Trojan/Rootkit infection, ISP shut down internet, logs provided.

[zma1013]

So it started with a warning from the ISP that the internet was temporarily shut down because of a Trojan detected.  At first I thought it may have been a fake message, but it turned out to be legit, and so I scanned the computer with Windows Defender and it found 2 files, they were located in Win32 folder named "Sirefef.AN" and "Sirefef.gen!D"   After this, I downloaded Malwarebytes Anti-Malware quick scan and full scan and it found a bunch of stuff including a rootkit.  MBAM and DDS logs are posted below in the order of when I scanned.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Sharon :: SHARON-PC [administrator]

11/19/2013 8:34:10 PM
mbam-log-2013-11-19 (20-34-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218653
Time elapsed: 4 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybbrmon.exe (PUP.Optional.MindSpark) -> 3576 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 99
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GOOGLEUPDATE.EXE (Rootkit.0Access) -> Quarantined and deleted successfully.
HKCR\CLSID\{0a4d512d-697e-4ad5-872d-5a9941af6ebb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyScrapNook_12bar Uninstall Firefox (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c260adf2-154f-4227-9c73-651e25f22cbb} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{049BCB76-CEF4-43C9-9F4D-4539C7DE9742} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SettingsPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SettingsPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A4D512D-697E-4AD5-872D-5A9941AF6EBB} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{33119133-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{13119113-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\EasyHomeDecorating_73.SkinLauncher.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\EasyHomeDecorating_73.SkinLauncher (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{03119103-0854-469d-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\Interface\{23119123-0854-469D-807A-171568457991} (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\EasyHomeDecorating_73.SkinLauncherSettings.1 (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\EasyHomeDecorating_73.SkinLauncherSettings (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{508c38b8-e848-49eb-9f84-ab81ddad2b58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{34afd9f3-f1b2-4e3d-9836-04c592956564} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{0fa48495-56eb-4eba-be5f-183846983a48} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{098E4E5F-7877-4EBE-9A51-49CDEFBED242} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.PseudoTransparentPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.PseudoTransparentPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{508C38B8-E848-49EB-9F84-AB81DDAD2B58} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{ba339ddb-918b-42f5-b582-88ab854c42ac} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{8a3b777d-5f5b-448d-b3cd-fdf00932306d} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{2addcc11-40ad-4244-afc6-90feeb3bb2e9} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{943D23D4-4C0C-4668-AE21-3483CCA4DCEF} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.RadioSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.Radio.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.Radio (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{bb2e53cf-c096-40b0-a485-03134f164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BB2E53CF-C096-40B0-A485-03134F164470} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{fe6f06fb-0fc0-4499-828f-ee48088f504f} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE6F06FB-0FC0-4499-828F-EE48088F504F} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6F06FB-0FC0-4499-828F-EE48088F504F} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Typelib\{FAE20193-DC28-4E42-8D12-DB0C2C898B11} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\Interface\{4C0961A5-3F88-4055-A100-106AFEC2CF9E} (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.DynamicBarButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.FeedManager.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLMenu.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.HTMLPanel.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.MultipleButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ScriptButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncher (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncher.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncherSettings (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.SkinLauncherSettings.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ThirdPartyInstaller.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ToolbarProtector (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.ToolbarProtector.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.UrlAlertButton.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\MyScrapNook_12.XMLSessionPlugin.1 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyScrapNook_12 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyScrapNook_12 (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MozillaPlugins\@MyScrapNook_12.com/Plugin (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{f45b09b0-01d1-4e04-ae42-8650196f04cc} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{71593183-19ab-4fb2-9477-0c396e232ce8} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{1606FE93-4CB7-4C6A-9947-7362FDB6C121} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{122e5f70-9c86-4e54-ac4c-d85d003b9935} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{dd51b24f-4ad0-43e2-83bb-ed9af4475a0d} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{0CEC5206-43FA-4BC8-91A7-DC5B121F7960} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{9d691733-7ee6-48e6-adae-2be39b132bd1} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{9664e31f-b2bc-4de2-87c7-43694e33ecc4} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{661A3047-196C-40BE-B957-98532655A787} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{4aee45aa-b3b1-4eff-ba81-3e3afa0fbfb9} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{c80ddfba-1646-4b6d-845f-85288c7b8201} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{c43dde8b-9428-4c43-9a64-fc66912fe6a4} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{DFF78A48-9941-4ABF-8E21-E1D66F6AF4B1} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5DB6F0A5-C6E8-41C6-B88A-94551911A53F} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{c401ebc5-c988-48d7-a721-42c59fb48d0d} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{e9934f5d-7a0f-4240-a709-11c91854ce21} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{4EECBA27-86E3-49FF-9084-986F22CFDE7B} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{0f2a56e1-2b3f-4a50-9f44-946532ab3279} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{ee718602-1282-4d49-ac4e-afab43840b99} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a7d84ee2-a611-4726-b353-3732a55c734c} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{3EA07715-76B5-4572-85D4-592263F48907} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EE718602-1282-4D49-AC4E-AFAB43840B99} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{69b8636b-4a89-4e55-bcf3-a45464ad2171} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{ccea288e-f1bf-4044-b3e9-e41b1656084c} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{a12635f7-09ea-479c-8fa0-65c98b053c3a} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{0C40607D-5922-4D40-9AAF-8AF96DF5C704} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCEA288E-F1BF-4044-B3E9-E41B1656084C} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{ffbe11e1-494b-4396-895e-9776dc069ab7} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\CLSID\{25d62e1a-bd8b-4e6e-b7cc-1e0ee04a4622} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\TypeLib\{4a9994e4-a107-4c07-abe2-832242bf8486} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKCR\Interface\{962DE9EA-6508-4D38-B5A1-EA8E431CF0A0} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25D62E1A-BD8B-4E6E-B7CC-1E0EE04A4622} (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Google Update (Rootkit.0Access) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WebfettiIE Browser Plugin Loader (PUP.Optional.MindSpark) -> Data: C:\PROGRA~2\WEBFET~2\bar\1.bin\ybbrmon.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Mozilla\Firefox\Extensions|12ffxtbr@MyScrapNook_12.com (PUP.Optional.MyScrapNook.A) -> Data: C:\Program Files (x86)\MyScrapNook_12\bar\1.bin -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 9
C:\Program Files (x86)\MyScrapNook_12 (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\chrome (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\ThirdPartyInstallers (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\gen1 (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\IE9Mesg (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\Message (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\Settings (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.

Files Detected: 61
C:\Users\Sharon\AppData\Local\Google\Desktop\Install\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\❤≸⋙\Ⱒ☠⍨\‮๛\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\GoogleUpdate.exe (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bar.dll (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73sknlcr.dll (PUP.Optional.FunWebProducts.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skin.dll (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12radio.dll (PUP.Optional.MyScrapNook.A) -> Quarantined and deleted successfully.
C:\Users\Sharon\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybbrmon.exe (PUP.Optional.MindSpark) -> Delete on reboot.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12auxstb.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12barsvc.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12bprtct.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brmon.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12brstub.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12datact.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dlghk.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12dyn.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12feedmg.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12highin.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12hkstub.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12htmlmu.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12httpct.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12idle.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12ieovr.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12impipe.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12medint.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12mlbtn.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12msg.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12Plugin.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regfft.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12reghk.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12regiet.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12script.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12sknlcr.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12skplay.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrcAs.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12SrchMn.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12tpinst.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\12uabtn.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\AppIntegrator64.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\AppIntegratorStub64.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\BOOTSTRAP.JS (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\CHROME.MANIFEST (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\CREXT.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\CrExtP12.exe (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\DPNMNGR.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\EXEMANAGER.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\Hpg64.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\INSTALL.RDF (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\installKeys.js (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\LOGO.BMP (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\NP12Stub.dll (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8EXTEX.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8EXTPEX.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8HTML.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8RES.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\T8TICKER.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\VERIFY.DLL (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\1.bin\chrome\12ffxtbr.jar (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\gen1\COMMON.T8S (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\IE9Mesg\COMMON.T8S (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\Message\COMMON.T8S (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.
C:\Program Files (x86)\MyScrapNook_12\bar\Settings\s_pid.dat (PUP.Optional.Mindspark) -> Quarantined and deleted successfully.

(end)

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Sharon :: SHARON-PC [administrator]

11/19/2013 8:43:04 PM
mbam-log-2013-11-19 (20-43-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405859
Time elapsed: 49 minute(s), 53 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Sharon\AppData\Local\Google\Desktop\Install\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\❤≸⋙\Ⱒ☠⍨\‮๛\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.17.2
Run by Sharon at 18:18:46 on 2013-11-21
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2102 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\system32\lxdncoms.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\WEBFET~2\bar\1.bin\ybbarsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\vds.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\dinotify.exe
C:\Users\Sharon\AppData\Local\ATT Connect\Participant\pull.exe
C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\PX Storage Engine\VxBlockServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Windows\System32\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\mpas-fe_bd.exe
c:\846a1a0cdd3d2709dbdbb7a189\MpSigStub.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

uURLSearchHooks: <No Name>: {d664042c-ca70-48b6-afc9-24a4212d5e43} - C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybSrcAs.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Assistant BHO: {a504d73b-32d5-4b53-9dfc-0891be7653f0} - C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybSrcAs.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Toolbar BHO: {d826715f-a629-4613-a641-5ca18e8b2f7a} - C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Webfetti: {94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC} - C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybbar.dll
TB: Webfetti: {94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - C:\Program Files (x86)\WebfettiIE\bar\1.bin\ybbar.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Push Client] C:\Users\Sharon\AppData\Local\ATT Connect\Participant\pull.exe
uRun: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe -s
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
mRun: [CPMonitor] "C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{01954E65-7364-4F73-B4B3-6BEBD9FCE621} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{25015EC4-9D6E-4B07-AC28-3B70590AF8BD} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [lxdnmon.exe] "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll



x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-4-10 55280]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.EXE [2013-7-23 193696]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-23 127352]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 lxdn_device;lxdn_device;C:\Windows\System32\lxdncoms.exe -service --> C:\Windows\System32\lxdncoms.exe -service [?]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-4-10 705856]
R2 WebfettiIEService;Webfetti Service;C:\PROGRA~2\WEBFET~2\bar\1.bin\ybbarsvc.exe [2010-12-15 28766]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-11 56344]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-4-11 321064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [2009-7-24 219632]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE [2013-7-23 240288]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 nosGetPlusHelper;getPlus® Installer;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 RoxMediaDB12;RoxMediaDB12;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [2009-7-24 1116656]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-16 1255736]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-11-21 23:18:46 -------- d-----w- C:\846a1a0cdd3d2709dbdbb7a189
2013-11-21 23:17:16 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34A7DF4C-D31A-4597-9CA2-3681294C6D07}\offreg.dll
2013-11-20 01:32:52 -------- d-----w- C:\Users\Sharon\AppData\Roaming\Malwarebytes
2013-11-20 01:32:46 -------- d-----w- C:\ProgramData\Malwarebytes
2013-11-20 01:32:45 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-11-20 01:32:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-20 01:32:29 -------- d-----w- C:\Users\Sharon\AppData\Local\Programs
2013-11-15 23:39:21 -------- d-----w- C:\Users\Sharon\AppData\Local\{A69C7BB7-D117-49E2-95E7-AFFFCA968188}
2013-11-15 22:37:26 10280728 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34A7DF4C-D31A-4597-9CA2-3681294C6D07}\mpengine.dll
2013-11-13 21:35:38 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-11-10 22:46:16 -------- d-----w- C:\Users\Sharon\AppData\Local\{33CB2D96-4068-4A3A-9030-D0B31723DBEE}
.
==================== Find3M  ====================
.
2013-10-12 08:45:20 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:03:50 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-09 01:36:19 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:36:19 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-10-03 02:23:48 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 02:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 18:20:00.06 ===============

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2010 5:40:27 PM
System Uptime: 11/21/2013 6:13:08 PM (0 hours ago)
.
Motherboard: Dell Inc. |  | 033FF6
Processor: Intel® Core i3 CPU         530  @ 2.93GHz | CPU 1 | 2933/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 917 GiB total, 832.641 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
Y: is FIXED (NTFS) - 15 GiB total, 10.06 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP295: 11/8/2013 8:37:53 PM - Windows Update
RP296: 11/13/2013 4:28:39 PM - Windows Update
RP297: 11/14/2013 3:00:34 AM - Windows Update
RP298: 11/16/2013 3:00:30 AM - Windows Update
RP299: 11/17/2013 3:00:35 AM - Windows Update
RP301: 11/19/2013 8:30:31 PM - Windows Defender Checkpoint
RP302: 11/21/2013 6:18:19 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.3
Adobe Shockwave Player 11.5
Amazon Kindle For PC v1.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Connect Participant Application v8.9.35
Bing Bar
Bing Rewards Client Installer
Bonjour
CinemaNow Media Manager
Compatibility Pack for the 2007 Office system
Consumer In-Home Service Agreement
Corel WordPerfect Office - iFilter 64 Bit
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Edoc Viewer
Dell Getting Started Guide
Dell Support Center (Support Software)
DirectX 9 Runtime
EasyHomeDecorating Firefox Toolbar
getPlus+® Download Manager for Corel
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Photo Creations
HP Update
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 17
Java Auto Updater
Java 6 Update 17 (64-bit)
Junk Mail filter update
Lexmark 2600 Series
Malwarebytes Anti-Malware version 1.75.0.1300
Medialink MWN-USB150N
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi PDF Converter
PowerDVD DX
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Burn
Roxio Burn Manager
Roxio Burn Manager CDB
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Creator 2009 Special Edition
Roxio Creator 2010 Content
Roxio Creator 2010 Special Edition
Roxio PhotoShow
Roxio Venue
Roxio Video Capture USB
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SmartSound Quicktracks Plugin
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VD64Inst
Webfetti
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WordPerfect Lightning
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X5
WordPerfect Office X5 - Common
Wordperfect Office X5 - EN
WordPerfect Office X5 - Filters
WordPerfect Office X5 - Graphics
WordPerfect Office X5 - IPM
WordPerfect Office X5 - LegalTools
WordPerfect Office X5 - Migration Manager
WordPerfect Office X5 - Oxford
WordPerfect Office X5 - PerfectExperts EN
WordPerfect Office X5 - PR
WordPerfect Office X5 - QP
WordPerfect Office X5 - Setup Files
WordPerfect Office X5 - Sharepoint
WordPerfect Office X5 - Skins
WordPerfect Office X5 - System EN
WordPerfect Office X5 - Templates
WordPerfect Office X5 - WP
WordPerfect Office X5 - WT
Yahoo! BrowserPlus 2.9.2
.
==== Event Viewer Messages From Past Week ========
.
11/21/2013 6:14:00 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 12 service to connect.
11/16/2013 3:08:39 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
.
==== End Of File ===========================

 

[Psychotic]

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

• Execute TDSSKiller.exe by doubleclicking on it.
• Press Start Scan
  
• If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  
• Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt
  

Please post the contents of that log in your next reply.

[zma1013]

Before you posted, I installed Microsoft Security Essentials and did a full scan and it found and removed some things.  It found and removed more Sirefef.AN and similarly named things.  I also ran the scan that you said and the log is below.

 

13:42:05.0467 0x09a0  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
13:42:10.0177 0x09a0  ============================================================
13:42:10.0177 0x09a0  Current date / time: 2013/11/22 13:42:10.0177
13:42:10.0177 0x09a0  SystemInfo:
13:42:10.0177 0x09a0 
13:42:10.0177 0x09a0  OS Version: 6.1.7601 ServicePack: 1.0
13:42:10.0177 0x09a0  Product type: Workstation
13:42:10.0177 0x09a0  ComputerName: SHARON-PC
13:42:10.0193 0x09a0  UserName: Sharon
13:42:10.0193 0x09a0  Windows directory: C:\Windows
13:42:10.0193 0x09a0  System windows directory: C:\Windows
13:42:10.0193 0x09a0  Running under WOW64
13:42:10.0193 0x09a0  Processor architecture: Intel x64
13:42:10.0193 0x09a0  Number of processors: 4
13:42:10.0193 0x09a0  Page size: 0x1000
13:42:10.0193 0x09a0  Boot type: Normal boot
13:42:10.0193 0x09a0  ============================================================
13:42:14.0508 0x09a0  KLMD registered as C:\Windows\system32\drivers\28709425.sys
13:42:14.0727 0x09a0  System UUID: {2D5EF639-57F0-147C-A02D-B245DACC2E27}
13:42:15.0242 0x09a0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:42:15.0273 0x09a0  ============================================================
13:42:15.0273 0x09a0  \Device\Harddisk0\DR0:
13:42:15.0273 0x09a0  MBR partitions:
13:42:15.0273 0x09a0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x95800, BlocksNum 0x1D4C000
13:42:15.0273 0x09a0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1DE1800, BlocksNum 0x72924DB0
13:42:15.0273 0x09a0  ============================================================
13:42:15.0288 0x09a0  C: <-> \Device\Harddisk0\DR0\Partition2
13:42:15.0288 0x09a0  ============================================================
13:42:15.0288 0x09a0  Initialize success
13:42:15.0288 0x09a0  ============================================================
13:42:23.0750 0x149c  ============================================================
13:42:23.0750 0x149c  Scan started
13:42:23.0750 0x149c  Mode: Manual;
13:42:23.0750 0x149c  ============================================================
13:42:23.0750 0x149c  KSN ping started
13:42:26.0709 0x149c  KSN ping finished: true
13:42:27.0255 0x149c  ================ Scan system memory ========================
13:42:27.0255 0x149c  System memory - ok
13:42:27.0255 0x149c  ================ Scan services =============================
13:42:27.0395 0x149c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:42:27.0411 0x149c  1394ohci - ok
13:42:27.0473 0x149c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:42:27.0473 0x149c  ACPI - ok
13:42:27.0505 0x149c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:42:27.0505 0x149c  AcpiPmi - ok
13:42:27.0614 0x149c  [ A283108E14F3970432C21AF4C0CB1BCE, 1D3219EF916D54232838870EDE557296AACB714B456ED0AAE0DE3CE3822F4643 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:42:27.0629 0x149c  AdobeFlashPlayerUpdateSvc - ok
13:42:27.0676 0x149c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:42:27.0692 0x149c  adp94xx - ok
13:42:27.0707 0x149c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:42:27.0723 0x149c  adpahci - ok
13:42:27.0723 0x149c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:42:27.0739 0x149c  adpu320 - ok
13:42:27.0754 0x149c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:42:27.0754 0x149c  AeLookupSvc - ok
13:42:27.0832 0x149c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
13:42:27.0848 0x149c  AFD - ok
13:42:27.0884 0x149c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:42:27.0884 0x149c  agp440 - ok
13:42:27.0900 0x149c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:42:27.0900 0x149c  ALG - ok
13:42:27.0931 0x149c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:42:27.0931 0x149c  aliide - ok
13:42:27.0978 0x149c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:42:27.0978 0x149c  amdide - ok
13:42:27.0993 0x149c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:42:28.0009 0x149c  AmdK8 - ok
13:42:28.0009 0x149c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:42:28.0024 0x149c  AmdPPM - ok
13:42:28.0040 0x149c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:42:28.0040 0x149c  amdsata - ok
13:42:28.0071 0x149c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:42:28.0087 0x149c  amdsbs - ok
13:42:28.0102 0x149c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:42:28.0102 0x149c  amdxata - ok
13:42:28.0134 0x149c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:42:28.0134 0x149c  AppID - ok
13:42:28.0165 0x149c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:42:28.0165 0x149c  AppIDSvc - ok
13:42:28.0196 0x149c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:42:28.0196 0x149c  Appinfo - ok
13:42:28.0290 0x149c  [ D503DF3ABA595F551B98B9BAE017A271, 5841084D6BFB5A96387309323411C711D4EF2C8F9334435418DAE3D5623EC324 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:42:28.0290 0x149c  Apple Mobile Device - ok
13:42:28.0305 0x149c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:42:28.0321 0x149c  arc - ok
13:42:28.0321 0x149c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:42:28.0336 0x149c  arcsas - ok
13:42:28.0352 0x149c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:42:28.0352 0x149c  AsyncMac - ok
13:42:28.0383 0x149c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:42:28.0383 0x149c  atapi - ok
13:42:28.0446 0x149c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:42:28.0461 0x149c  AudioEndpointBuilder - ok
13:42:28.0477 0x149c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:42:28.0492 0x149c  AudioSrv - ok
13:42:28.0524 0x149c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:42:28.0524 0x149c  AxInstSV - ok
13:42:28.0555 0x149c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:42:28.0555 0x149c  b06bdrv - ok
13:42:28.0586 0x149c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:42:28.0586 0x149c  b57nd60a - ok
13:42:28.0695 0x149c  [ 369C1928C9BBED65C9E347448BD376B0, FFADEEBD2A24EB2C362958FAE467F7B319D9AE1EE9B5724CDB6B70FBE31E6EE8 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe
13:42:28.0695 0x149c  BBSvc - ok
13:42:28.0726 0x149c  [ 54949AFAC5CE6FA2E4D7846D4362BAB3, 1C7025FF250023991BB719C5E03C9F9EB861E08F3B11DFB2AFDC83A81F6A39DD ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe
13:42:28.0726 0x149c  BBUpdate - ok
13:42:28.0742 0x149c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:42:28.0742 0x149c  BDESVC - ok
13:42:28.0758 0x149c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:42:28.0758 0x149c  Beep - ok
13:42:28.0836 0x149c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:42:28.0851 0x149c  BFE - ok
13:42:28.0929 0x149c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:42:28.0960 0x149c  BITS - ok
13:42:28.0976 0x149c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:42:28.0976 0x149c  blbdrive - ok
13:42:29.0038 0x149c  [ EBAD0F51D8D4DADE7660B1851ADDBD07, 50B4F56AD618B420F77DB8B7E01D3849CCE880660C095163391C335C94D09783 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
13:42:29.0070 0x149c  Bonjour Service - ok
13:42:29.0101 0x149c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:42:29.0101 0x149c  bowser - ok
13:42:29.0116 0x149c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:42:29.0116 0x149c  BrFiltLo - ok
13:42:29.0132 0x149c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:42:29.0132 0x149c  BrFiltUp - ok
13:42:29.0163 0x149c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:42:29.0179 0x149c  Browser - ok
13:42:29.0210 0x149c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:42:29.0226 0x149c  Brserid - ok
13:42:29.0241 0x149c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:42:29.0241 0x149c  BrSerWdm - ok
13:42:29.0257 0x149c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:42:29.0257 0x149c  BrUsbMdm - ok
13:42:29.0257 0x149c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:42:29.0272 0x149c  BrUsbSer - ok
13:42:29.0288 0x149c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:42:29.0288 0x149c  BTHMODEM - ok
13:42:29.0319 0x149c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:42:29.0319 0x149c  bthserv - ok
13:42:29.0335 0x149c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:42:29.0350 0x149c  cdfs - ok
13:42:29.0397 0x149c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
13:42:29.0397 0x149c  cdrom - ok
13:42:29.0444 0x149c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:42:29.0444 0x149c  CertPropSvc - ok
13:42:29.0491 0x149c  [ 127D4D0E9F78834FFD1EEEA3FCFB47C1, 1273165D69EFD70812A8FD274AAD768D406CA8CD35FB8240FD9F73DD82F1F064 ] CinemaNow Service C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
13:42:30.0167 0x149c  CinemaNow Service - ok
13:42:30.0182 0x149c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:42:30.0182 0x149c  circlass - ok
13:42:30.0213 0x149c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:42:30.0213 0x149c  CLFS - ok
13:42:30.0260 0x149c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:42:30.0260 0x149c  clr_optimization_v2.0.50727_32 - ok
13:42:30.0307 0x149c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:42:30.0307 0x149c  clr_optimization_v2.0.50727_64 - ok
13:42:30.0385 0x149c  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:42:30.0416 0x149c  clr_optimization_v4.0.30319_32 - ok
13:42:30.0463 0x149c  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:42:30.0463 0x149c  clr_optimization_v4.0.30319_64 - ok
13:42:30.0479 0x149c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:42:30.0479 0x149c  CmBatt - ok
13:42:30.0510 0x149c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:42:30.0510 0x149c  cmdide - ok
13:42:30.0572 0x149c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:42:30.0588 0x149c  CNG - ok
13:42:30.0603 0x149c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:42:30.0603 0x149c  Compbatt - ok
13:42:30.0650 0x149c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:42:30.0650 0x149c  CompositeBus - ok
13:42:30.0666 0x149c  COMSysApp - ok
13:42:30.0681 0x149c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:42:30.0681 0x149c  crcdisk - ok
13:42:30.0728 0x149c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:42:30.0728 0x149c  CryptSvc - ok
13:42:30.0791 0x149c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:42:30.0806 0x149c  DcomLaunch - ok
13:42:30.0837 0x149c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:42:30.0837 0x149c  defragsvc - ok
13:42:30.0884 0x149c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:42:30.0884 0x149c  DfsC - ok
13:42:30.0931 0x149c  [ B9430166FEB246F6070A62B3554932C9, 677DE435AA5C1FBFC0171384D4B7CED2EA6B0F8567540DB9DE454AC6D4A7C1D7 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:42:30.0931 0x149c  dg_ssudbus - ok
13:42:30.0993 0x149c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:42:31.0009 0x149c  Dhcp - ok
13:42:31.0025 0x149c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:42:31.0025 0x149c  discache - ok
13:42:31.0040 0x149c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:42:31.0040 0x149c  Disk - ok
13:42:31.0087 0x149c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:42:31.0087 0x149c  Dnscache - ok
13:42:31.0181 0x149c  [ 0840ABBBDF438691EE65A20040635CBE, F83597ECECFADBA45242B683A19A01ADF84203B016301B64530C7BE8234175E8 ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
13:42:31.0181 0x149c  DockLoginService - ok
13:42:31.0227 0x149c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:42:31.0243 0x149c  dot3svc - ok
13:42:31.0259 0x149c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:42:31.0274 0x149c  DPS - ok
13:42:31.0305 0x149c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:42:31.0305 0x149c  drmkaud - ok
13:42:31.0368 0x149c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:42:31.0383 0x149c  DXGKrnl - ok
13:42:31.0415 0x149c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:42:31.0415 0x149c  EapHost - ok
13:42:31.0508 0x149c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:42:31.0617 0x149c  ebdrv - ok
13:42:31.0649 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
13:42:31.0664 0x149c  EFS - ok
13:42:31.0727 0x149c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:42:31.0758 0x149c  ehRecvr - ok
13:42:31.0789 0x149c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:42:31.0789 0x149c  ehSched - ok
13:42:31.0843 0x149c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:42:31.0848 0x149c  elxstor - ok
13:42:31.0895 0x149c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:42:31.0895 0x149c  ErrDev - ok
13:42:31.0926 0x149c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:42:31.0942 0x149c  EventSystem - ok
13:42:31.0957 0x149c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:42:31.0957 0x149c  exfat - ok
13:42:31.0973 0x149c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:42:31.0989 0x149c  fastfat - ok
13:42:32.0020 0x149c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:42:32.0035 0x149c  Fax - ok
13:42:32.0035 0x149c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:42:32.0035 0x149c  fdc - ok
13:42:32.0067 0x149c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:42:32.0067 0x149c  fdPHost - ok
13:42:32.0067 0x149c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:42:32.0082 0x149c  FDResPub - ok
13:42:32.0082 0x149c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:42:32.0082 0x149c  FileInfo - ok
13:42:32.0098 0x149c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:42:32.0098 0x149c  Filetrace - ok
13:42:32.0113 0x149c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:42:32.0113 0x149c  flpydisk - ok
13:42:32.0129 0x149c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:42:32.0145 0x149c  FltMgr - ok
13:42:32.0223 0x149c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:42:32.0269 0x149c  FontCache - ok
13:42:32.0301 0x149c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:42:32.0316 0x149c  FontCache3.0.0.0 - ok
13:42:32.0332 0x149c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:42:32.0332 0x149c  FsDepends - ok
13:42:32.0363 0x149c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:42:32.0363 0x149c  Fs_Rec - ok
13:42:32.0410 0x149c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:42:32.0425 0x149c  fvevol - ok
13:42:32.0441 0x149c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:42:32.0441 0x149c  gagp30kx - ok
13:42:32.0457 0x149c  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:42:32.0457 0x149c  GEARAspiWDM - ok
13:42:32.0519 0x149c  [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:42:32.0519 0x149c  GoToAssist - ok
13:42:32.0597 0x149c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:42:32.0644 0x149c  gpsvc - ok
13:42:32.0722 0x149c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:42:32.0737 0x149c  gupdate - ok
13:42:32.0769 0x149c  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:42:32.0769 0x149c  gupdatem - ok
13:42:32.0831 0x149c  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:42:32.0831 0x149c  gusvc - ok
13:42:32.0862 0x149c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:42:32.0862 0x149c  hcw85cir - ok
13:42:32.0893 0x149c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:42:32.0909 0x149c  HdAudAddService - ok
13:42:32.0940 0x149c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
13:42:32.0956 0x149c  HDAudBus - ok
13:42:32.0987 0x149c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:42:32.0987 0x149c  HECIx64 - ok
13:42:33.0003 0x149c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:42:33.0003 0x149c  HidBatt - ok
13:42:33.0018 0x149c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:42:33.0018 0x149c  HidBth - ok
13:42:33.0034 0x149c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:42:33.0034 0x149c  HidIr - ok
13:42:33.0065 0x149c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:42:33.0065 0x149c  hidserv - ok
13:42:33.0112 0x149c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
13:42:33.0112 0x149c  HidUsb - ok
13:42:33.0159 0x149c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:42:33.0159 0x149c  hkmsvc - ok
13:42:33.0190 0x149c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:42:33.0205 0x149c  HomeGroupListener - ok
13:42:33.0237 0x149c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:42:33.0252 0x149c  HomeGroupProvider - ok
13:42:33.0268 0x149c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:42:33.0268 0x149c  HpSAMD - ok
13:42:33.0330 0x149c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:42:33.0361 0x149c  HTTP - ok
13:42:33.0393 0x149c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:42:33.0393 0x149c  hwpolicy - ok
13:42:33.0424 0x149c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:42:33.0439 0x149c  i8042prt - ok
13:42:33.0471 0x149c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:42:33.0486 0x149c  iaStorV - ok
13:42:33.0564 0x149c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:42:33.0627 0x149c  idsvc - ok
13:42:33.0990 0x149c  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:42:34.0334 0x149c  igfx - ok
13:42:34.0365 0x149c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:42:34.0380 0x149c  iirsp - ok
13:42:34.0443 0x149c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:42:34.0458 0x149c  IKEEXT - ok
13:42:34.0568 0x149c  [ EE64207F2F5C20BFE5F73DB2566C4601, 760874FA661EC86B25802BFC03E238EA2DCBB5AFD3444AC5101A0C3AD4D7BED9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:42:34.0614 0x149c  IntcAzAudAddService - ok
13:42:34.0646 0x149c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:42:34.0646 0x149c  intelide - ok
13:42:34.0661 0x149c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:42:34.0661 0x149c  intelppm - ok
13:42:34.0708 0x149c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:42:34.0724 0x149c  IPBusEnum - ok
13:42:34.0770 0x149c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:42:34.0770 0x149c  IpFilterDriver - ok
13:42:34.0817 0x149c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:42:34.0848 0x149c  iphlpsvc - ok
13:42:34.0880 0x149c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:42:34.0880 0x149c  IPMIDRV - ok
13:42:34.0895 0x149c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:42:34.0895 0x149c  IPNAT - ok
13:42:34.0958 0x149c  [ 83C32C907AE4936D62235E2B4EE2174A, 15BAC2006C2CA6A7285DAB537DAF4084B4FAAE6AC1172D8047B3879E52E7200C ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:42:34.0973 0x149c  iPod Service - ok
13:42:34.0989 0x149c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:42:34.0989 0x149c  IRENUM - ok
13:42:35.0020 0x149c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:42:35.0020 0x149c  isapnp - ok
13:42:35.0067 0x149c  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:42:35.0067 0x149c  iScsiPrt - ok
13:42:35.0098 0x149c  [ 9D7EA8C7215D8D4AE7BE110EEE61085D, C8AEC99985AEAD52FA4FA14DA98EE465594EA1392E2010D0B474CD467D766EE8 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
13:42:35.0114 0x149c  k57nd60a - ok
13:42:35.0129 0x149c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:42:35.0129 0x149c  kbdclass - ok
13:42:35.0160 0x149c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:42:35.0160 0x149c  kbdhid - ok
13:42:35.0176 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
13:42:35.0176 0x149c  KeyIso - ok
13:42:35.0223 0x149c  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:42:35.0223 0x149c  KSecDD - ok
13:42:35.0238 0x149c  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:42:35.0254 0x149c  KSecPkg - ok
13:42:35.0254 0x149c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:42:35.0254 0x149c  ksthunk - ok
13:42:35.0301 0x149c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:42:35.0316 0x149c  KtmRm - ok
13:42:35.0363 0x149c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:42:35.0363 0x149c  LanmanServer - ok
13:42:35.0394 0x149c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:42:35.0410 0x149c  LanmanWorkstation - ok
13:42:35.0441 0x149c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:42:35.0441 0x149c  lltdio - ok
13:42:35.0472 0x149c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:42:35.0488 0x149c  lltdsvc - ok
13:42:35.0504 0x149c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:42:35.0504 0x149c  lmhosts - ok
13:42:35.0519 0x149c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:42:35.0519 0x149c  LSI_FC - ok
13:42:35.0550 0x149c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:42:35.0550 0x149c  LSI_SAS - ok
13:42:35.0550 0x149c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:42:35.0550 0x149c  LSI_SAS2 - ok
13:42:35.0566 0x149c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:42:35.0566 0x149c  LSI_SCSI - ok
13:42:35.0566 0x149c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:42:35.0582 0x149c  luafv - ok
13:42:35.0597 0x149c  lxdn_device - ok
13:42:35.0644 0x149c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:42:35.0644 0x149c  Mcx2Svc - ok
13:42:35.0660 0x149c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:42:35.0675 0x149c  megasas - ok
13:42:35.0691 0x149c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:42:35.0706 0x149c  MegaSR - ok
13:42:35.0784 0x149c  Microsoft SharePoint Workspace Audit Service - ok
13:42:35.0818 0x149c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:42:35.0821 0x149c  MMCSS - ok
13:42:35.0836 0x149c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:42:35.0836 0x149c  Modem - ok
13:42:35.0883 0x149c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:42:35.0883 0x149c  monitor - ok
13:42:35.0914 0x149c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:42:35.0914 0x149c  mouclass - ok
13:42:35.0945 0x149c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:42:35.0945 0x149c  mouhid - ok
13:42:35.0977 0x149c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:42:35.0992 0x149c  mountmgr - ok
13:42:36.0039 0x149c  [ C6B88D62F20AC646C6BD5C032EC2FAF9, 111A07939F3C5A46F0C51B9D6F5C1D8478099E32EFD88BC260467109ADD975F8 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
13:42:36.0055 0x149c  MpFilter - ok
13:42:36.0070 0x149c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:42:36.0086 0x149c  mpio - ok
13:42:36.0101 0x149c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:42:36.0101 0x149c  mpsdrv - ok
13:42:36.0164 0x149c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:42:36.0211 0x149c  MpsSvc - ok
13:42:36.0242 0x149c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:42:36.0257 0x149c  MRxDAV - ok
13:42:36.0289 0x149c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:42:36.0304 0x149c  mrxsmb - ok
13:42:36.0335 0x149c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:42:36.0351 0x149c  mrxsmb10 - ok
13:42:36.0382 0x149c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:42:36.0382 0x149c  mrxsmb20 - ok
13:42:36.0413 0x149c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:42:36.0429 0x149c  msahci - ok
13:42:36.0460 0x149c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:42:36.0476 0x149c  msdsm - ok
13:42:36.0491 0x149c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:42:36.0507 0x149c  MSDTC - ok
13:42:36.0523 0x149c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:42:36.0523 0x149c  Msfs - ok
13:42:36.0523 0x149c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:42:36.0538 0x149c  mshidkmdf - ok
13:42:36.0569 0x149c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:42:36.0569 0x149c  msisadrv - ok
13:42:36.0601 0x149c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:42:36.0601 0x149c  MSiSCSI - ok
13:42:36.0601 0x149c  msiserver - ok
13:42:36.0632 0x149c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:42:36.0632 0x149c  MSKSSRV - ok
13:42:36.0679 0x149c  [ 7675E15D1B2180745E4DA4D26AAD7385, 729AA6C610F67028CFFFF64B772FFA1CAE7581D37F8909BDA423D52AF85C92C8 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:42:36.0694 0x149c  MsMpSvc - ok
13:42:36.0710 0x149c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:42:36.0710 0x149c  MSPCLOCK - ok
13:42:36.0725 0x149c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:42:36.0725 0x149c  MSPQM - ok
13:42:36.0772 0x149c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:42:36.0772 0x149c  MsRPC - ok
13:42:36.0803 0x149c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:42:36.0803 0x149c  mssmbios - ok
13:42:36.0819 0x149c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:42:36.0819 0x149c  MSTEE - ok
13:42:36.0835 0x149c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:42:36.0850 0x149c  MTConfig - ok
13:42:36.0866 0x149c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:42:36.0866 0x149c  Mup - ok
13:42:36.0913 0x149c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:42:36.0944 0x149c  napagent - ok
13:42:37.0006 0x149c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:42:37.0022 0x149c  NativeWifiP - ok
13:42:37.0084 0x149c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:42:37.0147 0x149c  NDIS - ok
13:42:37.0162 0x149c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:42:37.0162 0x149c  NdisCap - ok
13:42:37.0193 0x149c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:42:37.0193 0x149c  NdisTapi - ok
13:42:37.0225 0x149c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:42:37.0225 0x149c  Ndisuio - ok
13:42:37.0271 0x149c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:42:37.0271 0x149c  NdisWan - ok
13:42:37.0303 0x149c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:42:37.0318 0x149c  NDProxy - ok
13:42:37.0318 0x149c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
 

[zma1013]

13:42:37.0318 0x149c  NetBIOS - ok
13:42:37.0365 0x149c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:42:37.0365 0x149c  NetBT - ok
13:42:37.0381 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
13:42:37.0396 0x149c  Netlogon - ok
13:42:37.0427 0x149c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:42:37.0427 0x149c  Netman - ok
13:42:37.0459 0x149c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:42:37.0474 0x149c  netprofm - ok
13:42:37.0521 0x149c  [ 91C1AF448975764538F3B5CF9526CC3C, 10777763F1E97818A0354331A87A0543764675FD510C3BFA767DCEC47F21D023 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
13:42:37.0552 0x149c  netr28ux - ok
13:42:37.0583 0x149c  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:42:37.0599 0x149c  NetTcpPortSharing - ok
13:42:37.0630 0x149c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:42:37.0630 0x149c  nfrd960 - ok
13:42:37.0677 0x149c  [ ACE8C64C57E4A711473C8BC10ADF692B, 53D8083CE78DB5527080B4570AC28ABAA262667744A319707AE0C46E46B297F9 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:42:37.0693 0x149c  NisDrv - ok
13:42:37.0724 0x149c  [ 6247E8B31ED0A9D6BC5A26276E49BEB3, 230C0C560492C454B9EB14B50EB4A78DC74FAB6B662449A0EA3114B3E671BFF3 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
13:42:37.0739 0x149c  NisSrv - ok
13:42:37.0786 0x149c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:42:37.0786 0x149c  NlaSvc - ok
13:42:37.0838 0x149c  [ E1C26934003C81F40570818F786F5BE6, 3A242B85C0C21F8E93C2F177F7443ACFBA65E2D1A750ECB494FAD1BEA0AD2D8D ] nosGetPlusHelper C:\Program Files (x86)\NOS\bin\getPlus_Helper_3001.dll
13:42:37.0838 0x149c  nosGetPlusHelper - ok
13:42:37.0854 0x149c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:42:37.0854 0x149c  Npfs - ok
13:42:37.0869 0x149c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:42:37.0869 0x149c  nsi - ok
13:42:37.0885 0x149c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:42:37.0885 0x149c  nsiproxy - ok
13:42:37.0978 0x149c  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:42:38.0025 0x149c  Ntfs - ok
13:42:38.0041 0x149c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:42:38.0041 0x149c  Null - ok
13:42:38.0088 0x149c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:42:38.0088 0x149c  nvraid - ok
13:42:38.0134 0x149c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:42:38.0150 0x149c  nvstor - ok
13:42:38.0181 0x149c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:42:38.0197 0x149c  nv_agp - ok
13:42:38.0212 0x149c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:42:38.0228 0x149c  ohci1394 - ok
13:42:38.0275 0x149c  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:42:38.0290 0x149c  ose - ok
13:42:38.0493 0x149c  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:42:38.0649 0x149c  osppsvc - ok
13:42:38.0680 0x149c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:42:38.0696 0x149c  p2pimsvc - ok
13:42:38.0727 0x149c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:42:38.0727 0x149c  p2psvc - ok
13:42:38.0758 0x149c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:42:38.0758 0x149c  Parport - ok
13:42:38.0774 0x149c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:42:38.0790 0x149c  partmgr - ok
13:42:38.0790 0x149c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:42:38.0805 0x149c  PcaSvc - ok
13:42:38.0836 0x149c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:42:38.0836 0x149c  pci - ok
13:42:38.0868 0x149c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:42:38.0883 0x149c  pciide - ok
13:42:38.0914 0x149c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:42:38.0914 0x149c  pcmcia - ok
13:42:38.0930 0x149c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:42:38.0946 0x149c  pcw - ok
13:42:38.0961 0x149c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:42:38.0977 0x149c  PEAUTH - ok
13:42:39.0055 0x149c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:42:39.0055 0x149c  PerfHost - ok
13:42:39.0148 0x149c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:42:39.0195 0x149c  pla - ok
13:42:39.0242 0x149c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:42:39.0258 0x149c  PlugPlay - ok
13:42:39.0273 0x149c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:42:39.0273 0x149c  PNRPAutoReg - ok
13:42:39.0289 0x149c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:42:39.0304 0x149c  PNRPsvc - ok
13:42:39.0320 0x149c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:42:39.0336 0x149c  PolicyAgent - ok
13:42:39.0351 0x149c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:42:39.0367 0x149c  Power - ok
13:42:39.0414 0x149c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:42:39.0429 0x149c  PptpMiniport - ok
13:42:39.0445 0x149c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:42:39.0445 0x149c  Processor - ok
13:42:39.0476 0x149c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:42:39.0492 0x149c  ProfSvc - ok
13:42:39.0507 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
13:42:39.0507 0x149c  ProtectedStorage - ok
13:42:39.0554 0x149c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:42:39.0554 0x149c  Psched - ok
13:42:39.0601 0x149c  [ A6A7AD767BF5141665F5C675F671B3E1, 11D43F732C3B82679E53516F83E675B60B0EFEDE3F4EE3C42AC752AD8D5155AF ] PSI_SVC_2       c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
13:42:39.0616 0x149c  PSI_SVC_2 - ok
13:42:39.0648 0x149c  [ 4712CC14E720ECCCC0AA16949D18AAF1, AF0223D118A25CA14EC1AF8A40A793D3CBCBE3576CCACBCD4F9A3D3F10407262 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:42:39.0648 0x149c  PxHlpa64 - ok
13:42:39.0741 0x149c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:42:39.0824 0x149c  ql2300 - ok
13:42:39.0840 0x149c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:42:39.0840 0x149c  ql40xx - ok
13:42:39.0855 0x149c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:42:39.0871 0x149c  QWAVE - ok
13:42:39.0887 0x149c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:42:39.0887 0x149c  QWAVEdrv - ok
13:42:39.0887 0x149c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:42:39.0902 0x149c  RasAcd - ok
13:42:39.0918 0x149c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:42:39.0918 0x149c  RasAgileVpn - ok
13:42:39.0933 0x149c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:42:39.0933 0x149c  RasAuto - ok
13:42:39.0949 0x149c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:42:39.0949 0x149c  Rasl2tp - ok
13:42:39.0996 0x149c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:42:39.0996 0x149c  RasMan - ok
13:42:40.0011 0x149c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:42:40.0011 0x149c  RasPppoe - ok
13:42:40.0027 0x149c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:42:40.0027 0x149c  RasSstp - ok
13:42:40.0058 0x149c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:42:40.0058 0x149c  rdbss - ok
13:42:40.0074 0x149c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:42:40.0074 0x149c  rdpbus - ok
13:42:40.0089 0x149c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:42:40.0089 0x149c  RDPCDD - ok
13:42:40.0105 0x149c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:42:40.0105 0x149c  RDPENCDD - ok
13:42:40.0105 0x149c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:42:40.0121 0x149c  RDPREFMP - ok
13:42:40.0152 0x149c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:42:40.0152 0x149c  RDPWD - ok
13:42:40.0183 0x149c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:42:40.0183 0x149c  rdyboost - ok
13:42:40.0199 0x149c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:42:40.0199 0x149c  RemoteAccess - ok
13:42:40.0230 0x149c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:42:40.0230 0x149c  RemoteRegistry - ok
13:42:40.0261 0x149c  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:42:40.0261 0x149c  RimUsb - ok
13:42:40.0386 0x149c  [ FF578453D3B3ADAAB22D7151D7F9E592, FC961869B9439A096CFCE1FA682A32F539467A2424FD0FED3304F7C64AC934BE ] RoxMediaDB12    C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
13:42:40.0417 0x149c  RoxMediaDB12 - ok
13:42:40.0448 0x149c  [ 71B38B8DF1A9B55FC0FB64958CC7B9DD, E674112AF22C3A2E1E1D0431D36D76CAF6F86A624E9B09D200FAEE465F759671 ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
13:42:40.0464 0x149c  RoxWatch12 - ok
13:42:40.0479 0x149c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:42:40.0495 0x149c  RpcEptMapper - ok
13:42:40.0511 0x149c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:42:40.0511 0x149c  RpcLocator - ok
13:42:40.0542 0x149c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:42:40.0542 0x149c  RpcSs - ok
13:42:40.0557 0x149c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:42:40.0573 0x149c  rspndr - ok
13:42:40.0573 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
13:42:40.0589 0x149c  SamSs - ok
13:42:40.0620 0x149c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:42:40.0620 0x149c  sbp2port - ok
13:42:40.0651 0x149c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:42:40.0651 0x149c  SCardSvr - ok
13:42:40.0682 0x149c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:42:40.0682 0x149c  scfilter - ok
13:42:40.0745 0x149c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:42:40.0776 0x149c  Schedule - ok
13:42:40.0807 0x149c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:42:40.0823 0x149c  SCPolicySvc - ok
13:42:40.0869 0x149c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:42:40.0869 0x149c  SDRSVC - ok
13:42:40.0885 0x149c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:42:40.0885 0x149c  secdrv - ok
13:42:40.0932 0x149c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:42:40.0932 0x149c  seclogon - ok
13:42:40.0947 0x149c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:42:40.0947 0x149c  SENS - ok
13:42:40.0963 0x149c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:42:40.0963 0x149c  SensrSvc - ok
13:42:40.0979 0x149c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:42:40.0979 0x149c  Serenum - ok
13:42:41.0010 0x149c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:42:41.0010 0x149c  Serial - ok
13:42:41.0041 0x149c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:42:41.0041 0x149c  sermouse - ok
13:42:41.0072 0x149c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:42:41.0088 0x149c  SessionEnv - ok
13:42:41.0119 0x149c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:42:41.0119 0x149c  sffdisk - ok
13:42:41.0119 0x149c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:42:41.0135 0x149c  sffp_mmc - ok
13:42:41.0135 0x149c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:42:41.0135 0x149c  sffp_sd - ok
13:42:41.0150 0x149c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:42:41.0150 0x149c  sfloppy - ok
13:42:41.0244 0x149c  [ 38F88F0DF46C4D42125EF721ABD7F6B9, 8CE1D5D0905F7CC7826036763600AD041B87E340DA8D6D64EA34CC48F2FA9B7B ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:42:41.0259 0x149c  SftService - ok
13:42:41.0291 0x149c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:42:41.0306 0x149c  SharedAccess - ok
13:42:41.0322 0x149c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:42:41.0322 0x149c  ShellHWDetection - ok
13:42:41.0337 0x149c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:42:41.0353 0x149c  SiSRaid2 - ok
13:42:41.0369 0x149c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:42:41.0369 0x149c  SiSRaid4 - ok
13:42:41.0384 0x149c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:42:41.0400 0x149c  Smb - ok
13:42:41.0431 0x149c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:42:41.0431 0x149c  SNMPTRAP - ok
13:42:41.0431 0x149c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:42:41.0431 0x149c  spldr - ok
13:42:41.0493 0x149c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:42:41.0525 0x149c  Spooler - ok
13:42:41.0665 0x149c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:42:41.0795 0x149c  sppsvc - ok
13:42:41.0810 0x149c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:42:41.0810 0x149c  sppuinotify - ok
13:42:41.0888 0x149c  [ D630B6F2E8379B6F10DC16E82A426552, 9F7949B11BCEF55B38119ED45BD92117A8551BEC8A2BCD88EA89707C48120F1B ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
13:42:41.0904 0x149c  sprtsvc_DellSupportCenter - ok
13:42:41.0951 0x149c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:42:41.0966 0x149c  srv - ok
13:42:42.0013 0x149c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:42:42.0029 0x149c  srv2 - ok
13:42:42.0044 0x149c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:42:42.0044 0x149c  srvnet - ok
13:42:42.0060 0x149c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:42:42.0076 0x149c  SSDPSRV - ok
13:42:42.0091 0x149c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:42:42.0091 0x149c  SstpSvc - ok
13:42:42.0122 0x149c  [ C692C94FE55CAD0633440236022C27B3, 9A21E9B2EB96DC8C58DE060EEAFC2FD71AB9C539039DAAD5F7380556E2D1D69B ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:42:42.0138 0x149c  ssudmdm - ok
13:42:42.0154 0x149c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:42:42.0169 0x149c  stexstor - ok
13:42:42.0216 0x149c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:42:42.0247 0x149c  stisvc - ok
13:42:42.0278 0x149c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:42:42.0278 0x149c  swenum - ok
13:42:42.0325 0x149c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:42:42.0341 0x149c  swprv - ok
13:42:42.0434 0x149c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:42:42.0481 0x149c  SysMain - ok
13:42:42.0512 0x149c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:42:42.0512 0x149c  TabletInputService - ok
13:42:42.0559 0x149c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:42:42.0575 0x149c  TapiSrv - ok
13:42:42.0590 0x149c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:42:42.0590 0x149c  TBS - ok
13:42:42.0684 0x149c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:42:42.0746 0x149c  Tcpip - ok
13:42:42.0809 0x149c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:42:42.0840 0x149c  TCPIP6 - ok
13:42:42.0871 0x149c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:42:42.0871 0x149c  tcpipreg - ok
13:42:42.0887 0x149c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:42:42.0887 0x149c  TDPIPE - ok
13:42:42.0918 0x149c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:42:42.0918 0x149c  TDTCP - ok
13:42:42.0949 0x149c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:42:42.0949 0x149c  tdx - ok
13:42:42.0980 0x149c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:42:42.0980 0x149c  TermDD - ok
13:42:43.0027 0x149c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:42:43.0058 0x149c  TermService - ok
13:42:43.0058 0x149c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:42:43.0058 0x149c  Themes - ok
13:42:43.0090 0x149c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:42:43.0090 0x149c  THREADORDER - ok
13:42:43.0105 0x149c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:42:43.0105 0x149c  TrkWks - ok
13:42:43.0152 0x149c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:42:43.0168 0x149c  TrustedInstaller - ok
13:42:43.0199 0x149c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:42:43.0199 0x149c  tssecsrv - ok
13:42:43.0230 0x149c  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:42:43.0246 0x149c  TsUsbFlt - ok
13:42:43.0292 0x149c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:42:43.0308 0x149c  tunnel - ok
13:42:43.0324 0x149c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:42:43.0324 0x149c  uagp35 - ok
13:42:43.0370 0x149c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:42:43.0386 0x149c  udfs - ok
13:42:43.0402 0x149c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:42:43.0402 0x149c  UI0Detect - ok
13:42:43.0448 0x149c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:42:43.0448 0x149c  uliagpkx - ok
13:42:43.0480 0x149c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
13:42:43.0495 0x149c  umbus - ok
13:42:43.0511 0x149c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:42:43.0511 0x149c  UmPass - ok
13:42:43.0526 0x149c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:42:43.0542 0x149c  upnphost - ok
13:42:43.0573 0x149c  [ ACCEA6BC68D0C9A78EB97EE159028B4E, 132F7A543C1DA9456FBABA50552B37E3162ACA612A8567BB3FF0F7DA84231419 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:42:43.0573 0x149c  usbccgp - ok
13:42:43.0589 0x149c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:42:43.0589 0x149c  usbcir - ok
13:42:43.0604 0x149c  [ 311C1DD1088E55BEAE15954D17F50646, A663344ABD1414D570617F59CC00020640F31DB34265142EFCA8817328DB842A ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:42:43.0604 0x149c  usbehci - ok
13:42:43.0620 0x149c  [ 280E90CBF4B2DDD169F0728CB44D726F, 2B39666C022A4F7338BDDB4CB0D7B4D0CC6B398298D29E38826F27FADF4C29DD ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:42:43.0636 0x149c  usbhub - ok
13:42:43.0651 0x149c  [ 9406D801042FAF859CF81B2C886413DC, D16536EC05260D7A2902314E1AA5E5F73533483B9967739C381FD41B6192B92F ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:42:43.0651 0x149c  usbohci - ok
13:42:43.0682 0x149c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:42:43.0682 0x149c  usbprint - ok
13:42:43.0698 0x149c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
13:42:43.0698 0x149c  usbscan - ok
13:42:43.0714 0x149c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:42:43.0714 0x149c  USBSTOR - ok
13:42:43.0729 0x149c  [ A83D0EC9AE4C31704442099D40BA2471, A29D714FCDF10DF7A2A17D54B131AEFDA61AED988CF8B99C7B30728C50130DCE ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:42:43.0729 0x149c  usbuhci - ok
13:42:43.0745 0x149c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:42:43.0745 0x149c  UxSms - ok
13:42:43.0765 0x149c  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
13:42:43.0765 0x149c  VaultSvc - ok
13:42:43.0797 0x149c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:42:43.0797 0x149c  vdrvroot - ok
13:42:43.0859 0x149c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:42:43.0875 0x149c  vds - ok
13:42:43.0906 0x149c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:42:43.0906 0x149c  vga - ok
13:42:43.0921 0x149c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:42:43.0921 0x149c  VgaSave - ok
13:42:43.0968 0x149c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:42:43.0968 0x149c  vhdmp - ok
13:42:43.0999 0x149c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:42:43.0999 0x149c  viaide - ok
13:42:44.0046 0x149c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:42:44.0046 0x149c  volmgr - ok
13:42:44.0077 0x149c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:42:44.0093 0x149c  volmgrx - ok
13:42:44.0109 0x149c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:42:44.0109 0x149c  volsnap - ok
13:42:44.0140 0x149c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:42:44.0140 0x149c  vsmraid - ok
13:42:44.0218 0x149c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:42:44.0280 0x149c  VSS - ok
13:42:44.0296 0x149c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:42:44.0296 0x149c  vwifibus - ok
13:42:44.0343 0x149c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:42:44.0374 0x149c  W32Time - ok
13:42:44.0374 0x149c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:42:44.0389 0x149c  WacomPen - ok
13:42:44.0405 0x149c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0405 0x149c  WANARP - ok
13:42:44.0405 0x149c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:42:44.0421 0x149c  Wanarpv6 - ok
13:42:44.0514 0x149c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:42:44.0561 0x149c  WatAdminSvc - ok
13:42:44.0639 0x149c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:42:44.0686 0x149c  wbengine - ok
13:42:44.0701 0x149c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:42:44.0717 0x149c  WbioSrvc - ok
13:42:44.0748 0x149c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:42:44.0764 0x149c  wcncsvc - ok
13:42:44.0764 0x149c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:42:44.0764 0x149c  WcsPlugInService - ok
13:42:44.0779 0x149c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:42:44.0779 0x149c  Wd - ok
13:42:44.0857 0x149c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:42:44.0873 0x149c  Wdf01000 - ok
13:42:44.0889 0x149c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:42:44.0889 0x149c  WdiServiceHost - ok
13:42:44.0904 0x149c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:42:44.0904 0x149c  WdiSystemHost - ok
13:42:44.0951 0x149c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:42:44.0967 0x149c  WebClient - ok
13:42:45.0029 0x149c  [ 949AEC62E088944E3C3F474D6FC3DA73, 4B8621358EAD0CA6D1DFD0F10E78085FA39340A32CC2CAE8E088A3DC3C4C81E3 ] WebfettiIEService C:\PROGRA~2\WEBFET~2\bar\1.bin\ybbarsvc.exe
13:42:45.0060 0x149c  WebfettiIEService - ok
13:42:45.0076 0x149c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:42:45.0076 0x149c  Wecsvc - ok
13:42:45.0091 0x149c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:42:45.0091 0x149c  wercplsupport - ok
13:42:45.0123 0x149c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:42:45.0123 0x149c  WerSvc - ok
13:42:45.0138 0x149c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:42:45.0138 0x149c  WfpLwf - ok
13:42:45.0169 0x149c  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
13:42:45.0169 0x149c  WimFltr - ok
13:42:45.0201 0x149c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:42:45.0201 0x149c  WIMMount - ok
13:42:45.0216 0x149c  WinDefend - ok
13:42:45.0216 0x149c  WinHttpAutoProxySvc - ok
13:42:45.0279 0x149c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:42:45.0294 0x149c  Winmgmt - ok
13:42:45.0372 0x149c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:42:45.0435 0x149c  WinRM - ok
13:42:45.0481 0x149c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:42:45.0497 0x149c  WinUsb - ok
13:42:45.0544 0x149c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:42:45.0606 0x149c  Wlansvc - ok
13:42:45.0731 0x149c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:42:45.0798 0x149c  wlidsvc - ok
13:42:45.0845 0x149c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:42:45.0845 0x149c  WmiAcpi - ok
13:42:45.0876 0x149c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:42:45.0876 0x149c  wmiApSrv - ok
13:42:45.0908 0x149c  WMPNetworkSvc - ok
13:42:45.0923 0x149c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:42:45.0923 0x149c  WPCSvc - ok
13:42:45.0954 0x149c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:42:45.0970 0x149c  WPDBusEnum - ok
13:42:45.0986 0x149c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:42:45.0986 0x149c  ws2ifsl - ok
13:42:46.0001 0x149c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:42:46.0001 0x149c  wscsvc - ok
13:42:46.0017 0x149c  WSearch - ok
13:42:46.0126 0x149c  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:42:46.0204 0x149c  wuauserv - ok
13:42:46.0235 0x149c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:42:46.0235 0x149c  WudfPf - ok
13:42:46.0251 0x149c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:42:46.0251 0x149c  WUDFRd - ok
13:42:46.0298 0x149c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:42:46.0298 0x149c  wudfsvc - ok
13:42:46.0344 0x149c  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:42:46.0360 0x149c  WwanSvc - ok
13:42:46.0376 0x149c  ================ Scan global ===============================
13:42:46.0391 0x149c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:42:46.0438 0x149c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:42:46.0469 0x149c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:42:46.0485 0x149c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:42:46.0516 0x149c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:42:46.0532 0x149c  [ Global ] - ok
13:42:46.0532 0x149c  ================ Scan MBR ==================================
13:42:46.0532 0x149c  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
13:42:46.0766 0x149c  \Device\Harddisk0\DR0 - ok
13:42:46.0766 0x149c  ================ Scan VBR ==================================
13:42:46.0766 0x149c  [ 446D6EBAFA984EFA48CE3F0277F0E1D1 ] \Device\Harddisk0\DR0\Partition1
13:42:46.0766 0x149c  \Device\Harddisk0\DR0\Partition1 - ok
13:42:46.0781 0x149c  [ D29B5602D86E19B93E8CC33C11A304C2 ] \Device\Harddisk0\DR0\Partition2
13:42:46.0781 0x149c  \Device\Harddisk0\DR0\Partition2 - ok
13:42:46.0781 0x149c  Waiting for KSN requests completion. In queue: 285
13:42:47.0785 0x149c  Waiting for KSN requests completion. In queue: 285
13:42:48.0799 0x149c  Waiting for KSN requests completion. In queue: 285
13:42:49.0802 0x149c  Waiting for KSN requests completion. In queue: 285
13:42:50.0832 0x149c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.4.304.0 ), 0x61000 ( enabled : updated )
13:42:50.0863 0x149c  Win FW state via NFP2: enabled
13:42:53.0694 0x149c  ============================================================
13:42:53.0694 0x149c  Scan finished
13:42:53.0694 0x149c  ============================================================
13:42:53.0696 0x14b0  Detected object count: 0
13:42:53.0696 0x14b0  Actual detected object count: 0
13:47:54.0222 0x09c4  Deinitialize success
 

[Psychotic]

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!

• Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
• Run Combofix.exe
  

When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

[zma1013]

ComboFix 13-11-23.02 - Sharon 11/25/2013  19:12:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2447 [GMT -5:00]
Running from: c:\users\Sharon\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\progra~2\WEBFET~2\bar\1.bin\ybBAr.dll
c:\program files (x86)\WebfettiIE\bar\1.bin\ybBAr.dll
c:\program files (x86)\WebfettiIE\bar\1.bin\ybSRcas.dll
c:\programdata\3F434C3071.sys
c:\users\Sharon\AppData\Local\Google\Desktop\Install
c:\users\Sharon\AppData\Local\Google\Desktop\Install\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\2E2F~1\28F0~1\E628~1\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\00000004.@
c:\users\Sharon\AppData\Local\Google\Desktop\Install\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\2E2F~1\28F0~1\E628~1\{c8ec1f45-ba17-d39f-eb4e-c2ba1cb08ee4}\L\76603ac3
c:\users\Sharon\jni_wavelet.dll
c:\users\Sharon\PicOpRTL.dll
c:\windows\PFRO.log
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))
.
.
2013-11-26 00:17 . 2013-11-26 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-21 23:35 . 2013-10-17 16:14 965000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8E3ED9A-4AF7-464D-8C00-B99D7E89C77D}\gapaengine.dll
2013-11-21 23:35 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BA1B484-F57E-4AC5-B6E6-9E86317D1F62}\mpengine.dll
2013-11-21 23:32 . 2013-11-21 23:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-11-21 23:32 . 2013-11-21 23:32 -------- d-----w- c:\program files\Microsoft Security Client
2013-11-21 23:20 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3984139A-D3E8-41AB-9C23-5D2CEA45E9A2}\mpengine.dll
2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\users\Sharon\AppData\Roaming\Malwarebytes
2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\programdata\Malwarebytes
2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-20 01:32 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\users\Sharon\AppData\Local\Programs
2013-11-13 21:35 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-19 10:21 . 2012-04-17 22:43 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 08:01 . 2010-04-16 23:57 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-06 14:00 . 2010-06-07 01:24 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2013-10-17 16:18 . 2013-09-12 14:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-17 16:18 . 2013-09-12 14:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-10-17 16:18 . 2013-09-12 14:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-10-10 07:35 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-10-09 01:36 . 2013-01-31 22:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-09-27 14:53 . 2013-09-27 14:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-14 01:31 . 2010-06-07 01:24 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-09-14 01:31 . 2010-06-07 01:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-09-12 14:12 . 2010-06-07 01:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-09-08 02:30 . 2013-10-09 13:56 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 13:56 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 13:56 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 13:56 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 13:56 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 13:56 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 13:56 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 13:56 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 13:56 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 13:56 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-29 02:17 . 2013-10-09 13:56 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 13:56 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 13:56 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 13:56 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 13:56 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 13:56 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 13:56 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 13:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 13:56 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 13:56 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 13:56 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 13:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 13:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 13:56 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 13:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 13:56 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 13:56 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 13:56 461312 ----a-w- c:\windows\system32\scavengeui.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-07-23 06:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]
"Push Client"="c:\users\Sharon\AppData\Local\ATT Connect\Participant\pull.exe" [2010-06-03 965872]
"Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-03-12 136600]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-15 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nosGetPlusHelper;getPlus® Installer;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 WebfettiIEService;Webfetti Service;c:\progra~2\WEBFET~2\bar\1.bin\ybbarsvc.exe;c:\progra~2\WEBFET~2\bar\1.bin\ybbarsvc.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ    nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-16 08:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 01:36]
.
2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 11:58]
.
2013-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 11:58]
.
2013-11-22 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-03 03:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: cinemanow.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.1

.
- - - - ORPHANS REMOVED - - - -
.
BHO-{a504d73b-32d5-4b53-9dfc-0891be7653f0} - c:\program files (x86)\WebfettiIE\bar\1.bin\ybSrcAs.dll
BHO-{d826715f-a629-4613-a641-5ca18e8b2f7a} - c:\progra~2\WEBFET~2\bar\1.bin\ybbar.dll
Toolbar-Locked - (no file)
Toolbar-{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc} - c:\program files (x86)\WebfettiIE\bar\1.bin\ybbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3088017440-685475391-1946536634-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3088017440-685475391-1946536634-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-11-25  19:19:02
ComboFix-quarantined-files.txt  2013-11-26 00:19
.
Pre-Run: 894,883,844,096 bytes free
Post-Run: 896,404,754,432 bytes free
.
- - End Of File - - 311F614257EF3632F7C7CD5D5490C911
CDB4DE4BBD714F152979DA2DCBEF57EB
 

[Psychotic]

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware
 

• If not existing, please download Malwarebytes' Anti-Malware to your desktop.
• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

• Run Malwarebytes Antimalware
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please save it to a convenient location.
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
• Post that log back here.

 

CFScript.txt

[zma1013]

Malwarebytes didn't find anything and for whatever reason this website now refuses to copy and paste anything.  I can't paste the combfix log.  It makes zero sense.

 

 

[zma1013]

Oh here it is, I just used a different web browser and it worked.  I have no idea why it won't work with Internet Explorer now.

 

ComboFix 13-11-23.02 - Sharon 11/26/2013  15:22:14.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.2752 [GMT -5:00]

Running from: c:\users\Sharon\Downloads\ComboFix.exe

Command switches used :: c:\users\Sharon\Downloads\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\progra~2\WEBFET~2\bar

c:\progra~2\WEBFET~2\bar\1.bin\LOGO.BMP

c:\progra~2\WEBFET~2\bar\1.bin\ybauxstb.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybbarsvc.exe

c:\progra~2\WEBFET~2\bar\1.bin\ybbrstub.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybdatact.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybdlghk.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybdyn.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybfeedmg.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybhighin.exe

c:\progra~2\WEBFET~2\bar\1.bin\ybhtml.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybhtmlmu.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybhttpct.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybidle.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybimpipe.exe

c:\progra~2\WEBFET~2\bar\1.bin\ybmedint.exe

c:\progra~2\WEBFET~2\bar\1.bin\ybmlbtn.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybmsg.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybradio.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybregiet.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybscript.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybskin.dll

c:\progra~2\WEBFET~2\bar\1.bin\ybskplay.exe

c:\progra~2\WEBFET~2\bar\Message\COMMON.T8S

c:\progra~2\WEBFET~2\bar\Settings\s_pid.dat

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_WebfettiIEService

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-26 to 2013-11-26  )))))))))))))))))))))))))))))))

.

.

2013-11-26 20:27 . 2013-11-26 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-26 00:47 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-26 00:40 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{810BAA36-71E6-4C4B-8440-587316969E76}\mpengine.dll

2013-11-26 00:39 . 2013-11-26 00:40 -------- d-----w- c:\windows\SysWow64\Adobe

2013-11-26 00:38 . 2013-11-26 00:39 -------- d-----w- c:\program files (x86)\Common Files\Adobe

2013-11-26 00:26 . 2013-11-26 00:26 -------- d-----w- c:\programdata\Oracle

2013-11-26 00:25 . 2013-11-26 00:25 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-11-26 00:25 . 2013-10-08 12:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-11-26 00:23 . 2013-11-18 06:28 10285968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-21 23:35 . 2013-10-17 16:14 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D8E3ED9A-4AF7-464D-8C00-B99D7E89C77D}\gapaengine.dll

2013-11-21 23:32 . 2013-11-21 23:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-11-21 23:32 . 2013-11-21 23:32 -------- d-----w- c:\program files\Microsoft Security Client

2013-11-21 23:20 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3984139A-D3E8-41AB-9C23-5D2CEA45E9A2}\mpengine.dll

2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\users\Sharon\AppData\Roaming\Malwarebytes

2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\programdata\Malwarebytes

2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-11-20 01:32 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-11-20 01:32 . 2013-11-20 01:32 -------- d-----w- c:\users\Sharon\AppData\Local\Programs

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-26 00:33 . 2013-01-31 22:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-11-19 10:21 . 2012-04-17 22:43 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-11-14 08:01 . 2010-04-16 23:57 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-06 14:00 . 2010-06-07 01:24 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2013-10-17 16:18 . 2013-09-12 14:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll

2013-10-17 16:18 . 2013-09-12 14:13 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll

2013-10-17 16:18 . 2013-09-12 14:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll

2013-10-10 07:35 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 14:53 . 2013-09-27 14:53 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-09-14 01:31 . 2010-06-07 01:24 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll

2013-09-14 01:31 . 2010-06-07 01:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll

2013-09-12 14:12 . 2010-06-07 01:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-09-08 02:30 . 2013-10-09 13:56 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-09 13:56 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-09 13:56 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-09-04 12:12 . 2013-10-09 13:56 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 12:11 . 2013-10-09 13:56 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 12:11 . 2013-10-09 13:56 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 12:11 . 2013-10-09 13:56 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 12:11 . 2013-10-09 13:56 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 12:11 . 2013-10-09 13:56 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 12:11 . 2013-10-09 13:56 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-29 02:17 . 2013-10-09 13:56 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-09 13:56 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-09 13:56 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-09 13:56 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-09 13:56 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-09 13:56 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-09 13:56 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-09 13:56 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-09 13:56 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-09 13:56 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-09 13:56 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-09 13:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-09 13:56 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-09 13:56 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-09 13:56 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-09 13:56 2048 ----a-w- c:\windows\SysWow64\user.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2013-07-23 06:46 1451680 ----a-w- c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{a504d73b-32d5-4b53-9dfc-0891be7653f0}]

c:\program files (x86)\WebfettiIE\bar\1.bin\ybSrcAs.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{d826715f-a629-4613-a641-5ca18e8b2f7a}]

c:\progra~2\WEBFET~2\bar\1.bin\ybbar.dll [bU]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}"= "c:\program files (x86)\WebfettiIE\bar\1.bin\ybbar.dll" [bU]

.

[HKEY_CLASSES_ROOT\clsid\{94fc3fb2-3e5c-4b8f-aaee-17090ce800bc}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-10 39408]

"Push Client"="c:\users\Sharon\AppData\Local\ATT Connect\Participant\pull.exe" [2010-06-03 965872]

"Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]

"CPMonitor"="c:\program files (x86)\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-04-24 142120]

"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2010-03-12 136600]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-15 560128]

"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-12-15 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [x]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 nosGetPlusHelper;getPlus® Installer;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

R3 RoxMediaDB12;RoxMediaDB12;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe;c:\program files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [x]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]

S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe;c:\windows\SYSNATIVE\lxdncoms.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]

start [bU]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-16 08:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-31 00:33]

.

2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 11:58]

.

2013-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 11:58]

.

2013-11-26 c:\windows\Tasks\HP Photo Creations Communicator.job

- c:\programdata\HP Photo Creations\Communicator.exe [2013-09-03 03:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]

"lxdnmon.exe"="c:\program files (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]

"EzPrint"="c:\program files (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.facebook.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: cinemanow.com

Trusted Zone: qflix.com

Trusted Zone: roxio.com

Trusted Zone: sonic.com\redirect

Trusted Zone: sonic.com\redirect2

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3088017440-685475391-1946536634-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3088017440-685475391-1946536634-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_152_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_152.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\Dell DataSafe Local Backup\Toaster.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2013-11-26  15:32:59 - machine was rebooted

ComboFix-quarantined-files.txt  2013-11-26 20:32

ComboFix2.txt  2013-11-26 00:19

.

Pre-Run: 893,217,640,448 bytes free

Post-Run: 892,717,912,064 bytes free

.

- - End Of File - - CEAF7A959463300B23FCD00FE3A4D08A

CDB4DE4BBD714F152979DA2DCBEF57EB

[Psychotic]

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[zma1013]

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73auxstb.dll Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73bar.dll a variant of Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73bprtct.dll Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73brmon.exe Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73datact.dll a variant of Win32/Toolbar.MyWebSearch.A application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73impipe.exe Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73reghk.dll Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73skin.dll a variant of Win32/Toolbar.MyWebSearch.P application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73skplay.exe Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\73SrchMn.exe Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\AppIntegrator64.exe Win64/Toolbar.MyWebSearch.A application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\AppIntegratorStub64.dll Win64/Toolbar.MyWebSearch.A application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.W application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\Hpg64.dll Win64/Toolbar.MyWebSearch.A application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\NP73Stub.dll Win32/Toolbar.MyWebSearch.T application

C:\Program Files (x86)\EasyHomeDecorating_73\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application

C:\Qoobox\Quarantine\C\PROGRA~2\WEBFET~2\bar\1.bin\ybBAr.dll.vir a variant of Win32/Toolbar.MyWebSearch.W application

C:\Qoobox\Quarantine\C\PROGRA~2\WEBFET~2\bar\1.bin\ybdatact.dll.vir a variant of Win32/Toolbar.MyWebSearch.A application

C:\Qoobox\Quarantine\C\PROGRA~2\WEBFET~2\bar\1.bin\ybhtml.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.F application

C:\Qoobox\Quarantine\C\PROGRA~2\WEBFET~2\bar\1.bin\ybhtmlmu.dll.vir probably a variant of Win32/Toolbar.MyWebSearch.B application

C:\Qoobox\Quarantine\C\PROGRA~2\WEBFET~2\bar\1.bin\ybskin.dll.vir a variant of Win32/Toolbar.MyWebSearch.P application

 

[Psychotic]

 

C:\Program Files (x86)\EasyHomeDecorating_73

Please delete this folder.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner

Please download AdwCleaner to your desktop.

• Run adwcleaner.exe
  
• Hit Scan and wait for the scan to finish.
• Confirm the message but don´t uncheck anything.
  
• Hit Clean
  
• When the run is finished, it will open up a text file
  
• Please post its contents within your next reply
  
• You´ll find the log file at C:\AdwCleaner[s1].txt also
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
  
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.
  

[zma1013]

# AdwCleaner v3.013 - Report created 30/11/2013 at 10:50:24

# Updated 24/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Sharon - SHARON-PC

# Running from : C:\Users\Sharon\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Program Files (x86)\WebfettiEI

Folder Deleted : C:\Program Files (x86)\WebfettiIE

Folder Deleted : C:\Users\Sharon\AppData\LocalLow\iac

Folder Deleted : C:\Users\Sharon\AppData\LocalLow\MyScrapNook_12

Folder Deleted : C:\Users\Sharon\AppData\LocalLow\WebfettiEI

Folder Deleted : C:\Users\Sharon\AppData\LocalLow\WebfettiIE

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.DataControl

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.DataControl.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.DynamicBarButton

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.DynamicBarButton.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.FeedManager

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.FeedManager.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.HTMLMenu

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.HTMLMenu.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.HTMLPanel

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.HTMLPanel.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.MultipleButton

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.MultipleButton.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.PseudoTransparentPlugin

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.PseudoTransparentPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.Radio

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.Radio.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.RadioSettings

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.RadioSettings.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.ScriptButton

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.ScriptButton.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.SettingsPlugin

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.SettingsPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.XMLSessionPlugin

Key Deleted : HKLM\SOFTWARE\Classes\WebfettiIE.XMLSessionPlugin.1

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0287E095-41BE-40E8-AB21-D714B4D287A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5498BF58-237D-483E-A24A-C0F125917FF9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57C0BF76-D7A0-41AC-B37A-0E258E292190}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{59020937-7059-4394-84FF-743940DD44D1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7243AC43-7A19-4910-A121-C48C0868248F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A504D73B-32D5-4B53-9DFC-0891BE7653F0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A968F32E-6CF6-49DE-B2D0-CEB096F521A2}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADCF5B48-16C5-4FB7-BB8A-79C1C2E1F27F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AEFBC0B2-53C9-443A-A052-41AE266D357C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C15A5B21-2CD0-4C26-A431-B9DD3C6B1932}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D213A6AE-C9E4-4C75-B906-09C6C23005E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D664042C-CA70-48B6-AFC9-24A4212D5E43}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E231159C-31AC-4D3E-B2F1-96765FFE296B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E667CD3F-060D-44D9-BA38-4B7DE911C9F0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F0E286A1-B2C8-4BC8-AB9C-858F8E1407DA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3141F21-B6C9-4DD9-B115-0A81BFC6C00A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F40CF81A-B1EC-4085-8127-F3DE696C4E8B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F63CC830-0F14-424B-A904-5D22AC8EE2B5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE3D896-C80A-4588-85E6-C6BF5BF9FCC6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9C76BEB-7AD7-4396-94AA-98E8C91F0B89}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07E57B81-63F0-4030-A14F-01BC6C5F0785}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07E60A23-5C7A-4CE1-B83E-707AC9ACC557}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0A4B55D4-D661-4501-934E-7C8822CF6A9D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C81E684-ED5C-431D-99B8-5DC3222FA5A7}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6AE82424-0309-4ACD-B6D3-D7AC95D9AC1D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8CD1748C-14E7-4E0B-BF01-D8BC22DF0C9E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ABC669BD-AEED-4917-84ED-23C2B2E67F12}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9A37E2F-9D5E-409C-97E2-96AF482D2510}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D6DAE6F2-D434-4447-9C7B-FD95330E8D2B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F3883DC7-C3B7-4F49-ABD1-DCC0AC7AC4DC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A504D73B-32D5-4B53-9DFC-0891BE7653F0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A504D73B-32D5-4B53-9DFC-0891BE7653F0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E231159C-31AC-4D3E-B2F1-96765FFE296B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F63CC830-0F14-424B-A904-5D22AC8EE2B5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A504D73B-32D5-4B53-9DFC-0891BE7653F0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0287E095-41BE-40E8-AB21-D714B4D287A9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{57C0BF76-D7A0-41AC-B37A-0E258E292190}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A968F32E-6CF6-49DE-B2D0-CEB096F521A2}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E231159C-31AC-4D3E-B2F1-96765FFE296B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E667CD3F-060D-44D9-BA38-4B7DE911C9F0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F63CC830-0F14-424B-A904-5D22AC8EE2B5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BDA0B90-A0AA-4582-97D3-EC8E61BFDE82}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E62A5A-9018-41B3-84AA-E11DFFD46096}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFE3D896-C80A-4588-85E6-C6BF5BF9FCC6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C15A5B21-2CD0-4C26-A431-B9DD3C6B1932}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E9C76BEB-7AD7-4396-94AA-98E8C91F0B89}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{94FC3FB2-3E5C-4B8F-AAEE-17090CE800BC}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFE3D896-C80A-4588-85E6-C6BF5BF9FCC6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9C76BEB-7AD7-4396-94AA-98E8C91F0B89}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\WebfettiIE

Key Deleted : HKLM\Software\WebfettiIE

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebfettiIEbar Uninstall

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : search_url

Deleted : suggest_url

 

*************************

 

AdwCleaner[R0].txt - [8220 octets] - [30/11/2013 10:48:52]

AdwCleaner[s0].txt - [8276 octets] - [30/11/2013 10:50:24]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8336 octets] ##########

 

 

 Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 45  

 Adobe Reader XI  

 Mozilla Firefox (Toolbar.) 

 Google Chrome 30.0.1599.101  

 Google Chrome 31.0.1650.57  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 0% 

````````````````````End of Log`````````````````````` 

 

[Psychotic]

Your system is clean now!

 

 

Uninstall our tools using delfix

Please follow these steps in order:

1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
3. In any case please download delfix to your desktop.
   
   • Close all other programms and start delfix.
   • Please check all the boxes and run the tool.
   • delfix will now delete all found traces of our removal process
     

[*] If there is still something left please delete it manualy.

 

 

 

Recommendations: How to protect yourself

• System Updates
  Please ensure to have automatic updates activated in your control panel.
  For further information and a tutorial, see this Microsoft Support article.
• Protection
  What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
  Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
  
  • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
    It will filter unwanted advertising out of the website´s content.
  • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
    It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
    In addition, before accessing a dangerous classified web site, a warning screen is displayed.
    

  
  [*]Up to date Software
  Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:
  

  • Secunia Personal Software Inspector - checks if your software has updates available.
  • SecurityCheck (by screen317) - scans your computer for most vulnerable outdated software.
  • Mozilla: Check your plugins - The webpage will tell you if you have outdated plugins running in your Firefox browser.
    

  [*]Backup
  Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
  The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
  

  • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
  • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
  • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
    They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
    

  
  
  

[Maurice Naggar]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.