIO;c:\users\tim\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys;c:\users\tim\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [x]

R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys;c:\windows\SYSNATIVE\DRIVERS\silabenm.sys [x]

R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys;c:\windows\SYSNATIVE\DRIVERS\silabser.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys;c:\windows\SYSNATIVE\DRIVERS\swvnic.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]

S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]

S1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys;c:\windows\SYSNATIVE\DRIVERS\klfltdev.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]

S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 klnagent;Kaspersky Lab Network Agent;c:\program files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe ;c:\program files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe [x]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]

S2 SWUpdateService;SW Update Service;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe;c:\program files (x86)\Samsung\SW Update\SWMAgent.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]

S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]

S3 dlcdcecm;dlcdcecm;c:\windows\system32\DRIVERS\dlcdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\dlcdcecm.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]

S3 dlusbaudio;dlusbaudio;c:\windows\system32\DRIVERS\dlusbaudio_x64.sys;c:\windows\SYSNATIVE\DRIVERS\dlusbaudio_x64.sys [x]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]

S3 ibtfltcoex;ibtfltcoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]

.

2013-06-12 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 04:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-08-07 13191312]

"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [bU]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-12-20 11406608]

"IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-07 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-07 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-07 439064]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://samsung.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.16.101

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

c:\program files (x86)\Samsung\Easy Settings\SmartSetting.exe

c:\program files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Samsung\Easy Settings\dmhkcore.exe

c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

c:\program files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

.

**************************************************************************

.

Completion time: 2013-06-13 15:23:32 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-13 19:23

ComboFix2.txt 2013-06-12 11:51

ComboFix3.txt 2013-06-10 13:07

ComboFix4.txt 2013-06-10 12:50

.

Pre-Run: 656,063,827,968 bytes free

Post-Run: 655,818,498,048 bytes free

.

- - End Of File - - E0ADAA4D0338FBD38831970033E6EC9A

D41D8CD98F00B204E9800998ECF8427E

Link to post
Share on other sites

Looks a whole lot better. Please run the following scans to verify we haven't missed anything:

----------Step 1----------------

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

----------Step 2----------------

We need to create a New FULL OTL Report

  • Please download OTL from here if you have not done so already:

    [*]Save it to your desktop.

    [*]Double click on the OTL icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Change the "Extra Registry" option to "SafeList"

    [*]Push the Run Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

----------Step 3 (note: this scan may take a little time)----------------

I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    [*]Check esetAcceptTerms.png

    [*]Click the esetStart.png button.

    [*]Accept any security warnings from your browser.

    [*]Check esetScanArchives.png

    [*]Push the Start button.

    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

    [*]When the scan completes, push esetListThreats.png

    [*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    [*]Push the esetBack.png button.

    [*]Push esetFinish.png

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

----------Step 4----------------

Please post the AdwCleaner logfile, the OTL.txt and Extras.txt, and the ESET online scan log in your next reply.

Let me know how things go.

Link to post
Share on other sites

I will try to get started on these scans tomorrow. Just out of curiosity what do you see that prompts the new scans? I am still having trouble deciphering these logs and my boss is starting to wonder about me running all these scans. It would help if I could point out some possible problems in the logs to justify taking the computer out of service for more scans. If you don't want to respond with info like that on the forums I understand. You can shoot me an e-mail if you want. rcrace@chartertn.net Hopefully one of these days I will be able to read a log and understand what it will take to clean the computer up.

Thanks again for your time.

Link to post
Share on other sites

Just out of curiosity what do you see that prompts the new scans?

I know the signs to look for based on experience, and I know what programs give me the types of information I need to determine whether the machine is clean or not.

I can't really go into great detail as the tools I'm having you run (OTL, ComboFix, etc.) are all developed by people within the anti-malware community, and by their requests, all information regarding these tools and their logs remains private. (you'll learn how to interpret these logs in SWI Boot Camp).

Basically... at this point, things look in decent shape. I'm requesting that you run those other programs because it will help me mop up anything junk that may be remaining (usually stuff like adware, potentially unwanted software, etc.) that wasn't part of the BIG threat, but still is likely causing some performance issues and/or unwanted behavior. I usually like to tackle the nastiest stuff first, then sweep up the rest of the junkware.

I hope that helps. :)

**I'd also encourage you to remove your email from your post above as it's a public forum and it'll likely get harvested by spambots. You can PM me your email instead as that's safer.

Link to post
Share on other sites

Ok, I ran the AdwareCleaner but got an error. "H:\AdwareCleaner[R3].txt the specified path does not exist, Check the path and then try again." H:\ is a network drive that the laptop does have access to but I could find no way to tell it to put the scan on the C:\ drive or on the desktop.

I don't know when I will be able to get the laptop long enough to run the eSet Online scan. I'm hoping it being Friday the user will leave early today and leave the laptop in his office. I'll will have to check and see.

Here are the OTL scans:

OTL logfile created on: 6/14/2013 8:46:01 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.79 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 69.91% Memory free

15.57 Gb Paging File | 12.94 Gb Available in Paging File | 83.11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 675.18 Gb Total Space | 607.87 Gb Free Space | 90.03% Space Free | Partition Type: NTFS

Drive E: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.59% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/14 08:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/01/22 21:28:04 | 000,556,648 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\vapm.exe

PRC - [2013/01/22 21:26:12 | 000,127,632 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe

PRC - [2013/01/20 01:22:14 | 000,729,744 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe

PRC - [2012/12/27 18:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe

PRC - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/04/26 00:59:01 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10u_ActiveX.exe

PRC - [2012/02/16 23:13:14 | 001,112,656 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe

PRC - [2012/02/16 23:04:02 | 002,277,256 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe

PRC - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe

PRC - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/01/31 03:00:00 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe

PRC - [2012/01/31 02:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe

PRC - [2012/01/04 14:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2011/12/19 22:16:50 | 001,104,208 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

PRC - [2011/12/19 22:16:48 | 001,304,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

PRC - [2011/12/19 22:16:44 | 001,014,096 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

PRC - [2011/12/19 22:16:42 | 000,936,272 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe

PRC - [2011/08/17 03:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2010/09/19 23:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

PRC - [2009/11/02 01:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/20 01:21:06 | 000,106,920 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\BundlesController.ppl

MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/16 12:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll

MOD - [2009/11/02 01:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 01:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2006/08/11 23:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll

========== Services (SafeList) ==========

SRV:64bit: - [2012/02/02 09:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV:64bit: - [2011/12/13 23:42:31 | 008,448,944 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)

SRV:64bit: - [2011/12/07 21:44:04 | 000,594,704 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService)

SRV:64bit: - [2011/12/07 21:43:56 | 000,273,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/12/07 21:43:48 | 000,618,256 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/12/07 21:43:44 | 000,148,752 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2011/12/04 20:30:50 | 000,659,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)

SRV:64bit: - [2011/12/04 19:55:36 | 000,135,952 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)

SRV:64bit: - [2011/09/23 02:20:42 | 000,079,664 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe -- (ExpressCache)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/01/22 21:26:12 | 000,127,632 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe -- (klnagent)

SRV - [2013/01/20 01:22:14 | 000,729,744 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe -- (avp)

SRV - [2012/12/27 18:02:36 | 002,879,176 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)

SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/05/07 09:34:50 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/02/13 02:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)

SRV - [2012/02/07 22:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/02/07 22:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/02/07 22:03:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®

SRV - [2012/02/07 22:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2011/12/19 22:16:50 | 001,104,208 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)

SRV - [2011/12/19 22:16:48 | 001,304,912 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)

SRV - [2011/12/19 22:16:44 | 001,014,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/11 17:37:14 | 000,644,368 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2012/11/23 15:18:54 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2012/11/22 13:48:12 | 000,054,104 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2012/11/16 18:46:58 | 000,178,008 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/09/13 13:05:32 | 000,032,088 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/21 13:59:32 | 000,017,408 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_6.1.32700.0.sys -- (DisplayLinkUsbPort)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/08/15 11:32:22 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)

DRV:64bit: - [2012/08/15 11:32:22 | 000,023,040 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)

DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2012/06/26 21:38:30 | 000,023,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2012/06/19 18:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)

DRV:64bit: - [2012/05/28 07:09:04 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)

DRV:64bit: - [2012/05/09 05:18:34 | 000,280,912 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2012/03/26 19:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/01/04 14:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/01/04 14:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/01/04 14:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2011/12/20 04:38:38 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2011/12/20 04:38:36 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/12/20 04:38:36 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/12/14 17:26:56 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex)

DRV:64bit: - [2011/12/13 23:43:58 | 000,308,560 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)

DRV:64bit: - [2011/12/13 23:43:58 | 000,185,464 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlusbaudio_x64.sys -- (dlusbaudio)

DRV:64bit: - [2011/12/13 23:43:58 | 000,038,400 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlcdcecm.sys -- (dlcdcecm)

DRV:64bit: - [2011/12/13 23:43:58 | 000,015,184 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)

DRV:64bit: - [2011/12/13 14:26:20 | 000,747,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)

DRV:64bit: - [2011/12/13 14:26:18 | 000,094,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)

DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)

DRV:64bit: - [2011/12/04 20:22:58 | 000,195,584 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)

DRV:64bit: - [2011/12/01 09:51:00 | 011,417,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2011/11/29 06:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/11/23 10:02:20 | 000,648,808 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/11/10 05:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011/09/23 02:20:50 | 000,080,688 | ---- | M] (Diskeeper Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\excsd.sys -- (excsd)

DRV:64bit: - [2011/09/23 02:20:50 | 000,023,344 | ---- | M] (Diskeeper Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\excfs.sys -- (excfs)

DRV:64bit: - [2011/09/22 01:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)

DRV:64bit: - [2011/08/17 03:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)

DRV:64bit: - [2009/07/13 19:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2013/06/13 15:19:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Endpoint Security 10 for Windows\avp.exe (Kaspersky Lab ZAO)

O4 - HKU\S-1-5-21-1546131121-51091919-2731318633-1007..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1546131121-51091919-2731318633-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1546131121-51091919-2731318633-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1546131121-51091919-2731318633-1007\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1546131121-51091919-2731318633-1007\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1917788917-318576682-1226110581-1190\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab (GpcContainer Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xxxxx.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DB2BF02-3910-4BF4-B9B8-E566BF31D6F6}: DhcpNameServer = 192.168.16.101

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB9E29BB-F069-445B-B646-7A2F02928075}: DhcpNameServer = 192.168.16.101

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/14 08:45:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013/06/14 07:51:23 | 000,000,000 | ---D | C] -- C:\a14abf0cb8b1dc1a22a3

[2013/06/13 15:46:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/13 08:11:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/06/13 08:11:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/06/13 08:11:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/06/13 08:11:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/06/13 08:11:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/06/13 08:11:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/06/13 08:11:34 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/06/13 08:11:34 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/06/13 08:11:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/06/13 08:11:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/06/13 08:11:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/06/13 08:11:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/06/13 08:11:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/06/13 08:11:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/06/13 08:11:29 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/06/13 08:07:10 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll

[2013/06/13 08:07:10 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll

[2013/06/13 08:06:50 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptdlg.dll

[2013/06/13 08:06:50 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptdlg.dll

[2013/06/13 08:05:31 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certenc.dll

[2013/06/13 08:05:31 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certenc.dll

[2013/06/13 08:05:27 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll

[2013/06/13 08:05:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll

[2013/06/13 08:05:25 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\certutil.exe

[2013/06/13 08:05:22 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\certutil.exe

[2013/06/11 17:03:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

[2013/06/11 17:03:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/06/11 16:59:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\MalwarebytesRootKit

[2013/06/10 09:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/06/10 09:07:54 | 000,000,000 | ---D | C] -- C:\windows\temp

[2013/06/10 08:32:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2013/06/10 08:32:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2013/06/10 08:32:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2013/06/10 08:31:41 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/06/10 08:31:11 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2013/05/16 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Aeroprobe

[2013/05/15 09:06:30 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 09:06:30 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdd.dll

[2013/05/15 09:05:24 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe

[2013/05/15 09:05:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\shdocvw.dll

[2013/05/15 09:05:20 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll

[2013/05/15 09:05:20 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll

[2013/05/15 09:05:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wwanprotdim.dll

========== Files - Modified Within 30 Days ==========

[2013/06/14 08:41:40 | 000,782,986 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2013/06/14 08:41:40 | 000,663,260 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2013/06/14 08:41:40 | 000,122,096 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2013/06/14 08:03:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe

[2013/06/14 07:56:38 | 000,031,808 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/14 07:56:38 | 000,031,808 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/14 07:49:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2013/06/14 07:49:18 | 4065,890,303 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/13 17:07:52 | 000,010,341 | ---- | M] () -- C:\windows\M2MWin.ini

[2013/06/13 16:06:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

[2013/06/13 15:19:20 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2013/06/13 08:11:04 | 000,777,202 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2013/05/16 23:09:56 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2013/05/16 23:01:13 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2013/05/16 23:00:22 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll

[2013/05/16 22:56:09 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe

[2013/05/16 22:56:00 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll

[2013/05/16 22:55:59 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2013/05/16 22:54:09 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2013/05/16 22:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2013/05/16 22:46:31 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2013/05/16 18:27:30 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2013/05/16 18:26:07 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll

[2013/05/16 18:21:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe

[2013/05/16 18:21:34 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2013/05/16 18:17:21 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2013/05/16 18:12:55 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2013/05/15 09:09:33 | 000,479,168 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/06/10 08:32:20 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2013/06/10 08:32:20 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2013/06/10 08:32:20 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2013/06/10 08:32:20 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2013/06/10 08:32:20 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2013/03/29 14:01:43 | 000,010,341 | ---- | C] () -- C:\windows\M2MWin.ini

[2012/10/15 08:24:03 | 000,149,880 | ---- | C] () -- C:\windows\wiainst64.exe

[2012/08/31 16:17:40 | 000,000,017 | ---- | C] () -- C:\Users\user\AppData\Local\resmon.resmoncfg

[2012/08/13 15:05:19 | 000,073,382 | ---- | C] () -- C:\Users\user\results.htm

[2012/08/08 15:55:56 | 000,002,524 | RHS- | C] () -- C:\Users\user\ntuser.pol

[2012/08/08 13:28:29 | 000,777,202 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012/08/08 13:14:43 | 000,005,722 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/08/08 11:58:55 | 000,000,777 | ---- | C] () -- C:\windows\ODBCINST.INI

[2012/08/08 11:58:55 | 000,000,288 | ---- | C] () -- C:\windows\ODBC.INI

[2012/04/26 02:21:10 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe

[2012/04/26 00:41:54 | 000,013,738 | ---- | C] () -- C:\windows\HotFixList.ini

[2012/03/26 19:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin

[2012/03/26 19:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin

[2012/03/26 19:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012/03/26 17:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll

[2012/02/02 09:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

[2011/12/02 12:12:10 | 000,260,688 | ---- | C] () -- C:\windows\SUPDRun.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 09:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 09:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 09:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 6/14/2013 8:46:01 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.79 Gb Total Physical Memory | 5.44 Gb Available Physical Memory | 69.91% Memory free

15.57 Gb Paging File | 12.94 Gb Available in Paging File | 83.11% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 675.18 Gb Total Space | 607.87 Gb Free Space | 90.03% Space Free | Partition Type: NTFS

Drive E: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.59% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: user | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 522

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]

"ComPlusNetworkAccess-DCOM-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@comres.dll,-3401|Desc=@comres.dll,-3402|EmbedCtxt=@comres.dll,-3400|

"ComPlusRemoteAdministration-DCOM-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\dllhost.exe|Svc=COMSysApp|Name=@comres.dll,-3406|Desc=@comres.dll,-3407|EmbedCtxt=@comres.dll,-3405|

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 522

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]

"ComPlusNetworkAccess-DCOM-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=135|App=%systemroot%\system32\svchost.exe|Svc=rpcss|Name=@comres.dll,-3401|Desc=@comres.dll,-3402|EmbedCtxt=@comres.dll,-3400|

"ComPlusRemoteAdministration-DCOM-In" = v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\dllhost.exe|Svc=COMSysApp|Name=@comres.dll,-3406|Desc=@comres.dll,-3407|EmbedCtxt=@comres.dll,-3405|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{5E24A855-BA6E-4539-B73C-9B36E3E58C7E}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |

"{6B400178-30FB-4ABF-8BA1-80501538B216}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |

"{7CBFCDDF-81CE-4887-8817-A59B5F3FF576}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

"{B6FFCA6C-CB7F-41ED-9A55-BC9113746912}" = lport=15000 | protocol=17 | dir=in | name=kaspersky administration kit |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030DF169-BB45-4E0D-9E76-DFE138128877}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{08894D37-DAE8-4265-934F-8017C9E822F0}" = protocol=17 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{09BD2826-DF67-4995-93B0-DA6332F4A724}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{09BF9345-BCD7-4D97-A3DB-AE7F1EFBD591}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{1406B962-9D87-4E4F-AD61-D6C43D552A7F}" = protocol=6 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{1F99AE11-FBF9-49FE-B9EE-B27495CEAE3C}" = protocol=6 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synchcon.exe |

"{275D409B-1F51-48D9-BEA9-D83F2F23235E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{28BBDF7F-B8D3-4B67-BD6C-8701FD3F061E}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |

"{29875B59-EE0D-4ECD-9531-2CEC4F7195DC}" = protocol=6 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synchcon.exe |

"{2B2EC3DD-95EB-4EB7-B4B1-B949B4611CB1}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{2FE6F65B-3AE4-401D-9A7F-1CACCA39F26E}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |

"{36C07E7E-27C2-43D7-AA55-3E1E96D91A6C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |

"{377A7CF9-6146-46C0-A39A-6E068320A305}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |

"{38E8F186-C769-465A-B1CB-927F72000013}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\7zs1c4.tmp\symnrt.exe |

"{3ECE5CE5-81EC-4893-BB27-2D6DB81D2159}" = protocol=17 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synch.exe |

"{4EDA6DA5-EB19-4162-BCA6-7DC7FA8A62FA}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |

"{51C32813-0009-4EF1-BC6C-AB239C45B841}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |

"{55BBC1A8-ACD6-4A2A-93CA-284B8FB30D4F}" = protocol=17 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synchcon.exe |

"{5C633422-2815-4713-BB2B-204BB695AD23}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{5CDA788A-945F-442D-92D2-D56415BC703F}" = protocol=6 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synch.exe |

"{60740D44-5D29-4952-8191-F870AEECCB94}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{64C26C84-ECDF-4404-B79A-0C52FD441CBC}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |

"{68FBB427-E118-4961-BD39-0B7A4F9E8166}" = protocol=17 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synchcon.exe |

"{6C03783B-6402-46C3-9ABC-4A4ED5AB44F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{6EE4C997-A43B-44E8-A610-46F988B0EB74}" = protocol=6 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synch.exe |

"{72ECD263-2412-45EE-A0AA-69ADF8667DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |

"{82B44B3C-92DD-4F24-9959-1720947A5671}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B5A76727-54A4-400B-8BFC-951A242AC9D8}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\7zs1c4.tmp\symnrt.exe |

"{B5F52022-F608-48E7-81E7-1731E29E6BA9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |

"{C5883280-A667-461D-8BA2-220C507CA857}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{CD402DDC-9377-41FF-B83C-87E5EDDDAF9E}" = protocol=6 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{E09536AD-391E-42DB-83BB-11BE340D16DB}" = protocol=17 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{E1199BF8-36A9-4068-BFAB-B70A966313F6}" = protocol=17 | dir=in | app=c:\program files (x86)\m2m planning and scheduling client\synch.exe |

"{E8F43064-4879-42EC-AE3A-B65FB33F7A5B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{F3283326-4107-43C4-979D-492FEE22EA95}" = protocol=6 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{F59F6DC2-2C07-4B15-85BB-382D31D5BA30}" = protocol=17 | dir=in | app=c:\program files (x86)\kaspersky lab\networkagent\klnagwds.exe |

"{FA757F0D-4ECF-4D01-A0B8-220BF86CA9B5}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{04CF7FBD-E56C-446D-8FC9-DD444BDBEE8E}" = Kaspersky Endpoint Security 10 for Windows

"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center

"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client

"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio

"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio

"{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes

"{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}" = Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}" = Windows Small Business Server 2011 Standard ClientAgent

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{751EE164-9F12-4E57-ADB0-02D8F34A10AD}" = Microsoft SQL Server Native Client

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{860203FC-987D-4429-8A08-8332B21AD90E}" = S Agent

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BC0EEA2E-6557-4CBD-ACD9-4F59952761F9}" = TOSHIBA USB Display Drivers

"{CF8E264F-487C-4B67-A62D-124FCFD863EB}" = DisplayLink Core Software

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{DF7756DD-656A-45C3-BA71-74673E8259A9}" = Intel® PROSet/Wireless WiFi Software

"{F0932859-AA60-459E-B843-0BDECA34E2C7}" = Intel® PROSet/Wireless Software for Bluetooth® Technology

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F9EB0DDE-931C-4E89-96B2-DE8286EDFA6C}" = ExpressCache

"Elantech" = ETDWare PS/2-X64 10.7.16.1_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{119B7882-19D7-4BE7-A417-29BB479D3ABE}" = Multimedia POP

"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share

"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite

"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver

"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver

"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10

"{389F8A7A-8611-42E8-8169-20D2BAF0C595}" = Microsoft Office Live Meeting 2007

"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{48DB5914-8772-472D-B8DF-E2092BE598F6}" = Adobe Flash Player 10 ActiveX

"{51B1381C-9578-4DF6-9686-CE3A9DAC51FE}" = Made2Manage SQL Shop Floor Manager Client 1.33.109 GA

"{59682093-5797-4AD5-9B57-2A528DF5821A}" = ViewMate 11.4

"{64C4C1C8-D926-473C-A26B-E358C303508D}" = Made2Manage Client 601.402.402 SP3

"{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{655CD399-7DCD-4CBF-8D9C-3EFE2E9B22DD}" = Made2Manage Client 601.371.371 GA

"{70DCC1E1-508E-484B-A374-72C2E671EBEA}" = Made2Manage Planning and Scheduling Client 601.431.431 SP3

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7654C4E3-86E8-4CD4-B1CE-8DBEA82C36E2}" = LibreOffice 3.6

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{823FECEA-0C71-4DC7-BF4D-9EA361AD31DA}" = Made2Manage Classic Client 700.754.754 SP1

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIOR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIOR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIOR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIOR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.VISIOR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010

"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIOR_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.VISIOR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.VISIOR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010

"{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)

"{93F34C5C-ACAA-48F3-9B26-70359A117F12}" = Intel® WiDi

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent

"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)

"{AC76BA86-7AD7-2447-0000-A00000000003}" = Chinese Simplified Fonts Support For Adobe Reader X

"{AC76BA86-7AD7-5760-0000-A00000000003}" = Japanese Fonts Support For Adobe Reader X

"{BAA3C51A-9FF2-49B0-9821-76B0EF3C928D}" = LibreOffice 3.6 Help Pack (English)

"{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support

"{D52FC4BE-204A-49BC-84D6-443B6C7AA2D5}" = User Guide

"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English

"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration

"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5B5BA56-8FEB-494B-84E6-C8DA9C2BEE50}" = SW Update

"{F7A8377A-3062-43B8-94F4-4E30EA43A9E9}" = Windows Small Business Server 2011 Standard WMI Provider

"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime

"ActiveTouchMeetingClient" = Cisco WebEx Meetings

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"EXTECH INSTRUMENT" = EXTECH INSTRUMENT 3.08.01

"FileZilla Client" = FileZilla Client 3.6.0

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite

"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallWIX_{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}" = Kaspersky Security Center Network Agent

"Office14.VISIOR" = Microsoft Visio Professional 2010

"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/24/2013 4:19:48 PM | Computer Name = LAPTOP.xxxxx.local | Source = Application Hang | ID = 1002

Description = The program M2MSFM.EXE version 1.33.109.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1f68 Start

Time: 01ce410ae2be99b0 Termination Time: 15 Application Path: C:\Program Files (x86)\Made2Manage\SQL

Shop Floor Manager Client\M2MSFM.EXE Report Id:

Error - 4/24/2013 5:19:53 PM | Computer Name = LAPTOP.xxxxx.local | Source = Application Hang | ID = 1002

Description = The program m2m.exe version 601.402.402.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: d54 Start

Time: 01ce41315cbe2a0d Termination Time: 21248 Application Path: C:\Program Files

(x86)\Made2Manage\m2m.exe Report Id: a3cf7664-ad24-11e2-b5a0-e8039ab46efc

Error - 4/25/2013 8:01:39 AM | Computer Name = LAPTOP.xxxxx.local | Source = Microsoft-Windows-WMI | ID = 10

Description = Event filter with query "SELECT * FROM __InstanceModificationEvent

WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage

> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Error - 4/25/2013 8:04:07 AM | Computer Name = LAPTOP.xxxxx.local | Source = Application Error | ID = 1000

Description = Faulting application name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Faulting module name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Exception code: 0xc0000417 Fault offset: 0x000000000001ea44 Faulting

process id: 0x1a74 Faulting application start time: 0x01ce41acfba1625d Faulting application

path: C:\windows\system32\igfxext.exe Faulting module path: C:\windows\system32\igfxext.exe

Report

Id: 3aecb1ed-ada0-11e2-b06d-0050b6560795

Error - 4/25/2013 8:04:07 AM | Computer Name = LAPTOP.xxxx.local | Source = Application Error | ID = 1000

Description = Faulting application name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Faulting module name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Exception code: 0xc0000417 Fault offset: 0x000000000001ea44 Faulting

process id: 0x1ad0 Faulting application start time: 0x01ce41acfbc4efca Faulting application

path: C:\windows\system32\igfxext.exe Faulting module path: C:\windows\system32\igfxext.exe

Report

Id: 3aecd8fd-ada0-11e2-b06d-0050b6560795

Error - 4/26/2013 7:53:18 AM | Computer Name = LAPTOP.xxxxx.local | Source = Microsoft-Windows-WMI | ID = 10

Description = Event filter with query "SELECT * FROM __InstanceModificationEvent

WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage

> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

Error - 4/26/2013 7:54:36 AM | Computer Name = LAPTOP.xxxxx.local | Source = Application Error | ID = 1000

Description = Faulting application name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Faulting module name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Exception code: 0xc0000417 Fault offset: 0x000000000001ea44 Faulting

process id: 0xd14 Faulting application start time: 0x01ce4274d187a23e Faulting application

path: C:\windows\system32\igfxext.exe Faulting module path: C:\windows\system32\igfxext.exe

Report

Id: 10b478b8-ae68-11e2-8ee2-c485081fe8b0

Error - 4/26/2013 7:54:36 AM | Computer Name = LAPTOP.xxxxx.local | Source = Application Error | ID = 1000

Description = Faulting application name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Faulting module name: igfxext.exe, version: 8.15.10.2712, time

stamp: 0x4f710c3a Exception code: 0xc0000417 Fault offset: 0x000000000001ea44 Faulting

process id: 0xd08 Faulting application start time: 0x01ce4274d0c78ed0 Faulting application

path: C:\windows\system32\igfxext.exe Faulting module path: C:\windows\system32\igfxext.exe

Report

Id: 10b451a8-ae68-11e2-8ee2-c485081fe8b0

Error - 4/26/2013 3:02:40 PM | Computer Name = LAPTOP.xxxxx.local | Source = Application Hang | ID = 1002

Description = The program m2m.exe version 700.754.754.0 stopped interacting with

Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 10c0 Start

Time: 01ce429ed8fa5ee0 Termination Time: 16 Application Path: C:\Program Files (x86)\Consona\Made2Manage

Client\m2m.exe Report Id:

Error - 4/26/2013 5:22:29 PM | Computer Name = LAPTOP.xxxxx.local | Source = Microsoft-Windows-WMI | ID = 10

Description = Event filter with query "SELECT * FROM __InstanceModificationEvent

WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage

> 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003.

Events cannot be delivered through this filter until the problem is corrected.

[ Kaspersky Event Log Events ]

Error - 6/13/2013 3:33:25 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 3:46:34 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 4:02:28 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 4:19:05 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 4:29:08 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 4:45:22 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/13/2013 5:01:09 PM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/14/2013 7:50:18 AM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/14/2013 8:06:02 AM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

Error - 6/14/2013 8:21:46 AM | Computer Name = LAPTOP.xxxxx.local | Source = klnagent | ID = 1

Description = Error: call getsockname returns address 127.0.0.1 for the remote connection.

This computer will be unavailable from the Admimnistration Server side.

[ Media Center Events ]

Error - 5/17/2013 9:01:06 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 9:00:59 AM - Failed to retrieve Broadband (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 10:01:10 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 10:01:09 AM - Failed to retrieve Directory (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 10:01:11 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 10:01:11 AM - Failed to retrieve NetTV (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 10:01:11 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 10:01:11 AM - Failed to retrieve MCESpotlight (Error: The request

failed with HTTP status 403: Forbidden.)

Error - 5/17/2013 10:01:12 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 10:01:11 AM - Failed to retrieve MCEClientUX (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 10:01:13 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 10:01:13 AM - Failed to retrieve Broadband (Error: Invalid security

token.)

Error - 5/17/2013 11:01:18 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 11:01:18 AM - Failed to retrieve Directory (Error: Invalid security

token.)

Error - 5/17/2013 11:01:42 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 11:01:42 AM - Failed to retrieve MCEClientUX (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 11:01:43 AM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 11:01:42 AM - Failed to retrieve Broadband (Error: The request failed

with HTTP status 403: Forbidden.)

Error - 5/17/2013 12:01:49 PM | Computer Name = LAPTOP.xxxxx.local | Source = MCUpdate | ID = 0

Description = 12:01:49 PM - Failed to retrieve MCEClientUX (Error: The request failed

with HTTP status 403: Forbidden.)

[ OSession Events ]

Error - 3/13/2013 9:38:32 AM | Computer Name = LAPTOP.xxxxx.local | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 1/21/2013 8:55:45 AM | Computer Name = LAPTOP.xxxxx.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain xxxxx due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 1/21/2013 8:56:07 AM | Computer Name = LAPTOP.xxxxx.local | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SWIPsec

Error - 1/21/2013 8:59:21 AM | Computer Name = LAPTOP.xxxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 8:59:23 AM | Computer Name = LAPTOP.xxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 10:08:23 AM | Computer Name = LAPTOP.xxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 10:08:25 AM | Computer Name = LAPTOP.xxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 10:08:45 AM | Computer Name = LAPTOP.xxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 10:08:47 AM | Computer Name = LAPTOP.xxxxx.local | Source = iaStor | ID = 262153

Description = The device, \Device\Ide\iaStor0, did not respond within the timeout

period.

Error - 1/21/2013 5:50:09 PM | Computer Name = LAPTOP.xxxxx.local | Source = NETLOGON | ID = 5719

Description = This computer was not able to set up a secure session with a domain

controller

in domain xxxxx due to the following: %%1311 This may lead to authentication problems.

Make sure that this computer is connected to the network. If the problem persists,

please

contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller

for the specified domain, it sets up the secure session to the primary domain controller

emulator in the specified domain. Otherwise, this computer sets up the secure session

to any domain controller in the specified domain.

Error - 1/21/2013 5:50:16 PM | Computer Name = LAPTOP.xxxxx.local | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

SWIPsec

< End of report >

Link to post
Share on other sites

Ok, I ran the AdwareCleaner but got an error. "H:\AdwareCleaner[R3].txt the specified path does not exist, Check the path and then try again." H:\ is a network drive that the laptop does have access to but I could find no way to tell it to put the scan on the C:\ drive or on the desktop.

It sounds to me like you may have saved it to a removable hard drive. Is that where you ran the program from?

Link to post
Share on other sites

How do you edit a post, I can't find an edit button?

It should be right next to the Quote and MultiQuote buttons in the bottom-right corner of each of your posts ;).

Try running AdwCleaner again. It should just open a logfile when you're done- try saving that manually then uploading it here.

Link to post
Share on other sites

Nope, all I have at the bottom of my posts is "Back to top & Report" on the left bottom and "MultiQuote & Quote" on the right bottom of my post. If you have the permissions to do so you have my permission to remove it from my post or remove the whole post if you wish.

When I get the error the error box only has an Ok button and when I click that it just goes back to AdwCleaner like it was when you first double click it. I checked the C:\ for the log file and it apparently doesn't create one since it was looking on the H:\ drive. I didn't think to look on the H:\ drive to see if it did in fact put one there even though it was throwing an error.

Link to post
Share on other sites

The users account should be an administrators account, some of the software we run can only be run in an administrators account which I think is insane but nothing I can do. I will check and see if running AdwCleaner as administrator works and let you know.

Link to post
Share on other sites

Ok, I tried running AdwCleaner again this time by right clicking and selecting "Run As Administrator", still same error. I am running from the C:\ drive the users desktop I can't figure out why it is looking at the H:\ drive. That is where the employees store their company files and folders each employee has his/her own folder on the H:\ drive. But it is just a mapped drive it is not setup as a default drive or anything like that. They can save files anywhere on their computer they want but the H;\ is backed up in case of a computer crash.

I did notice that when I start AdwCleaner it has one button that is "Uninstall" but the AdwCleaner I downloaded does not instal it is just an executable like Combofix.

Link to post
Share on other sites

Unfortunately the user with the laptop is out of the plant this week. Won't be back until Monday. With my luck will probably have something new when he gets back. So I guess we are on hold here for this week. On a good note, I have managed to get my boss to understand that this is simply not a "Run a couple of scans we are good to go" deal any more. We are going to have a discussion today or tomorrow about getting procedures in place for dealing with issues like this. That should hopefully make my job easier by letting them know that they are going to have to release their laptops to IT for cleanup following a suspected problem. At least it's a start.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.