Please help clean my PC of viruses

Solved
By cjbrown
Oct 29, 2012
  1. Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org
    Database version: v2012.10.29.11
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Clint :: HOME [administrator]
    10/29/2012 1:05:00 PM
    mbam-log-2012-10-29 (13-05-00).txt
    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 433530
    Time elapsed: 1 hour(s), 37 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 2
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe.vir (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
    (end)
  2. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-29 16:28:20
    Windows 6.0.6002 Service Pack 2
    Running: m7uckdhi.exe


    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e4ccdee67
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e4ccdee67 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
  3. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    DDS (Ver_2012-10-19.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Clint at 16:30:22 on 2012-10-29
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4062 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Dell\DellDock\DockLogin.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\PSIService.exe
    c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Program Files\Zune\ZuneLauncher.exe
    C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uProxyOverride = 127.0.0.1:9421;<local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [Akamai NetSession Interface] "C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe"
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    StartupFolder: C:\Users\Clint\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: mswsock.dll
    Trusted Zone: $talisma_url$
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{3FF713D2-3CCC-47B4-837E-0A9B99FEC298} : DHCPNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
    x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
    x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
    x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
    x64-Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-System: EnableLUA = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-4-14 752672]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-7-31 55024]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2010-4-14 335784]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-7-31 88576]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-1-7 204288]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
    R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-8-5 103472]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2012-5-29 517632]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-4-14 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-4-14 237920]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-4-14 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-4-14 177144]
    R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-7-26 92632]
    R2 wsnm;VMware View Client Service;C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe [2010-2-10 151552]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2012-1-7 10567680]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2012-1-7 325632]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-1-7 90128]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2010-4-14 69672]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-7-31 316544]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2010-4-14 300392]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2010-4-14 513456]
    R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584]
    R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2009-3-5 135168]
    S2 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
    S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250808]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-5-3 136176]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-26 196440]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
    S3 LVUVC64;Logitech QuickCam S5500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2010-4-14 106112]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-11 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2012-10-27 03:50:30 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
    2012-10-27 03:50:30 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-10-27 03:50:30 157680 ----a-w- C:\Windows\SysWow64\javaws.exe
    2012-10-27 03:50:30 149488 ----a-w- C:\Windows\SysWow64\javaw.exe
    2012-10-27 03:50:30 149488 ----a-w- C:\Windows\SysWow64\java.exe
    2012-10-09 04:12:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-09 04:12:16 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-20 13:02:52 384512 ----a-w- C:\Windows\System32\services.exe
    2012-08-16 08:01:02 62134624 ----a-w- C:\Windows\System32\mrt.exe
    .
    ============= FINISH: 16:30:48.13 ===============
  4. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume3
    Install Date: 7/31/2009 3:12:53 AM
    System Uptime: 10/28/2012 4:39:21 PM (24 hours ago)
    .
    Motherboard: Dell Inc. | | 0R849J
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 581 GiB total, 401.848 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 7.683 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    L: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1175: 9/21/2012 12:00:01 AM - Scheduled Checkpoint
    RP1176: 9/22/2012 12:00:01 AM - Scheduled Checkpoint
    RP1177: 9/23/2012 12:00:01 AM - Scheduled Checkpoint
    RP1178: 9/24/2012 - Scheduled Checkpoint
    RP1179: 9/25/2012 - Scheduled Checkpoint
    RP1180: 9/26/2012 - Scheduled Checkpoint
    RP1181: 9/28/2012 1:36:51 AM - Scheduled Checkpoint
    RP1182: 9/30/2012 3:03:19 PM - Scheduled Checkpoint
    RP1183: 10/2/2012 12:00:07 AM - Scheduled Checkpoint
    RP1184: 10/3/2012 12:00:02 AM - Scheduled Checkpoint
    RP1185: 10/4/2012 12:00:01 AM - Scheduled Checkpoint
    RP1186: 10/5/2012 12:00:01 AM - Scheduled Checkpoint
    RP1187: 10/6/2012 12:41:55 AM - Scheduled Checkpoint
    RP1188: 10/7/2012 12:46:31 AM - Scheduled Checkpoint
    RP1189: 10/8/2012 - Scheduled Checkpoint
    RP1190: 10/9/2012 - Scheduled Checkpoint
    RP1191: 10/10/2012 - Scheduled Checkpoint
    RP1192: 10/12/2012 11:07:29 PM - Scheduled Checkpoint
    RP1193: 10/14/2012 1:21:47 AM - Scheduled Checkpoint
    RP1194: 10/14/2012 4:10:10 PM - Scheduled Checkpoint
    RP1195: 10/16/2012 - Scheduled Checkpoint
    RP1196: 10/17/2012 - Scheduled Checkpoint
    RP1197: 10/18/2012 - Scheduled Checkpoint
    RP1198: 10/19/2012 - Scheduled Checkpoint
    RP1199: 10/20/2012 12:00:01 AM - Scheduled Checkpoint
    RP1200: 10/21/2012 - Scheduled Checkpoint
    RP1201: 10/22/2012 12:00:01 AM - Scheduled Checkpoint
    RP1202: 10/23/2012 - Scheduled Checkpoint
    RP1203: 10/24/2012 12:00:01 AM - Scheduled Checkpoint
    RP1204: 10/25/2012 - Scheduled Checkpoint
    RP1205: 10/26/2012 12:00:01 AM - Scheduled Checkpoint
    RP1206: 10/26/2012 10:49:21 PM - Installed Java(TM) 6 Update 37
    RP1207: 10/26/2012 10:50:47 PM - Installed Java Runtime Environment
    RP1208: 10/28/2012 4:24:53 PM - Scheduled Checkpoint
    RP1209: 10/29/2012 3:26:58 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    64 bit Windows Card Reader Driver
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop 7.0.1
    Adobe Reader 9.5.2
    Age of Adventure - Playing the Hero
    AIO_Scan
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Amazon MP3 Downloader 1.0.15
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    Any Video Converter 2.7.9
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    Ask Toolbar
    Ask Toolbar Updater
    ATI AVIVO64 Codecs
    ATI Catalyst Control Center
    Banctec Service Agreement
    Big Fish Games: Game Manager
    Bing Bar
    BufferChm
    C6200
    C6200_doccd
    C6200_Help
    Canon RAW Codec
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help English
    CCC Help French
    CCC Help German
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Portuguese
    CCC Help Spanish
    CCC Help Turkish
    CCleaner
    CCScore
    Choice Guard
    Contents
    Copy
    Corel Digital Studio 2010
    Corel Paint Shop Pro Photo X2
    Corel WinDVD 2010
    Dell DataSafe Online
    Dell Dock
    Dell Edoc Viewer
    Dell Getting Started Guide
    Dell Support Center
    Dell Video Chat
    Destination Component
    DeviceDiscovery
    DeviceIO
    DeviceManagementQFolder
    Diablo III
    DocProc
    DocProcQFolder
    DVDF10
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    eSupportQFolder
    Fallout: New Vegas
    Fax
    Feeding Frenzy 2 (remove only)
    Gadget
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    Half-Life
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 3.5
    HP Product Assistant
    HP Solution Center 9.0
    HP Update
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    Hulu Desktop
    ICA
    Intel(R) Network Connections 13.1.33.0
    IPM_SU
    Java Auto Updater
    Java(TM) 6 Update 13 (64-bit)
    Java(TM) 6 Update 37
    Juniper Networks Host Checker
    Juniper Networks Network Connect 7.1.0
    Juniper Networks, Inc. Setup Client
    Juniper Networks, Inc. Setup Client Activex Control
    Juniper Terminal Services Client
    Junk Mail filter update
    Kodak EasyShare software
    Logitech Harmony Remote Software
    Logitech Vid
    Logitech Webcam Software
    Logitech Webcam Software Driver Package
    Malwarebytes Anti-Malware version 1.65.1.1000
    Masque IGT Slots Little Green Men
    McAfee Security Scan Plus
    McAfee Total Protection
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Default Manager
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Publisher 2000
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    Microsoft XNA Framework Redistributable 3.1
    MLE
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nations Photo Lab ROES
    netbrdg
    OfotoXMI
    Pando Media Booster
    PanoStandAlone
    PowerDVD DX
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSPH10
    PSSWCORE
    PureHD
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Encoder (KB979332)
    Setup
    SFR
    Shaiya(US)
    Share
    Share64
    Shared C Run-time for x64
    SHASTA
    Sib Icon Editor
    Sierra Utilities
    skin0001
    Skins
    SKINXSDK
    Skype web features
    Skype™ 4.1
    SolutionCenter
    staticcr
    Status
    Steam
    TomTom HOME
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    Total Immersion D'Fusion @Home Web Plug-In
    TotalAudioConverter
    TrayApp
    Trojan Remover 6.8.4
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VDS10
    VideoToolkit01
    VIO
    VLC media player 1.0.1
    VMware View Client
    VPRINTOL
    Warcraft III
    WebReg
    WIDCOMM Bluetooth Software 6.0.1.4300
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Encoder 9 Series
    Windows Mobile Device Updater Component
    WinRAR archiver
    WIRELESS
    Yahoo! Install Manager
    Yahoo! Widgets
    Zune
    Zune Language Pack (CHS)
    Zune Language Pack (CHT)
    Zune Language Pack (CSY)
    Zune Language Pack (DAN)
    Zune Language Pack (DEU)
    Zune Language Pack (ELL)
    Zune Language Pack (ESP)
    Zune Language Pack (FIN)
    Zune Language Pack (FRA)
    Zune Language Pack (HUN)
    Zune Language Pack (IND)
    Zune Language Pack (ITA)
    Zune Language Pack (JPN)
    Zune Language Pack (KOR)
    Zune Language Pack (MSL)
    Zune Language Pack (NLD)
    Zune Language Pack (NOR)
    Zune Language Pack (PLK)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)
    Zune Language Pack (RUS)
    Zune Language Pack (SVE)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/28/2012 4:40:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep SRTSP SRTSPX
    10/28/2012 4:40:39 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    10/28/2012 4:40:39 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    10/28/2012 4:40:39 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    10/28/2012 4:40:39 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
    10/28/2012 4:40:36 PM, Error: Microsoft-Windows-WMPNSS-Service [14325] - Service 'WMPNetworkSvc' did not start correctly because QueryService encountered error '0x80070424'. In Windows Media Player, turn off media sharing, and then turn it back on.
    10/28/2012 4:39:51 PM, Error: EventLog [6008] - The previous system shutdown at 4:37:13 PM on 10/28/2012 was unexpected.
    .
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    06:52:00.0299 6024 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

    06:52:00.0595 6024 ============================================================

    06:52:00.0595 6024 Current date / time: 2012/10/30 06:52:00.0595

    06:52:00.0595 6024 SystemInfo:

    06:52:00.0595 6024

    06:52:00.0595 6024 OS Version: 6.0.6002 ServicePack: 2.0

    06:52:00.0595 6024 Product type: Workstation

    06:52:00.0595 6024 ComputerName: HOME

    06:52:00.0595 6024 UserName: Clint

    06:52:00.0595 6024 Windows directory: C:\Windows

    06:52:00.0595 6024 System windows directory: C:\Windows

    06:52:00.0595 6024 Running under WOW64

    06:52:00.0595 6024 Processor architecture: Intel x64

    06:52:00.0595 6024 Number of processors: 8

    06:52:00.0595 6024 Page size: 0x1000

    06:52:00.0595 6024 Boot type: Normal boot

    06:52:00.0595 6024 ============================================================

    06:52:01.0781 6024 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    06:52:01.0843 6024 ============================================================

    06:52:01.0843 6024 \Device\Harddisk0\DR0:

    06:52:01.0843 6024 MBR partitions:

    06:52:01.0843 6024 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23800, BlocksNum 0x1E00000

    06:52:01.0843 6024 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E23800, BlocksNum 0x48A34000

    06:52:01.0843 6024 ============================================================

    06:52:01.0859 6024 C: <-> \Device\Harddisk0\DR0\Partition2

    06:52:01.0890 6024 D: <-> \Device\Harddisk0\DR0\Partition1

    06:52:01.0890 6024 ============================================================

    06:52:01.0890 6024 Initialize success

    06:52:01.0890 6024 ============================================================

    06:52:06.0227 5860 ============================================================

    06:52:06.0227 5860 Scan started

    06:52:06.0227 5860 Mode: Manual;

    06:52:06.0227 5860 ============================================================

    06:52:07.0210 5860 ================ Scan system memory ========================

    06:52:07.0210 5860 System memory - ok

    06:52:07.0210 5860 ================ Scan services =============================

    06:52:07.0303 5860 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

    06:52:07.0397 5860 ACDaemon - ok

    06:52:07.0678 5860 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys

    06:52:07.0678 5860 ACPI - ok

    06:52:07.0818 5860 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    06:52:07.0818 5860 AdobeFlashPlayerUpdateSvc - ok

    06:52:07.0896 5860 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

    06:52:07.0896 5860 adp94xx - ok

    06:52:07.0943 5860 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys

    06:52:07.0943 5860 adpahci - ok

    06:52:07.0958 5860 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

    06:52:07.0958 5860 adpu160m - ok

    06:52:07.0974 5860 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

    06:52:07.0974 5860 adpu320 - ok

    06:52:08.0005 5860 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    06:52:08.0005 5860 AeLookupSvc - ok

    06:52:08.0068 5860 [ 7394641611EF3AB2D041F104F1E8C1B9 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

    06:52:08.0130 5860 AERTFilters - ok

    06:52:08.0208 5860 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys

    06:52:08.0208 5860 AFD - ok

    06:52:08.0224 5860 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys

    06:52:08.0224 5860 agp440 - ok

    06:52:08.0255 5860 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys

    06:52:08.0255 5860 aic78xx - ok

    06:52:08.0270 5860 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe

    06:52:08.0286 5860 ALG - ok

    06:52:08.0286 5860 [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide C:\Windows\system32\drivers\aliide.sys

    06:52:08.0317 5860 aliide - ok

    06:52:08.0364 5860 [ 5EC60409BD50953BD4F892B18840039E ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

    06:52:08.0395 5860 AMD External Events Utility - ok

    06:52:08.0395 5860 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys

    06:52:08.0395 5860 amdide - ok

    06:52:08.0411 5860 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

    06:52:08.0411 5860 AmdK8 - ok

    06:52:09.0082 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

    06:52:09.0113 5860 amdkmdag - ok

    06:52:09.0160 5860 [ 961A81A84FDD700E361E8294528A37BA ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

    06:52:09.0206 5860 amdkmdap - ok

    06:52:09.0238 5860 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll

    06:52:09.0238 5860 Appinfo - ok

    06:52:09.0284 5860 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys

    06:52:09.0284 5860 arc - ok

    06:52:09.0316 5860 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys

    06:52:09.0316 5860 arcsas - ok

    06:52:09.0331 5860 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    06:52:09.0347 5860 AsyncMac - ok

    06:52:09.0378 5860 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys

    06:52:09.0378 5860 atapi - ok

    06:52:09.0456 5860 [ 1A872AB76D00F52643BB0F81792BBF3B ] AtiHDAudioService C:\Windows\system32\drivers\AtihdLH6.sys

    06:52:09.0487 5860 AtiHDAudioService - ok

    06:52:09.0674 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

    06:52:09.0721 5860 atikmdag - ok

    06:52:09.0768 5860 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    06:52:09.0768 5860 AudioEndpointBuilder - ok

    06:52:09.0784 5860 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    06:52:09.0784 5860 AudioSrv - ok

    06:52:09.0846 5860 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

    06:52:09.0893 5860 BBSvc - ok

    06:52:09.0940 5860 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

    06:52:09.0986 5860 BBUpdate - ok

    06:52:10.0002 5860 Beep - ok

    06:52:10.0018 5860 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

    06:52:10.0018 5860 blbdrive - ok

    06:52:10.0080 5860 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    06:52:10.0111 5860 bowser - ok

    06:52:10.0127 5860 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

    06:52:10.0127 5860 BrFiltLo - ok

    06:52:10.0127 5860 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

    06:52:10.0142 5860 BrFiltUp - ok

    06:52:10.0174 5860 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll

    06:52:10.0174 5860 Browser - ok

    06:52:10.0205 5860 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys

    06:52:10.0205 5860 Brserid - ok

    06:52:10.0236 5860 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

    06:52:10.0236 5860 BrSerWdm - ok

    06:52:10.0236 5860 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

    06:52:10.0236 5860 BrUsbMdm - ok

    06:52:10.0252 5860 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

    06:52:10.0252 5860 BrUsbSer - ok

    06:52:10.0283 5860 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys

    06:52:10.0283 5860 BthEnum - ok

    06:52:10.0283 5860 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

    06:52:10.0298 5860 BTHMODEM - ok

    06:52:10.0314 5860 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

    06:52:10.0314 5860 BthPan - ok

    06:52:10.0376 5860 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys

    06:52:10.0408 5860 BTHPORT - ok

    06:52:10.0423 5860 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll

    06:52:10.0439 5860 BthServ - ok

    06:52:10.0439 5860 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys

    06:52:10.0486 5860 BTHUSB - ok

    06:52:10.0517 5860 [ A44AD9AB3BF98A65EB58662E3C78EAE0 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys

    06:52:10.0564 5860 btwaudio - ok

    06:52:10.0595 5860 [ A441D453821A6336F516F97F79BBFA17 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys

    06:52:10.0626 5860 btwavdt - ok

    06:52:10.0657 5860 [ B550C75397D96251A92391555FE5534C ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys

    06:52:10.0704 5860 btwrchid - ok

    06:52:10.0720 5860 catchme - ok

    06:52:10.0735 5860 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    06:52:10.0735 5860 cdfs - ok

    06:52:10.0766 5860 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    06:52:10.0766 5860 cdrom - ok

    06:52:10.0813 5860 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll

    06:52:10.0813 5860 CertPropSvc - ok

    06:52:10.0844 5860 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\Windows\system32\drivers\cfwids.sys

    06:52:10.0891 5860 cfwids - ok

    06:52:10.0938 5860 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\drivers\circlass.sys

    06:52:10.0954 5860 circlass - ok

    06:52:11.0032 5860 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys

    06:52:11.0047 5860 CLFS - ok

    06:52:11.0266 5860 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    06:52:11.0266 5860 clr_optimization_v2.0.50727_32 - ok

    06:52:11.0375 5860 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    06:52:11.0390 5860 clr_optimization_v2.0.50727_64 - ok

    06:52:11.0515 5860 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    06:52:11.0562 5860 clr_optimization_v4.0.30319_32 - ok

    06:52:11.0609 5860 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    06:52:11.0656 5860 clr_optimization_v4.0.30319_64 - ok

    06:52:11.0671 5860 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys

    06:52:11.0671 5860 cmdide - ok

    06:52:11.0671 5860 [ 34A6AA82AA36C87FC8816F2097EFA345 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

    06:52:11.0718 5860 Compbatt - ok

    06:52:11.0734 5860 COMSysApp - ok

    06:52:11.0765 5860 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

    06:52:11.0765 5860 crcdisk - ok

    06:52:11.0812 5860 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    06:52:11.0812 5860 CryptSvc - ok

    06:52:11.0921 5860 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll

    06:52:11.0921 5860 DcomLaunch - ok

    06:52:11.0968 5860 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    06:52:12.0014 5860 DfsC - ok

    06:52:12.0092 5860 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe

    06:52:12.0124 5860 DFSR - ok

    06:52:12.0155 5860 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll

    06:52:12.0170 5860 Dhcp - ok

    06:52:12.0186 5860 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys

    06:52:12.0186 5860 disk - ok

    06:52:12.0264 5860 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    06:52:12.0264 5860 Dnscache - ok

    06:52:12.0326 5860 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe

    06:52:12.0389 5860 DockLoginService - ok

    06:52:12.0420 5860 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll

    06:52:12.0420 5860 dot3svc - ok

    06:52:12.0451 5860 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

    06:52:12.0451 5860 Dot4 - ok

    06:52:12.0467 5860 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

    06:52:12.0482 5860 Dot4Print - ok

    06:52:12.0498 5860 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

    06:52:12.0498 5860 dot4usb - ok

    06:52:12.0529 5860 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll

    06:52:12.0529 5860 DPS - ok

    06:52:12.0560 5860 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    06:52:12.0560 5860 drmkaud - ok

    06:52:12.0623 5860 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys

    06:52:12.0670 5860 dsNcAdpt - ok

    06:52:12.0732 5860 [ DBB553EFC611BFC7FC2E658FFDD3AF33 ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

    06:52:12.0826 5860 dsNcService - ok

    06:52:12.0966 5860 dump_wmimmc - ok

    06:52:13.0075 5860 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    06:52:13.0153 5860 DXGKrnl - ok

    06:52:13.0200 5860 [ 17D40652EF3E55EEAE187A89DF40965A ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys

    06:52:13.0200 5860 e1express - ok

    06:52:13.0216 5860 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys

    06:52:13.0216 5860 E1G60 - ok

    06:52:13.0262 5860 [ B37F6853D6E0C6F5F8EFDE33E831B5F8 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

    06:52:13.0309 5860 e1yexpress - ok

    06:52:13.0309 5860 EagleX64 - ok

    06:52:13.0356 5860 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll

    06:52:13.0356 5860 EapHost - ok

    06:52:13.0403 5860 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys

    06:52:13.0403 5860 Ecache - ok

    06:52:13.0450 5860 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    06:52:13.0450 5860 ehRecvr - ok

    06:52:13.0481 5860 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe

    06:52:13.0496 5860 ehSched - ok

    06:52:13.0543 5860 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll

    06:52:13.0559 5860 ehstart - ok

    06:52:13.0590 5860 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys

    06:52:13.0606 5860 elxstor - ok

    06:52:13.0668 5860 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll

    06:52:13.0668 5860 EMDMgmt - ok

    06:52:13.0684 5860 [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev C:\Windows\system32\drivers\errdev.sys

    06:52:13.0715 5860 ErrDev - ok

    06:52:13.0762 5860 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll

    06:52:13.0762 5860 EventSystem - ok

    06:52:13.0777 5860 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys

    06:52:13.0793 5860 exfat - ok

    06:52:13.0808 5860 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys

    06:52:13.0808 5860 fastfat - ok

    06:52:13.0824 5860 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    06:52:13.0824 5860 fdc - ok

    06:52:13.0840 5860 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll

    06:52:13.0840 5860 fdPHost - ok

    06:52:13.0855 5860 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll

    06:52:13.0855 5860 FDResPub - ok

    06:52:13.0871 5860 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    06:52:13.0871 5860 FileInfo - ok

    06:52:13.0871 5860 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    06:52:13.0886 5860 Filetrace - ok

    06:52:13.0886 5860 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    06:52:13.0886 5860 flpydisk - ok

    06:52:13.0918 5860 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    06:52:13.0918 5860 FltMgr - ok

    06:52:14.0276 5860 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll

    06:52:14.0323 5860 FontCache - ok

    06:52:14.0354 5860 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    06:52:14.0370 5860 FontCache3.0.0.0 - ok

    06:52:14.0386 5860 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    06:52:14.0432 5860 Fs_Rec - ok

    06:52:14.0448 5860 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

    06:52:14.0448 5860 gagp30kx - ok

    06:52:14.0526 5860 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

    06:52:14.0542 5860 GoToAssist - ok

    06:52:14.0588 5860 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll

    06:52:14.0604 5860 gpsvc - ok

    06:52:14.0760 5860 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    06:52:14.0760 5860 gupdate - ok

    06:52:14.0776 5860 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    06:52:14.0776 5860 gupdatem - ok

    06:52:14.0854 5860 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

    06:52:14.0900 5860 gusvc - ok

    06:52:14.0947 5860 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    06:52:14.0947 5860 HdAudAddService - ok

    06:52:14.0994 5860 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

    06:52:14.0994 5860 HDAudBus - ok

    06:52:15.0010 5860 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys

    06:52:15.0025 5860 HidBth - ok

    06:52:15.0025 5860 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys

    06:52:15.0025 5860 HidIr - ok

    06:52:15.0056 5860 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\System32\hidserv.dll

    06:52:15.0056 5860 hidserv - ok

    06:52:15.0088 5860 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    06:52:15.0088 5860 HidUsb - ok

    06:52:15.0103 5860 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

    06:52:15.0150 5860 HipShieldK - ok

    06:52:15.0181 5860 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll

    06:52:15.0181 5860 hkmsvc - ok

    06:52:15.0212 5860 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

    06:52:15.0212 5860 HpCISSs - ok

    06:52:15.0290 5860 [ 58D4765AB87347DB835D5693ADF652C1 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

    06:52:15.0290 5860 hpqcxs08 - ok

    06:52:15.0322 5860 [ 99ED733F614660EB32199BF889DFB7E2 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

    06:52:15.0322 5860 hpqddsvc - ok

    06:52:15.0368 5860 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    06:52:15.0368 5860 HTTP - ok

    06:52:15.0384 5860 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys

    06:52:15.0400 5860 i2omp - ok

    06:52:15.0446 5860 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

    06:52:15.0462 5860 i8042prt - ok

    06:52:15.0493 5860 [ FC28E90F2204D8FD147FA9BFA8A51C01 ] iaStor C:\Windows\system32\drivers\iastor.sys

    06:52:15.0556 5860 iaStor - ok

    06:52:15.0571 5860 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

    06:52:15.0571 5860 iaStorV - ok

    06:52:15.0618 5860 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    06:52:15.0634 5860 idsvc - ok

    06:52:15.0634 5860 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys

    06:52:15.0634 5860 iirsp - ok

    06:52:15.0680 5860 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll

    06:52:15.0680 5860 IKEEXT - ok

    06:52:15.0743 5860 [ E28EDF74900E68184F44CFCDD66F1BC3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

    06:52:15.0790 5860 IntcAzAudAddService - ok

    06:52:15.0805 5860 [ DF797A12176F11B2D301C5B234BB200E ] intelide C:\Windows\system32\DRIVERS\intelide.sys

    06:52:15.0805 5860 intelide - ok

    06:52:15.0821 5860 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    06:52:15.0821 5860 intelppm - ok

    06:52:15.0852 5860 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    06:52:15.0852 5860 IPBusEnum - ok

    06:52:15.0899 5860 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    06:52:15.0899 5860 IpFilterDriver - ok

    06:52:15.0899 5860 IpInIp - ok

    06:52:15.0914 5860 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

    06:52:15.0930 5860 IPMIDRV - ok

    06:52:15.0930 5860 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

    06:52:15.0946 5860 IPNAT - ok

    06:52:15.0946 5860 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys

    06:52:15.0946 5860 IRENUM - ok

    06:52:15.0961 5860 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys

    06:52:15.0961 5860 isapnp - ok

    06:52:16.0008 5860 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

    06:52:16.0008 5860 iScsiPrt - ok

    06:52:16.0008 5860 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

    06:52:16.0024 5860 iteatapi - ok

    06:52:16.0039 5860 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys

    06:52:16.0039 5860 iteraid - ok

    06:52:16.0055 5860 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

    06:52:16.0055 5860 kbdclass - ok

    06:52:16.0070 5860 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

    06:52:16.0086 5860 kbdhid - ok

    06:52:16.0117 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe

    06:52:16.0117 5860 KeyIso - ok

    06:52:16.0148 5860 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    06:52:16.0195 5860 KSecDD - ok

    06:52:16.0211 5860 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    06:52:16.0211 5860 ksthunk - ok

    06:52:16.0258 5860 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll

    06:52:16.0273 5860 KtmRm - ok

    06:52:16.0320 5860 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\System32\srvsvc.dll

    06:52:16.0320 5860 LanmanServer - ok

    06:52:16.0367 5860 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    06:52:16.0367 5860 LanmanWorkstation - ok

    06:52:16.0382 5860 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    06:52:16.0398 5860 lltdio - ok

    06:52:16.0414 5860 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll

    06:52:16.0414 5860 lltdsvc - ok

    06:52:16.0429 5860 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll

    06:52:16.0429 5860 lmhosts - ok

    06:52:16.0460 5860 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

    06:52:16.0460 5860 LSI_FC - ok

    06:52:16.0507 5860 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

    06:52:16.0507 5860 LSI_SAS - ok

    06:52:16.0507 5860 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

    06:52:16.0507 5860 LSI_SCSI - ok

    06:52:16.0538 5860 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys

    06:52:16.0554 5860 luafv - ok

    06:52:16.0585 5860 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys

    06:52:16.0648 5860 LVPr2M64 - ok

    06:52:16.0679 5860 [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys

    06:52:16.0679 5860 LVPr2Mon - ok

    06:52:16.0726 5860 [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

    06:52:16.0788 5860 LVPrcS64 - ok

    06:52:16.0850 5860 [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys

    06:52:16.0913 5860 LVRS64 - ok

    06:52:17.0053 5860 [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

    06:52:17.0131 5860 LVUVC64 - ok

    06:52:17.0209 5860 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe

    06:52:17.0209 5860 McAfee SiteAdvisor Service - ok

    06:52:17.0272 5860 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

    06:52:17.0350 5860 McciCMService - ok

    06:52:17.0381 5860 [ BE3D584D7C021EB7D89166EECB83C341 ] McciCMService64 C:\Program Files\Common Files\Motive\McciCMService.exe

    06:52:17.0443 5860 McciCMService64 - ok

    06:52:17.0506 5860 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe

    06:52:17.0584 5860 McComponentHostService - ok

    06:52:17.0724 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    06:52:17.0724 5860 McMPFSvc - ok

    06:52:17.0786 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    06:52:17.0786 5860 mcmscsvc - ok

    06:52:17.0833 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    06:52:17.0833 5860 McNaiAnn - ok

    06:52:17.0974 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    06:52:17.0974 5860 McNASvc - ok

    06:52:18.0067 5860 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

    06:52:18.0130 5860 McODS - ok

    06:52:18.0145 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    06:52:18.0145 5860 McProxy - ok

    06:52:18.0176 5860 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    06:52:18.0176 5860 McShield - ok

    06:52:18.0208 5860 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    06:52:18.0208 5860 Mcx2Svc - ok

    06:52:18.0254 5860 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys

    06:52:18.0254 5860 megasas - ok

    06:52:18.0301 5860 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys

    06:52:18.0301 5860 MegaSR - ok

    06:52:18.0348 5860 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

    06:52:18.0410 5860 mfeapfk - ok

    06:52:18.0457 5860 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

    06:52:18.0535 5860 mfeavfk - ok

    06:52:18.0551 5860 mfeavfk01 - ok

    06:52:18.0582 5860 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    06:52:18.0582 5860 mfefire - ok

    06:52:18.0598 5860 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

    06:52:18.0676 5860 mfefirek - ok

    06:52:18.0707 5860 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

    06:52:18.0785 5860 mfehidk - ok

    06:52:18.0800 5860 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

    06:52:18.0863 5860 mferkdet - ok

    06:52:18.0894 5860 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

    06:52:18.0894 5860 mfevtp - ok

    06:52:18.0925 5860 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

    06:52:19.0003 5860 mfewfpk - ok

    06:52:19.0034 5860 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
  7. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    06:52:19.0034 5860 MMCSS - ok
    06:52:19.0034 5860 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
    06:52:19.0034 5860 Modem - ok
    06:52:19.0066 5860 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    06:52:19.0066 5860 monitor - ok
    06:52:19.0097 5860 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    06:52:19.0097 5860 mouclass - ok
    06:52:19.0128 5860 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    06:52:19.0128 5860 mouhid - ok
    06:52:19.0128 5860 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
    06:52:19.0128 5860 MountMgr - ok
    06:52:19.0175 5860 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
    06:52:19.0175 5860 mpio - ok
    06:52:19.0190 5860 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    06:52:19.0190 5860 mpsdrv - ok
    06:52:19.0190 5860 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
    06:52:19.0206 5860 Mraid35x - ok
    06:52:19.0237 5860 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
    06:52:19.0300 5860 MREMP50 - ok
    06:52:19.0315 5860 MREMP50a64 - ok
    06:52:19.0315 5860 MREMPR5 - ok
    06:52:19.0315 5860 MRENDIS5 - ok
    06:52:19.0346 5860 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
    06:52:19.0409 5860 MRESP50 - ok
    06:52:19.0409 5860 MRESP50a64 - ok
    06:52:19.0440 5860 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    06:52:19.0440 5860 MRxDAV - ok
    06:52:19.0487 5860 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    06:52:19.0565 5860 mrxsmb - ok
    06:52:19.0612 5860 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    06:52:19.0674 5860 mrxsmb10 - ok
    06:52:19.0674 5860 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    06:52:19.0736 5860 mrxsmb20 - ok
    06:52:19.0752 5860 [ 730B784962D22D2C6481EAE2370E7C8C ] msahci C:\Windows\system32\drivers\msahci.sys
    06:52:19.0814 5860 msahci - ok
    06:52:19.0814 5860 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    06:52:19.0814 5860 msdsm - ok
    06:52:19.0846 5860 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
    06:52:19.0846 5860 MSDTC - ok
    06:52:19.0877 5860 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
    06:52:19.0892 5860 Msfs - ok
    06:52:19.0924 5860 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    06:52:19.0939 5860 msisadrv - ok
    06:52:19.0955 5860 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    06:52:19.0955 5860 MSiSCSI - ok
    06:52:19.0955 5860 msiserver - ok
    06:52:19.0986 5860 [ F928E5E72BBA15DD0CE9A26E0413D236 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    06:52:19.0986 5860 MSK80Service - ok
    06:52:20.0017 5860 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    06:52:20.0017 5860 MSKSSRV - ok
    06:52:20.0033 5860 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    06:52:20.0048 5860 MSPCLOCK - ok
    06:52:20.0064 5860 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    06:52:20.0064 5860 MSPQM - ok
    06:52:20.0095 5860 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    06:52:20.0095 5860 MsRPC - ok
    06:52:20.0111 5860 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    06:52:20.0111 5860 mssmbios - ok
    06:52:20.0126 5860 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    06:52:20.0126 5860 MSTEE - ok
    06:52:20.0126 5860 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
    06:52:20.0126 5860 Mup - ok
    06:52:20.0173 5860 [ B5A7DED4455D6D694091827DC91FED99 ] NAL C:\Windows\system32\Drivers\iqvw64e.sys
    06:52:20.0220 5860 NAL - ok
    06:52:20.0236 5860 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
    06:52:20.0236 5860 napagent - ok
    06:52:20.0267 5860 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    06:52:20.0267 5860 NativeWifiP - ok
    06:52:20.0298 5860 NAVENG - ok
    06:52:20.0298 5860 NAVEX15 - ok
    06:52:20.0329 5860 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
    06:52:20.0329 5860 NDIS - ok
    06:52:20.0360 5860 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    06:52:20.0360 5860 NdisTapi - ok
    06:52:20.0376 5860 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    06:52:20.0376 5860 Ndisuio - ok
    06:52:20.0407 5860 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    06:52:20.0407 5860 NdisWan - ok
    06:52:20.0438 5860 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    06:52:20.0438 5860 NDProxy - ok
    06:52:20.0485 5860 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    06:52:20.0516 5860 Net Driver HPZ12 - ok
    06:52:20.0516 5860 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    06:52:20.0532 5860 NetBIOS - ok
    06:52:20.0563 5860 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
    06:52:20.0563 5860 netbt - ok
    06:52:20.0563 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
    06:52:20.0563 5860 Netlogon - ok
    06:52:20.0594 5860 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
    06:52:20.0610 5860 Netman - ok
    06:52:20.0610 5860 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
    06:52:20.0610 5860 netprofm - ok
    06:52:20.0641 5860 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    06:52:20.0641 5860 NetTcpPortSharing - ok
    06:52:20.0657 5860 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    06:52:20.0657 5860 nfrd960 - ok
    06:52:20.0672 5860 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
    06:52:20.0672 5860 NlaSvc - ok
    06:52:20.0672 5860 Norton Internet Security - ok
    06:52:20.0688 5860 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    06:52:20.0704 5860 Npfs - ok
    06:52:20.0704 5860 npggsvc - ok
    06:52:20.0704 5860 NPPTNT2 - ok
    06:52:20.0735 5860 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
    06:52:20.0735 5860 nsi - ok
    06:52:20.0750 5860 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    06:52:20.0750 5860 nsiproxy - ok
    06:52:20.0782 5860 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    06:52:20.0797 5860 Ntfs - ok
    06:52:20.0813 5860 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
    06:52:20.0813 5860 Null - ok
    06:52:20.0828 5860 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    06:52:20.0828 5860 nvraid - ok
    06:52:20.0844 5860 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
    06:52:20.0844 5860 nvstor - ok
    06:52:20.0844 5860 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    06:52:20.0860 5860 nv_agp - ok
    06:52:20.0860 5860 NwlnkFlt - ok
    06:52:20.0860 5860 NwlnkFwd - ok
    06:52:20.0938 5860 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    06:52:20.0984 5860 odserv - ok
    06:52:21.0031 5860 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
    06:52:21.0031 5860 ohci1394 - ok
    06:52:21.0078 5860 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    06:52:21.0125 5860 ose - ok
    06:52:21.0172 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
    06:52:21.0172 5860 p2pimsvc - ok
    06:52:21.0187 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
    06:52:21.0187 5860 p2psvc - ok
    06:52:21.0203 5860 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
    06:52:21.0203 5860 Parport - ok
    06:52:21.0250 5860 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    06:52:21.0296 5860 partmgr - ok
    06:52:21.0328 5860 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
    06:52:21.0328 5860 PcaSvc - ok
    06:52:21.0390 5860 [ 4B5F5774FF1C577B9515FDD2B5C535C5 ] PCDSRVC{1E208CE0-FB7451FF-06020200}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
    06:52:21.0437 5860 PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - ok
    06:52:21.0452 5860 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
    06:52:21.0452 5860 pci - ok
    06:52:21.0484 5860 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
    06:52:21.0499 5860 pciide - ok
    06:52:21.0530 5860 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    06:52:21.0530 5860 pcmcia - ok
    06:52:21.0593 5860 [ AF7CE12C4F3DC8CB2B07685C916BBCFE ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    06:52:21.0640 5860 pcouffin - ok
    06:52:21.0655 5860 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    06:52:21.0671 5860 PEAUTH - ok
    06:52:21.0764 5860 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    06:52:21.0764 5860 PerfHost - ok
    06:52:21.0827 5860 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
    06:52:21.0842 5860 pla - ok
    06:52:21.0874 5860 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    06:52:21.0889 5860 PlugPlay - ok
    06:52:21.0936 5860 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    06:52:21.0967 5860 Pml Driver HPZ12 - ok
    06:52:21.0983 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
    06:52:21.0998 5860 PNRPAutoReg - ok
    06:52:22.0014 5860 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
    06:52:22.0030 5860 PNRPsvc - ok
    06:52:22.0061 5860 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    06:52:22.0076 5860 PolicyAgent - ok
    06:52:22.0123 5860 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    06:52:22.0123 5860 PptpMiniport - ok
    06:52:22.0139 5860 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
    06:52:22.0154 5860 Processor - ok
    06:52:22.0186 5860 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
    06:52:22.0186 5860 ProfSvc - ok
    06:52:22.0186 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
    06:52:22.0201 5860 ProtectedStorage - ok
    06:52:22.0248 5860 [ F115AF58ABE5605D7D709CBFBD83F418 ] ProtexisLicensing C:\Windows\SysWOW64\PSIService.exe
    06:52:22.0342 5860 ProtexisLicensing - ok
    06:52:22.0373 5860 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
    06:52:22.0373 5860 PSched - ok
    06:52:22.0435 5860 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    06:52:22.0544 5860 PSI_SVC_2 - ok
    06:52:22.0576 5860 [ FBF4DB6D53585437E41A113300002A2B ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    06:52:22.0638 5860 PxHlpa64 - ok
    06:52:22.0669 5860 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    06:52:22.0685 5860 ql2300 - ok
    06:52:22.0685 5860 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    06:52:22.0685 5860 ql40xx - ok
    06:52:22.0716 5860 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
    06:52:22.0716 5860 QWAVE - ok
    06:52:22.0732 5860 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    06:52:22.0732 5860 QWAVEdrv - ok
    06:52:22.0934 5860 [ 322E5C178990F116F00E3D923F4E6B1C ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
    06:52:22.0997 5860 R300 - ok
    06:52:23.0090 5860 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    06:52:23.0090 5860 RapiMgr - ok
    06:52:23.0106 5860 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    06:52:23.0106 5860 RasAcd - ok
    06:52:23.0137 5860 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
    06:52:23.0137 5860 RasAuto - ok
    06:52:23.0168 5860 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    06:52:23.0168 5860 Rasl2tp - ok
    06:52:23.0184 5860 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
    06:52:23.0184 5860 RasMan - ok
    06:52:23.0215 5860 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    06:52:23.0215 5860 RasPppoe - ok
    06:52:23.0246 5860 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    06:52:23.0246 5860 RasSstp - ok
    06:52:23.0278 5860 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    06:52:23.0278 5860 rdbss - ok
    06:52:23.0278 5860 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    06:52:23.0278 5860 RDPCDD - ok
    06:52:23.0293 5860 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
    06:52:23.0309 5860 rdpdr - ok
    06:52:23.0309 5860 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    06:52:23.0309 5860 RDPENCDD - ok
    06:52:23.0480 5860 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    06:52:23.0512 5860 RDPWD - ok
    06:52:23.0574 5860 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
    06:52:23.0590 5860 RemoteAccess - ok
    06:52:23.0668 5860 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    06:52:23.0668 5860 RemoteRegistry - ok
    06:52:23.0699 5860 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    06:52:23.0699 5860 RFCOMM - ok
    06:52:23.0746 5860 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
    06:52:23.0761 5860 RpcLocator - ok
    06:52:23.0902 5860 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
    06:52:23.0902 5860 RpcSs - ok
    06:52:23.0917 5860 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    06:52:23.0917 5860 rspndr - ok
    06:52:24.0026 5860 [ 86044D29E67B27F8BB80B381486BC1ED ] SaiK0728 C:\Windows\system32\DRIVERS\SaiK0728.sys
    06:52:24.0073 5860 SaiK0728 - ok
    06:52:24.0089 5860 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
    06:52:24.0089 5860 SamSs - ok
    06:52:24.0104 5860 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    06:52:24.0120 5860 sbp2port - ok
    06:52:24.0167 5860 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
    06:52:24.0167 5860 SCardSvr - ok
    06:52:24.0229 5860 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
    06:52:24.0229 5860 Schedule - ok
    06:52:24.0245 5860 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
    06:52:24.0245 5860 SCPolicySvc - ok
    06:52:24.0276 5860 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    06:52:24.0276 5860 SDRSVC - ok
    06:52:24.0307 5860 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    06:52:24.0307 5860 secdrv - ok
    06:52:24.0307 5860 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
    06:52:24.0307 5860 seclogon - ok
    06:52:24.0323 5860 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
    06:52:24.0338 5860 SENS - ok
    06:52:24.0338 5860 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
    06:52:24.0338 5860 Serenum - ok
    06:52:24.0354 5860 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
    06:52:24.0354 5860 Serial - ok
    06:52:24.0354 5860 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
    06:52:24.0354 5860 sermouse - ok
    06:52:24.0401 5860 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
    06:52:24.0401 5860 SessionEnv - ok
    06:52:24.0401 5860 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    06:52:24.0401 5860 sffdisk - ok
    06:52:24.0416 5860 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    06:52:24.0416 5860 sffp_mmc - ok
    06:52:24.0416 5860 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    06:52:24.0416 5860 sffp_sd - ok
    06:52:24.0416 5860 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    06:52:24.0432 5860 sfloppy - ok
    06:52:24.0479 5860 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    06:52:24.0494 5860 ShellHWDetection - ok
    06:52:24.0494 5860 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
    06:52:24.0494 5860 SiSRaid2 - ok
    06:52:24.0526 5860 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    06:52:24.0526 5860 SiSRaid4 - ok
    06:52:24.0604 5860 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
    06:52:24.0635 5860 slsvc - ok
    06:52:24.0650 5860 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
    06:52:24.0650 5860 SLUINotify - ok
    06:52:24.0666 5860 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    06:52:24.0666 5860 Smb - ok
    06:52:24.0697 5860 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    06:52:24.0697 5860 SNMPTRAP - ok
    06:52:24.0728 5860 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
    06:52:24.0728 5860 spldr - ok
    06:52:24.0744 5860 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
    06:52:24.0744 5860 Spooler - ok
    06:52:24.0760 5860 SRTSP - ok
    06:52:24.0760 5860 SRTSPX - ok
    06:52:24.0806 5860 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
    06:52:24.0853 5860 srv - ok
    06:52:24.0900 5860 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    06:52:24.0947 5860 srv2 - ok
    06:52:24.0962 5860 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    06:52:25.0009 5860 srvnet - ok
    06:52:25.0040 5860 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    06:52:25.0040 5860 SSDPSRV - ok
    06:52:25.0087 5860 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
    06:52:25.0087 5860 SstpSvc - ok
    06:52:25.0103 5860 Steam Client Service - ok
    06:52:25.0150 5860 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
    06:52:25.0150 5860 stisvc - ok
    06:52:25.0212 5860 [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    06:52:25.0274 5860 stllssvr - ok
    06:52:25.0306 5860 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    06:52:25.0306 5860 swenum - ok
    06:52:25.0337 5860 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
    06:52:25.0337 5860 swprv - ok
    06:52:25.0368 5860 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
    06:52:25.0368 5860 Symc8xx - ok
    06:52:25.0477 5860 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
    06:52:25.0493 5860 Sym_hi - ok
    06:52:25.0524 5860 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
    06:52:25.0524 5860 Sym_u3 - ok
    06:52:25.0571 5860 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
    06:52:25.0586 5860 SysMain - ok
    06:52:25.0602 5860 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
    06:52:25.0618 5860 TabletInputService - ok
    06:52:25.0649 5860 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
    06:52:25.0649 5860 TapiSrv - ok
    06:52:25.0664 5860 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
    06:52:25.0664 5860 TBS - ok
    06:52:25.0742 5860 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    06:52:25.0789 5860 Tcpip - ok
    06:52:25.0805 5860 [ 46D448E9117464E4D3BBF36D7E3FA48E ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
    06:52:25.0820 5860 Tcpip6 - ok
    06:52:25.0852 5860 [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    06:52:25.0852 5860 tcpipreg - ok
    06:52:25.0883 5860 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    06:52:25.0883 5860 TDPIPE - ok
    06:52:25.0883 5860 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    06:52:25.0883 5860 TDTCP - ok
    06:52:25.0914 5860 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    06:52:25.0930 5860 tdx - ok
    06:52:25.0961 5860 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    06:52:25.0961 5860 TermDD - ok
    06:52:25.0992 5860 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
    06:52:25.0992 5860 TermService - ok
    06:52:26.0008 5860 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
    06:52:26.0008 5860 Themes - ok
    06:52:26.0039 5860 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
    06:52:26.0039 5860 THREADORDER - ok
    06:52:26.0117 5860 [ E319535A8124F25C1C9C5288CACF3101 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    06:52:26.0195 5860 TomTomHOMEService - ok
    06:52:26.0210 5860 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
    06:52:26.0210 5860 TrkWks - ok
    06:52:26.0257 5860 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    06:52:26.0273 5860 TrustedInstaller - ok
    06:52:26.0288 5860 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    06:52:26.0288 5860 tssecsrv - ok
    06:52:26.0320 5860 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
    06:52:26.0335 5860 tunmp - ok
    06:52:26.0366 5860 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    06:52:26.0366 5860 tunnel - ok
    06:52:26.0366 5860 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    06:52:26.0382 5860 uagp35 - ok
    06:52:26.0491 5860 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    06:52:26.0507 5860 udfs - ok
    06:52:26.0522 5860 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
    06:52:26.0538 5860 UI0Detect - ok
    06:52:26.0585 5860 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    06:52:26.0585 5860 uliagpkx - ok
    06:52:26.0632 5860 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
    06:52:26.0632 5860 uliahci - ok
    06:52:26.0647 5860 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
    06:52:26.0647 5860 UlSata - ok
    06:52:26.0663 5860 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
    06:52:26.0678 5860 ulsata2 - ok
    06:52:26.0694 5860 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    06:52:26.0710 5860 umbus - ok
    06:52:26.0725 5860 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
    06:52:26.0725 5860 upnphost - ok
    06:52:26.0788 5860 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    06:52:26.0788 5860 usbaudio - ok
    06:52:26.0834 5860 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    06:52:26.0834 5860 usbccgp - ok
    06:52:26.0850 5860 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    06:52:26.0866 5860 usbcir - ok
    06:52:26.0912 5860 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    06:52:26.0912 5860 usbehci - ok
    06:52:26.0944 5860 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    06:52:26.0959 5860 usbhub - ok
    06:52:26.0990 5860 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    06:52:26.0990 5860 usbohci - ok
    06:52:27.0053 5860 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    06:52:27.0053 5860 usbprint - ok
    06:52:27.0178 5860 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    06:52:27.0178 5860 usbscan - ok
    06:52:27.0224 5860 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    06:52:27.0224 5860 USBSTOR - ok
    06:52:27.0271 5860 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    06:52:27.0287 5860 usbuhci - ok
    06:52:27.0318 5860 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    06:52:27.0318 5860 usbvideo - ok
    06:52:27.0334 5860 [ 1E36BB1A3C5AAF2AA9FA9A126DF8C16C ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
    06:52:27.0349 5860 usb_rndisx - ok
    06:52:27.0365 5860 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
    06:52:27.0365 5860 UxSms - ok
    06:52:27.0380 5860 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
    06:52:27.0396 5860 vds - ok
    06:52:27.0443 5860 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    06:52:27.0443 5860 vga - ok
    06:52:27.0458 5860 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
    06:52:27.0458 5860 VgaSave - ok
    06:52:27.0458 5860 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
    06:52:27.0458 5860 viaide - ok
    06:52:27.0474 5860 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
    06:52:27.0490 5860 volmgr - ok
    06:52:27.0521 5860 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    06:52:27.0521 5860 volmgrx - ok
    06:52:27.0552 5860 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
    06:52:27.0568 5860 volsnap - ok
    06:52:27.0599 5860 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    06:52:27.0599 5860 vsmraid - ok
    06:52:27.0646 5860 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
    06:52:27.0677 5860 VSS - ok
    06:52:27.0724 5860 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
    06:52:27.0724 5860 W32Time - ok
    06:52:27.0770 5860 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    06:52:27.0770 5860 WacomPen - ok
    06:52:27.0802 5860 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
    06:52:27.0802 5860 Wanarp - ok
    06:52:27.0817 5860 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    06:52:27.0817 5860 Wanarpv6 - ok
    06:52:27.0864 5860 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    06:52:27.0864 5860 WcesComm - ok
    06:52:27.0911 5860 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    06:52:27.0926 5860 wcncsvc - ok
    06:52:27.0958 5860 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    06:52:27.0958 5860 WcsPlugInService - ok
    06:52:27.0989 5860 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
    06:52:27.0989 5860 Wd - ok
    06:52:28.0129 5860 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    06:52:28.0145 5860 Wdf01000 - ok
    06:52:28.0160 5860 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
    06:52:28.0160 5860 WdiServiceHost - ok
    06:52:28.0192 5860 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
    06:52:28.0192 5860 WdiSystemHost - ok
    06:52:28.0223 5860 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
    06:52:28.0223 5860 WebClient - ok
    06:52:28.0285 5860 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
    06:52:28.0332 5860 Wecsvc - ok
    06:52:28.0348 5860 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    06:52:28.0348 5860 wercplsupport - ok
    06:52:28.0363 5860 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
    06:52:28.0363 5860 WerSvc - ok
    06:52:28.0363 5860 WinHttpAutoProxySvc - ok
    06:52:28.0410 5860 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    06:52:28.0426 5860 Winmgmt - ok
    06:52:28.0504 5860 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
    06:52:28.0566 5860 WinRM - ok
    06:52:28.0628 5860 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    06:52:28.0628 5860 WinUSB - ok
    06:52:28.0675 5860 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
    06:52:28.0675 5860 Wlansvc - ok
    06:52:28.0706 5860 [ 7999DFB1C555EFC0DB69576F70027867 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    06:52:28.0769 5860 WmiAcpi - ok
    06:52:28.0784 5860 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    06:52:28.0784 5860 wmiApSrv - ok
    06:52:28.0816 5860 WMPNetworkSvc - ok
    06:52:28.0894 5860 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
    06:52:28.0972 5860 WMZuneComm - ok
    06:52:28.0987 5860 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    06:52:29.0003 5860 WPCSvc - ok
    06:52:29.0018 5860 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    06:52:29.0034 5860 WPDBusEnum - ok
    06:52:29.0050 5860 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
    06:52:29.0050 5860 WpdUsb - ok
    06:52:29.0190 5860 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    06:52:29.0237 5860 WPFFontCache_v0400 - ok
    06:52:29.0237 5860 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    06:52:29.0237 5860 ws2ifsl - ok
    06:52:29.0252 5860 WSearch - ok
    06:52:29.0346 5860 [ 4CC0B7D16A516238A789C641061E9FC8 ] wsnm C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe
    06:52:29.0393 5860 wsnm - ok
    06:52:29.0424 5860 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    06:52:29.0424 5860 WudfPf - ok
    06:52:29.0471 5860 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    06:52:29.0471 5860 WUDFRd - ok
    06:52:29.0502 5860 [ 3DCC7BF5AFA921B479E622BD999121F3 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    06:52:29.0533 5860 wudfsvc - ok
    06:52:29.0689 5860 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
    06:52:29.0767 5860 ZuneNetworkSvc - ok
    06:52:29.0798 5860 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
    06:52:29.0830 5860 ZuneWlanCfgSvc - ok
    06:52:29.0861 5860 ================ Scan global ===============================
    06:52:29.0876 5860 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
    06:52:29.0923 5860 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    06:52:29.0939 5860 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
    06:52:29.0970 5860 [ E2D076F2C1239AA6C7412BA6B8B1DE4E ] C:\Windows\system32\services.exe
    06:52:29.0970 5860 [Global] - ok
    06:52:29.0970 5860 ================ Scan MBR ==================================
    06:52:29.0970 5860 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
    06:52:30.0376 5860 \Device\Harddisk0\DR0 - ok
    06:52:30.0376 5860 ================ Scan VBR ==================================
    06:52:30.0391 5860 [ A0DFA4F67A6F7E1BE17943CC7A6A15DB ] \Device\Harddisk0\DR0\Partition1
    06:52:30.0391 5860 \Device\Harddisk0\DR0\Partition1 - ok
    06:52:30.0391 5860 [ CBF2A027F935BD82F02C6CB73373DC32 ] \Device\Harddisk0\DR0\Partition2
    06:52:30.0407 5860 \Device\Harddisk0\DR0\Partition2 - ok
    06:52:30.0407 5860 ============================================================
    06:52:30.0407 5860 Scan finished
    06:52:30.0407 5860 ============================================================
    06:52:30.0407 5988 Detected object count: 0
    06:52:30.0407 5988 Actual detected object count: 0
  8. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ===============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
  9. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    RogueKiller V8.2.1 [10/29/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Clint [Admin rights]
    Mode : Remove -- Date : 10/30/2012 17:18:50
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 13 ¤¤¤
    [TASK][SUSP PATH] {15177EB6-50E1-4AEE-A902-4D54CFBE7530} : C:\Windows\System32\pcalua.exe -a C:\Users\Clint\AppData\Roaming\C285D5A21A028C27A1499E3BF47BD7F4\modulesetup70700.exe -c /uninstall -> DELETED
    [TASK][SUSP PATH] {B2E7CFCB-BE7A-411B-9C0A-AC7828660B49} : C:\Windows\System32\pcalua.exe -a C:\PROGRA~2\COMMON~1\Logishrd\LQCVFX\MODELF~1.EXE -d C:\Windows\system32 -c "C:\Users\Clint\AppData\Local\Temp\Red Carnival Mask.LVF" -> DELETED
    [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)
    [SHELL][BLPATH] [ON_D:]HKLM\Software[...]\Winlogon : Shell (cmd.exe /k start cmd.exe) -> REPLACED (Explorer.exe)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\U --> REMOVED
    [Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L\00000004.@ --> REMOVED
    [Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L\201d3dde --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\Users\Clint\AppData\Local\{04459ec2-4ec6-e38c-a8fa-9291d46fec2f}\L --> REMOVED
    [Susp.ASLR][FILE] services.exe : C:\Windows\system32\services.exe --> REPLACED AT REBOOT (C:\Windows\erdnt\cache64\services.exe)
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ Extern Hives: ¤¤¤
    -> D:\windows\system32\config\SOFTWARE
    -> D:\Users\Default\NTUSER.DAT
    ¤¤¤ Infection : ZeroAccess ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    127.0.0.1 localhost

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: SAMSUNG HD642JJ ATA Device +++++
    --- User ---
    [MBR] d817dc7469c9ee045035e89a50a8a653
    [BSP] 0f085dc2ede3df40f901047f0a61eb78 : Windows Vista MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 145408 | Size: 15360 Mo
    2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31602688 | Size: 595048 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: HP Photosmart C6200 USB Device +++++
    Error reading User MBR!
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
  10. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-30 17:49:37
    -----------------------------
    17:49:37.892 OS Version: Windows x64 6.0.6002 Service Pack 2
    17:49:37.892 Number of processors: 8 586 0x1A05
    17:49:37.892 ComputerName: HOME UserName:
    17:49:39.639 Initialize success
    17:50:40.914 AVAST engine defs: 12103001
    17:52:13.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    17:52:13.872 Disk 0 Vendor: SAMSUNG_HD642JJ 1AA01117 Size: 610480MB BusType: 3
    17:52:13.872 Disk 0 MBR read successfully
    17:52:13.888 Disk 0 MBR scan
    17:52:13.888 Disk 0 Windows VISTA default MBR code
    17:52:13.888 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 70 MB offset 63
    17:52:13.919 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15360 MB offset 145408
    17:52:13.935 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 595048 MB offset 31602688
    17:52:13.950 Disk 0 scanning C:\Windows\system32\drivers
    17:52:23.342 Service scanning
    17:52:43.450 Modules scanning
    17:52:43.450 Disk 0 trace - called modules:
    17:52:43.466 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    17:52:43.481 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b94790]
    17:52:43.481 3 CLASSPNP.SYS[fffffa6001023c33] -> nt!IofCallDriver -> [0xfffffa8006582520]
    17:52:43.497 5 acpi.sys[fffffa60008c4fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800657f060]
    17:52:45.182 AVAST engine scan C:\Windows
    17:52:52.280 AVAST engine scan C:\Windows\system32
    17:57:52.048 AVAST engine scan C:\Windows\system32\drivers
    17:58:05.402 AVAST engine scan C:\Users\Clint
    18:14:31.592 AVAST engine scan C:\ProgramData
    18:23:50.992 Scan finished successfully
    18:39:16.132 Disk 0 MBR has been saved successfully to "C:\Users\Clint\Documents\Scan Logs\MBR.dat"
    18:39:16.132 The log file has been saved successfully to "C:\Users\Clint\Documents\Scan Logs\2012_1030 aswMBR.txt"
  11. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Create new restore point before proceeding with the next step....
    How to:
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    ===============================

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    ComboFix 12-10-30.03 - Clint 10/30/2012 20:51:30.4.8 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4486 [GMT -5:00]
    Running from: c:\users\Clint\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\6032\AddOnDownloaded\305a1406-381f-449d-9486-32504a38e5b0.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3b429c4f-8ba9-4a7d-bbb4-4548bb6d2539.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\3c49c05a-0eb3-4044-a0f8-d4ea2a439295.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\5f169f6e-cfce-411e-b266-aa53ac35ce83.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\8c199aef-9eca-4ab6-863d-c9136ebec654.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\a7201707-7895-43cf-9119-8a0279b75d4c.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\af728edb-0984-4c06-9a4b-0878bcfa9a26.dll
    c:\programdata\PCDr\6032\AddOnDownloaded\cf9bce06-e765-4c6f-afa9-0d82a3adc417.dll
    c:\programdata\rat_0ybba.pad
    c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Failed to delete
    c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Failed to delete
    .
    c:\windows\system32\Services.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-31 04:42 . 2012-10-31 04:49 -------- d-----w- c:\users\Clint\AppData\Local\temp
    2012-10-31 04:42 . 2012-10-31 04:42 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-10-31 04:42 . 2012-10-31 04:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-27 04:01 . 2012-10-27 04:01 -------- d-----w- c:\program files (x86)\Ask.com
    2012-10-27 04:01 . 2012-10-27 04:01 -------- d-----w- C:\Firefox
    2012-10-27 03:51 . 2012-10-27 03:51 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-10-27 03:51 . 2012-10-27 03:51 -------- d-----w- c:\programdata\Ask
    2012-10-27 03:50 . 2012-10-27 03:50 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
    2012-10-27 03:50 . 2012-10-27 03:50 -------- d-----w- c:\program files (x86)\Java
    2012-10-22 01:53 . 2012-10-22 01:53 -------- d-----w- c:\users\Clint\AppData\Roaming\AlawarEntertainment
    2012-10-22 01:52 . 2012-10-22 01:52 -------- d-----w- C:\Games
    2012-10-22 01:51 . 2012-10-22 01:51 -------- d-----w- c:\program files (x86)\RealArcade
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-27 03:50 . 2010-09-15 11:56 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-10-09 04:12 . 2012-04-03 11:50 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-09 04:12 . 2011-05-27 02:33 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-30 00:54 . 2012-08-19 15:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-16 08:01 . 2006-11-02 12:35 62134624 ----a-w- c:\windows\system32\mrt.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "Akamai NetSession Interface"="c:\users\Clint\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
    "TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-07-26 247768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
    "TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2012-07-03 1244432]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
    .
    c:\users\Clint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-3-3 113664]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-02-24 88576]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    Akamai REG_MULTI_SZ Akamai
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 04:12]
    .
    2012-10-29 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2006-11-02 09:45]
    .
    2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 22:27]
    .
    2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 22:27]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2007-10-31 531784]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.yahoo.com/
    mLocal Page = c:\windows\system32\blank.htm
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    Trusted Zone: $talisma_url$
    TCP: DhcpNameServer = 192.168.1.254
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-StartCCC - c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-75296469.sys
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Dell\DellDock\DockLogin.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
    c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    c:\program files (x86)\Common Files\Motive\McciCMService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\windows\SysWOW64\PSIService.exe
    c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files (x86)\VMware\VMware View\Client\bin\wsnm.exe
    c:\program files (x86)\Java\jre6\bin\java.exe
    c:\program files (x86)\Trojan Remover\sschk.exe
    .
    **************************************************************************
    .
    Completion time: 2012-10-30 23:54:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-10-31 04:54
    ComboFix2.txt 2012-08-06 17:28
    ComboFix3.txt 2012-08-06 14:52
    ComboFix4.txt 2012-07-29 17:12
    .
    Pre-Run: 431,426,932,736 bytes free
    Post-Run: 430,971,555,840 bytes free
    .
    - - End Of File - - 00B009A639B80B900281F910AF043527
  13. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    Hi Broni, (I'm at work)
    During the ComboFix scan, the exe gave me a prompt telling me that McAffee firewall and anti-virus were still enabled although I had disabled them so I ran it anyway. Thought I'd mention this in the event you find something in the report that is unusual. Thanks for all your help!!
  14. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
  15. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-10-2012
    Ran by SYSTEM at 01-11-2012 20:00:52
    Running from D:\
    Windows Vista (TM) Home Premium Service Pack 1 (X64) OS Language: English(US)
    The current controlset is ControlSet001
    ==================== Registry (Whitelisted) ===================
    HKLM\...\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode [x]
    HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
    HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
    HKLM\...\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup [531784 2007-10-30] (Corel, Inc.)
    HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [250192 2009-04-24] (Microsoft Corporation)
    HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)
    HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [TrojanScanner] "C:\Program Files (x86)\Trojan Remover\Trjscan.exe" /boot [1244432 2012-07-03] (Simply Super Software)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [] [x]
    HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
    HKU\Clint\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\Clint\...\Run: [Akamai NetSession Interface] "C:\Users\Clint\AppData\Local\Akamai\netsession_win.exe" [4441920 2012-10-09] (Akamai Technologies, Inc.)
    HKU\Clint\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-05] (Valve Corporation)
    HKU\Clint\...\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [247768 2012-07-26] (TomTom)
    Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
    Startup: C:\Users\Clint\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk
    ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
    ==================== Services (Whitelisted) ===================
    2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    2 McAfee SiteAdvisor Service; "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" [103472 2012-06-15] (McAfee, Inc.)
    2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
    3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
    2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)
    2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-06-22] (McAfee, Inc.)
    2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-06-22] (McAfee, Inc.)
    2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [177144 2012-06-22] (McAfee, Inc.)
    2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)
    2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
    2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [92632 2012-07-26] (TomTom)
    2 wsnm; "C:\Program Files (x86)\VMware\VMware View\Client\bin\wsnm.exe" -SCMStartup [151552 2010-02-10] (VMware, Inc.)
    2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 [x]
    ==================== Drivers (Whitelisted) =====================
    3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-06-22] (McAfee, Inc.)
    3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30232 2009-10-06] ()
    3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-06] ()
    3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-06-22] (McAfee, Inc.)
    3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-06-22] (McAfee, Inc.)
    3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-06-22] (McAfee, Inc.)
    0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-06-22] (McAfee, Inc.)
    3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
    1 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-06-22] (McAfee, Inc.)
    3 SaiK0728; C:\Windows\System32\Drivers\SaiK0728.sys [135168 2009-03-05] (Saitek)
    1 Beep; [x]
    3 catchme; \??\C:\ComboFix\catchme.sys [x]
    3 dump_wmimmc; \??\c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
    3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    3 mfeavfk01; [x]
    3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
    3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
    3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
    3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090527.003\ENG64.SYS [x]
    3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090527.003\EX64.SYS [x]
    3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
    1 SRTSP; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSP64.SYS [x]
    1 SRTSPX; \??\C:\Windows\system32\drivers\NISx64\1000000.07D\SRTSPX64.SYS [x]
    ==================== NetSvcs (Whitelisted) ====================

    ==================== One Month Created Files and Folders ========
    2012-11-01 20:00 - 2012-11-01 20:00 - 00000000 ____D C:\FRST
    2012-11-01 16:48 - 2012-11-01 16:48 - 01459963 ____A (Farbar) C:\Users\Clint\Downloads\FRST64.exe
    2012-10-31 00:03 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-10-31 00:03 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-10-31 00:03 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-10-31 00:03 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-10-31 00:03 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-10-31 00:03 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-10-31 00:03 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-10-31 00:03 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-10-31 00:03 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-10-31 00:03 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-10-31 00:03 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-10-31 00:03 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-10-31 00:03 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-10-31 00:03 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-10-31 00:03 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-10-31 00:03 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-10-31 00:03 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-10-31 00:03 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-10-31 00:03 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-10-31 00:03 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-10-31 00:03 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-10-31 00:03 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-10-31 00:03 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-10-31 00:03 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-10-31 00:03 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-10-31 00:03 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-10-31 00:03 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-10-31 00:03 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-10-31 00:03 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-10-31 00:03 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-10-31 00:03 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-10-31 00:03 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-10-30 20:59 - 2012-09-13 05:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-30 20:59 - 2012-09-13 05:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-30 20:59 - 2012-08-29 03:40 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-30 20:59 - 2012-08-24 08:07 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-30 20:59 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-30 20:59 - 2012-06-01 16:20 - 01268736 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-30 20:59 - 2012-06-01 16:20 - 00174592 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-30 20:59 - 2012-06-01 16:20 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-30 20:59 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-30 20:59 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-30 20:59 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-30 20:54 - 2012-10-30 20:54 - 00016782 ____A C:\ComboFix.txt
    2012-10-30 17:44 - 2012-10-30 17:44 - 04991862 ____R (Swearware) C:\Users\Clint\Desktop\ComboFix.exe
    2012-10-30 14:21 - 2012-10-30 14:42 - 04731392 ____A (AVAST Software) C:\Users\Clint\Downloads\aswMBR.exe
    2012-10-30 14:18 - 2012-10-30 14:18 - 00003786 ____A C:\Users\Clint\Desktop\RKreport[2].txt
    2012-10-30 14:16 - 2012-10-30 14:16 - 00003554 ____A C:\Users\Clint\Desktop\RKreport[1].txt
    2012-10-30 14:15 - 2012-10-30 14:17 - 00000000 ____D C:\Users\Clint\Desktop\RK_Quarantine
    2012-10-30 14:15 - 2012-10-30 14:16 - 01584640 ____A C:\Users\Clint\Downloads\RogueKiller.exe
    2012-10-29 16:53 - 2012-10-29 16:54 - 02194704 ____A C:\Users\Clint\Downloads\tdsskiller.zip
    2012-10-29 13:31 - 2012-10-29 13:31 - 00014367 ____A C:\Users\Clint\Desktop\attach.txt
    2012-10-29 13:31 - 2012-10-29 13:30 - 00019118 ____A C:\Users\Clint\Desktop\dds.txt
    2012-10-26 20:01 - 2012-10-26 20:01 - 00000000 ____D C:\Program Files (x86)\Ask.com
    2012-10-26 20:01 - 2012-10-26 20:01 - 00000000 ____D C:\Firefox
    2012-10-26 19:51 - 2012-10-26 19:51 - 00000000 ____D C:\Users\All Users\Ask
    2012-10-26 19:50 - 2012-10-26 19:50 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-10-26 19:50 - 2012-10-26 19:50 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-10-26 19:50 - 2012-10-26 19:50 - 00000000 ____D C:\Program Files (x86)\Java
    2012-10-21 17:53 - 2012-10-21 17:53 - 00000000 ____D C:\Users\Clint\AppData\Roaming\AlawarEntertainment
    2012-10-21 17:52 - 2012-10-21 17:52 - 00000147 ____A C:\Users\Clint\Desktop\Games.com.url
    2012-10-21 17:52 - 2012-10-21 17:52 - 00000000 ____D C:\Games
    2012-10-21 17:51 - 2012-10-21 17:51 - 00000000 ____D C:\Program Files (x86)\RealArcade
    2012-10-20 05:09 - 2012-10-20 05:09 - 00851640 ____A C:\Users\Clint\Desktop\Return & Exchange FAQs - BestBuy_c.mht
    ==================== 3 Months Modified Files ==================
    2012-11-01 16:55 - 2009-07-31 00:11 - 01722166 ____A C:\Windows\WindowsUpdate.log
    2012-11-01 16:55 - 2009-07-31 00:11 - 00000012 ____A C:\Windows\bthservsdp.dat
    2012-11-01 16:55 - 2006-11-02 07:42 - 00032536 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-11-01 16:55 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-11-01 16:55 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-11-01 16:55 - 2006-11-02 07:22 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-11-01 16:51 - 2006-11-02 04:46 - 00703342 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-11-01 16:49 - 2012-05-03 14:27 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-11-01 16:48 - 2012-11-01 16:48 - 01459963 ____A (Farbar) C:\Users\Clint\Downloads\FRST64.exe
    2012-11-01 16:48 - 2009-08-05 13:54 - 00114896 ____A C:\Users\Clint\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-11-01 16:12 - 2012-04-03 03:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-11-01 10:49 - 2012-05-03 14:27 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-11-01 02:36 - 2011-12-15 01:55 - 00001737 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk
    2012-10-31 00:22 - 2012-08-19 11:09 - 00015428 ____A C:\Windows\PFRO.log
    2012-10-31 00:01 - 2009-09-23 17:36 - 00001890 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-10-30 20:54 - 2012-10-30 20:54 - 00016782 ____A C:\ComboFix.txt
    2012-10-30 20:49 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
    2012-10-30 17:44 - 2012-10-30 17:44 - 04991862 ____R (Swearware) C:\Users\Clint\Desktop\ComboFix.exe
    2012-10-30 14:42 - 2012-10-30 14:21 - 04731392 ____A (AVAST Software) C:\Users\Clint\Downloads\aswMBR.exe
    2012-10-30 14:18 - 2012-10-30 14:18 - 00003786 ____A C:\Users\Clint\Desktop\RKreport[2].txt
    2012-10-30 14:16 - 2012-10-30 14:16 - 00003554 ____A C:\Users\Clint\Desktop\RKreport[1].txt
    2012-10-30 14:16 - 2012-10-30 14:15 - 01584640 ____A C:\Users\Clint\Downloads\RogueKiller.exe
    2012-10-29 16:54 - 2012-10-29 16:53 - 02194704 ____A C:\Users\Clint\Downloads\tdsskiller.zip
    2012-10-29 13:31 - 2012-10-29 13:31 - 00014367 ____A C:\Users\Clint\Desktop\attach.txt
    2012-10-29 13:30 - 2012-10-29 13:31 - 00019118 ____A C:\Users\Clint\Desktop\dds.txt
    2012-10-29 10:04 - 2012-08-19 07:37 - 00000950 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-10-28 18:05 - 2011-03-06 17:04 - 00000400 ____A C:\Windows\Tasks\EasyShare Registration Task.job
    2012-10-26 19:50 - 2012-10-26 19:50 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
    2012-10-26 19:50 - 2012-10-26 19:50 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
    2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
    2012-10-26 19:50 - 2012-10-26 19:50 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
    2012-10-26 19:50 - 2010-09-15 03:56 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
    2012-10-23 04:08 - 2012-03-06 11:16 - 00378501 ____A C:\Users\Clint\Documents\OnLine Billing 2012.xlsx
    2012-10-21 17:52 - 2012-10-21 17:52 - 00000147 ____A C:\Users\Clint\Desktop\Games.com.url
    2012-10-20 05:09 - 2012-10-20 05:09 - 00851640 ____A C:\Users\Clint\Desktop\Return & Exchange FAQs - BestBuy_c.mht
    2012-10-10 21:49 - 2012-08-30 03:11 - 00002027 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2012-10-08 20:12 - 2012-04-03 03:50 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-08 20:12 - 2011-05-26 18:33 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-09-29 16:54 - 2012-08-19 07:37 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-09-27 21:18 - 2006-11-02 04:35 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-09-26 19:14 - 2012-09-26 19:14 - 00256794 ____A C:\Users\Clint\Downloads\photo (3)
    2012-09-15 13:01 - 2012-08-19 12:00 - 00000336 ____A C:\Windows\setupact.log
    2012-09-13 05:45 - 2012-10-30 20:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-13 05:28 - 2012-10-30 20:59 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-07 04:02 - 2012-09-07 04:02 - 00000686 ____A C:\Users\Clint\Desktop\2012-2013 Football Season - master (2).xls - Shortcut.lnk
    2012-09-07 04:01 - 2012-09-07 04:01 - 00622592 ____A C:\Users\Clint\Documents\2012-2013 Football Season - master (2).xls
    2012-08-29 03:40 - 2012-10-30 20:59 - 04699520 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-24 08:07 - 2012-10-30 20:59 - 00218624 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 07:53 - 2012-10-30 20:59 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 03:15 - 2012-10-31 00:03 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-10-31 00:03 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-10-31 00:03 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-10-31 00:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-10-31 00:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-10-31 00:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-10-31 00:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-10-31 00:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-10-31 00:03 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:14 - 2012-10-31 00:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:13 - 2012-10-31 00:03 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-10-31 00:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-10-31 00:03 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-10-31 00:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-10-31 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-10-31 00:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-10-31 00:03 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-10-31 00:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-10-31 00:03 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-10-31 00:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-10-31 00:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-10-31 00:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-10-31 00:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-10-31 00:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-10-31 00:03 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:47 - 2012-10-31 00:03 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-10-31 00:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:45 - 2012-10-31 00:03 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-10-31 00:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:44 - 2012-10-31 00:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:43 - 2012-10-31 00:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-10-31 00:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-20 04:58 - 2012-08-20 04:58 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Clint\Desktop\tdsskiller.exe
    2012-08-20 04:41 - 2012-08-20 04:41 - 00000950 ____A C:\Users\Public\Desktop\Trojan Remover.lnk
    2012-08-20 04:39 - 2012-08-20 04:38 - 02208856 ____A (Kaspersky Lab ZAO) C:\Users\Clint\Downloads\tdsskiller
    2012-08-20 04:25 - 2012-01-27 05:08 - 00001919 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk
    2012-08-19 12:00 - 2012-08-19 12:00 - 00000000 ____A C:\Windows\setuperr.log
    2012-08-19 06:55 - 2012-08-19 06:55 - 00012824 ____A C:\Users\Clint\Desktop\hs_err_pid7432.log
    2012-08-16 00:26 - 2006-11-02 07:21 - 00405976 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-16 00:03 - 2012-08-16 00:03 - 00000129 ____A C:\Windows\System32\MRT.INI
    2012-08-13 18:33 - 2011-03-24 04:04 - 02198528 ____A C:\Users\Clint\Documents\OnLine Billing 2011.xls
    2012-08-12 09:20 - 2006-11-02 04:33 - 83361792 ____A C:\Windows\System32\config\software_previous
    2012-08-12 09:20 - 2006-11-02 04:33 - 55574528 ____A C:\Windows\System32\config\components_previous
    2012-08-12 09:20 - 2006-11-02 04:33 - 31457280 ____A C:\Windows\System32\config\system_previous
    2012-08-12 09:20 - 2006-11-02 04:33 - 00786432 ____A C:\Windows\System32\config\default_previous
    2012-08-12 09:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\security_previous
    2012-08-12 09:20 - 2006-11-02 04:33 - 00262144 ____A C:\Windows\System32\config\sam_previous
    2012-08-06 09:18 - 2012-08-06 09:18 - 04725168 ____R (Swearware) C:\Users\Clint\Downloads\ComboFix.exe
    2012-08-06 06:10 - 2009-08-05 17:56 - 00001356 ____A C:\Users\Clint\AppData\Local\d3d9caps.dat

    ==================== Known DLLs (Whitelisted) =================

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ==================== Restore Points =========================
    Restore point made on: 2012-09-23 21:00:24
    Restore point made on: 2012-09-24 21:00:23
    Restore point made on: 2012-09-25 21:00:22
    Restore point made on: 2012-09-27 22:37:50
    Restore point made on: 2012-09-30 12:04:06
    Restore point made on: 2012-10-01 21:00:29
    Restore point made on: 2012-10-02 21:00:23
    Restore point made on: 2012-10-03 21:00:23
    Restore point made on: 2012-10-04 21:00:23
    Restore point made on: 2012-10-05 21:42:14
    Restore point made on: 2012-10-06 21:46:53
    Restore point made on: 2012-10-07 21:00:19
    Restore point made on: 2012-10-08 21:00:19
    Restore point made on: 2012-10-09 21:00:18
    Restore point made on: 2012-10-12 20:07:47
    Restore point made on: 2012-10-13 22:22:04
    Restore point made on: 2012-10-14 13:10:32
    Restore point made on: 2012-10-15 21:00:22
    Restore point made on: 2012-10-16 21:00:21
    Restore point made on: 2012-10-17 21:00:21
    Restore point made on: 2012-10-18 21:00:22
    Restore point made on: 2012-10-19 21:00:24
    Restore point made on: 2012-10-20 21:00:22
    Restore point made on: 2012-10-21 21:00:24
    Restore point made on: 2012-10-22 21:00:22
    Restore point made on: 2012-10-23 21:00:23
    Restore point made on: 2012-10-24 21:00:22
    Restore point made on: 2012-10-25 21:00:22
    Restore point made on: 2012-10-26 19:49:42
    Restore point made on: 2012-10-26 19:50:55
    Restore point made on: 2012-10-28 13:25:15
    Restore point made on: 2012-10-29 12:27:21
    Restore point made on: 2012-10-30 17:41:52
    Restore point made on: 2012-10-31 00:00:29
    Restore point made on: 2012-10-31 21:00:23
    ==================== Memory info ===========================
    Percentage of memory in use: 9%
    Total physical RAM: 6134.26 MB
    Available physical RAM: 5579.38 MB
    Total Pagefile: 5944.15 MB
    Available Pagefile: 5548.39 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB
    ==================== Partitions =============================
    1 Drive c: (OS) (Fixed) (Total:581.1 GB) (Free:400.86 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Removable) (Total:1.86 GB) (Free:1.28 GB) FAT
    10 Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.68 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 596 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B
    Disk 5 No Media 0 B 0 B
    Disk 6 Online 1908 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 71 MB 32 KB
    Partition 2 Primary 15 GB 71 MB
    Partition 3 Primary 581 GB 15 GB
    ==================================================================================
    Disk: 0
    Partition 1
    Type : DE
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 FAT Partition 71 MB Healthy Hidden
    =========================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 X RECOVERY NTFS Partition 15 GB Healthy Boot
    =========================================================
    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C OS NTFS Partition 581 GB Healthy
    =========================================================
    Partitions of Disk 6:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1908 MB 65 KB
    ==================================================================================
    Disk: 6
    Partition 1
    Type : 06
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 D FAT Removable 1908 MB Healthy
    =========================================================
    Last Boot: 2012-11-01 12:42
    ==================== End Of Log =============================
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    It looks good.

    It seems like false alarm from Combofix.

    How is computer doing?

    =================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  17. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    Farbar Recovery Scan Tool (x64) Version: 30-10-2012
    Ran by SYSTEM at 2012-11-01 20:41:28
    Running from J:\
    ================== Search: "search" ===================
    ====== End Of Search ======
  18. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    We posted at the same time.
     
  19. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    PC's working faster. thanks.
  20. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    I get a trogan scan prompt and I got that not to long ago. My desktop changed too.
  21. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I need more details.
  22. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    Farbar Recovery Scan Tool (x64) Version: 30-10-2012
    Ran by SYSTEM at 2012-11-01 20:41:28
    Running from J:\
    ================== Search: "search" ===================
    ====== End Of Search ======
  23. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    OTL Extras logfile created on: 11/1/2012 9:00:51 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = Q:\
    64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.99 Gb Total Physical Memory | 4.55 Gb Available Physical Memory | 75.88% Memory free
    12.09 Gb Paging File | 10.25 Gb Available in Paging File | 84.75% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 581.10 Gb Total Space | 400.84 Gb Free Space | 68.98% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 7.68 Gb Free Space | 51.20% Space Free | Partition Type: NTFS
    Drive Q: | 1.86 Gb Total Space | 1.28 Gb Free Space | 68.59% Space Free | Partition Type: FAT

    Computer Name: HOME | User Name: Clint | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Scan with Trojan Remover] -- C:\Program Files (x86)\Trojan Remover\rmvtrjan.exe /d "%1" (Simply Super Software)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
    "VistaSp2" = BC A7 97 C9 8E 34 CA 01 [binary data]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "oobe_av" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
    "{257F446A-01ED-739C-16B8-237498DEDDDF}" = ccc-utility64
    "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6BE8D68C-4C81-423F-8C83-D779F801F1D1}" = Share64
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
    "{9948404D-150F-9D6C-69C3-245AC4A90E2A}" = ATI AVIVO64 Codecs
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel(R) Network Connections 13.1.33.0
    "{E4C229B2-51E3-49E7-3A42-A3B695B4E56E}" = ccc-utility64
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "CCleaner" = CCleaner
    "HP Imaging Device Functions" = HP Imaging Device Functions 9.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
    "HPOCR" = HP OCR Software 9.0
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Dell Support Center
    "PROSetDX" = Intel(R) Network Connections 13.1.33.0
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{017C30E3-AB22-4074-820D-DDDE7F0F9E83}" = Corel Digital Studio 2010
    "{00140409-78E1-11D2-B60F-006097C998E7}" = Microsoft Publisher 2000
    "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{00A5E019-BB9A-4090-87EA-4E8267CD5D79}" = Setup
    "{017C30E3-AB22-4074-820D-DDDE7F0F9E83}" = ICA
    "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
    "{0301AC02-D87B-27E9-9429-7E4BB52D9183}" = CCC Help German
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{04D5E56E-F323-27F2-C075-EF1AE9A3CF2B}" = Catalyst Control Center Graphics Light
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07288267-318E-9B78-B04E-984F9149EE24}" = Catalyst Control Center Graphics Previews Common
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
    "{0B23ACC5-88A6-FEE4-0131-8777A1BA0B68}" = Catalyst Control Center Graphics Previews Vista
    "{0CD81D7E-94E2-D230-E37E-C9B16E90D01C}" = CCC Help Italian
    "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
    "{1350DD04-57AD-6278-3F4D-D4281EEE7C5C}" = Catalyst Control Center Graphics Full New
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{16A7FAD8-EE4F-C413-8359-833A3B2D39FB}" = CCC Help Portuguese
    "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
    "{18364179-C5E5-F826-E2FC-D99D575AF997}" = Catalyst Control Center Localization All
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19023B3C-00D0-4BBD-A753-C0B068B10798}" = Gadget
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
    "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
    "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{305CAF40-92F0-12ED-8B28-926B011788E4}" = CCC Help Spanish
    "{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
    "{34D6DE28-4FD0-9CCA-CDB4-316F7B3B30B5}" = CCC Help Portuguese
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{414212D5-6E70-4CF1-97E7-B2AB77D131EA}" = DVDF10
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
    "{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{47C72DA6-E7AC-984C-5475-15A65F9B41BE}" = Catalyst Control Center Graphics Full New
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A918155-6399-4673-0D08-85A0DBEC1389}" = CCC Help Chinese Traditional
    "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{5089AEEE-052D-B75F-0B92-7CF981403025}" = Catalyst Control Center Graphics Light
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{537791BE-B032-D116-0C59-13541E17BFEA}" = CCC Help English
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
    "{54741B98-6335-43A1-C716-25B0A3C4016C}" = Catalyst Control Center Graphics Previews Common
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{58192647-B4DD-45E1-9C3C-1614B4A03897}" = 64 bit Windows Card Reader Driver
    "{5B94A120-16E7-6034-7494-22285B471EDE}" = CCC Help Hungarian
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
    "{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
    "{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
    "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{66DAE8D7-D5F7-462F-5815-102EE4B191C4}" = CCC Help Korean
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
    "{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
    "{6E9D082B-F681-64AB-48B4-F3EC05D3A83F}" = CCC Help Chinese Traditional
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{763B809A-6874-5979-CD69-39491392262C}" = Catalyst Control Center InstallProxy
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7FE440D8-8F16-24CA-81B6-7DEB4D6BF92D}" = CCC Help Hungarian
    "{81CB0C83-5928-3387-AB23-10EC5F767FA8}" = CCC Help Turkish
    "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
    "{846B1C55-76D0-0DA3-8C12-10596CBB15BD}" = CCC Help Italian
    "{846D0802-8606-7452-85FF-A71EB1B8AD6D}" = Catalyst Control Center Localization All
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
    "{88D3B829-DBA4-D839-33BF-9A5794CC21EB}" = CCC Help Chinese Standard
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8DCE118A-1F3C-B056-D2A8-F832523C357C}" = CCC Help English
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{9044B9A5-B7D7-3EA2-B20B-49A47853D62F}" = CCC Help Spanish
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{96B1A291-2654-4415-59B4-AC90D29C3E1E}" = Catalyst Control Center Core Implementation
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A968BD3-88AF-B4D0-CA9A-78F4EF9FA23B}" = CCC Help Chinese Standard
    "{9BBB19C0-1FE1-4A4E-B25F-C9E1B0497EC5}" = Shaiya(US)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A52D8A45-B3A1-0022-B096-A0033B03E01F}" = Catalyst Control Center Graphics Full Existing
    "{A54F806B-A2E1-4794-A7FE-365167EC67CB}" = Masque IGT Slots Little Green Men
    "{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
    "{A7F37935-A880-8657-79CE-F98BF3A358E1}" = CCC Help Turkish
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AE3BFAC5-A07A-7845-C576-0CB832E4B0AD}" = Skins
    "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B297076F-905F-7E13-57EF-7D254EBB7589}" = CCC Help Japanese
    "{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
    "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B4ECB428-6A8D-8D53-4E76-1CEE7AC4BF32}" = CCC Help French
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B76D6D09-16D6-DF95-F7D7-2565E88B88BA}" = Catalyst Control Center Graphics Previews Vista
    "{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
    "{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
    "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
    "{BD3E0D67-D90D-3CA6-DE34-22B56D425136}" = CCC Help Japanese
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
    "{D0EBD385-7764-402D-892C-B5EA03E0DEEC}" = VMware View Client
    "{D1B8C6AC-C4F8-E8AF-E157-AF3E16B97903}" = CCC Help French
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DC702FC1-4746-CD99-0578-02839474C2F8}" = Skins
    "{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
    "{E0EF9C75-60EA-4DFB-A537-2A9E0C2E2056}" = PSPH10
    "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E59145A6-2D21-9E5C-6551-ACA2539CDE50}" = ccc-core-static
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E89371A0-2FCD-F518-EECB-09AB27724CEE}" = CCC Help German
    "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
    "{ED06F22F-DADB-E713-2E49-EEB154950285}" = Catalyst Control Center Graphics Full Existing
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE19A4C4-AA74-4AA7-9264-B322B877BFA7}" = IPM_SU
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F6706DF9-B0B6-8496-F302-BF511197A32F}" = Catalyst Control Center Core Implementation
    "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
    "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
    "{F73459A3-36B8-42e4-A982-AAF06A44D508}" = C6200_doccd
    "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
    "{F865B0B5-0D43-2704-0B22-35C5F721374B}" = Catalyst Control Center
    "{F8B250A2-582A-6C80-108F-AA68E64A6F03}" = CCC Help Korean
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FD040188-43B3-2C49-A8BF-5B0458031AED}" = ccc-core-static
    "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
    "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
    "{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "2552d4470d494caf842cd1049c5ac579" = Age of Adventure - Playing the Hero
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop 7.0.1" = Adobe Photoshop 7.0.1
    "Akamai" = Akamai NetSession Interface Service
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "Any Video Converter_is1" = Any Video Converter 2.7.9
    "BFGC" = Big Fish Games: Game Manager
    "Canon RAW Codec" = Canon RAW Codec
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Dell Video Chat" = Dell Video Chat
    "D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
    "Diablo III" = Diablo III
    "Feeding Frenzy 2" = Feeding Frenzy 2 (remove only)
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "Half-Life" = Half-Life
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
    "Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
    "McAfee Security Scan" = McAfee Security Scan Plus
    "MSC" = McAfee Total Protection
    "Sib Icon Editor" = Sib Icon Editor
    "Sierra Utilities" = Sierra Utilities
    "Steam App 22380" = Fallout: New Vegas
    "Total Audio Converter_is1" = TotalAudioConverter
    "Trojan Remover_is1" = Trojan Remover 6.8.4
    "VLC media player" = VLC media player 1.0.1
    "Warcraft III" = Warcraft III
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Widget Engine" = Yahoo! Widgets
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "Akamai" = Akamai NetSession Interface
    "HuluDesktop" = Hulu Desktop
    "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
    "Juniper_Term_Services" = Juniper Terminal Services Client
    "Nations Photo Lab ROES" = Nations Photo Lab ROES
    "Neoteris_Host_Checker" = Juniper Networks Host Checker

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/13/2012 10:12:46 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x1ed8, application
    start time 0x01cd795db64b2206.

    Error - 8/13/2012 10:12:58 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x3a60, application
    start time 0x01cd795dbd92f6a6.

    Error - 8/13/2012 10:13:10 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x32a8, application
    start time 0x01cd795dc4d3a726.

    Error - 8/13/2012 10:13:22 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x1518, application
    start time 0x01cd795dcc1457a6.

    Error - 8/13/2012 10:13:34 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x2a24, application
    start time 0x01cd795dd360ef06.

    Error - 8/13/2012 10:13:47 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x2e60, application
    start time 0x01cd795ddaa19f86.

    Error - 8/13/2012 10:13:47 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module svchost.exe, version 6.0.6002.18111, time stamp 0x4acfb17d,
    exception code 0xc0000005, fault offset 0x00003993, process id 0x2e60, application
    start time 0x01cd795ddaa19f86.

    Error - 8/13/2012 10:13:59 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x18b4, application
    start time 0x01cd795de203a346.

    Error - 8/13/2012 10:14:11 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x2ea4, application
    start time 0x01cd795de9529c06.

    Error - 8/13/2012 10:14:24 AM | Computer Name = Home | Source = Application Error | ID = 1000
    Description = Faulting application svchost.exe, version 6.0.6002.18111, time stamp
    0x4acfb17d, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8cc5a,
    exception code 0xc0000005, fault offset 0x0001da22, process id 0x1ce8, application
    start time 0x01cd795df0a194c6.

    [ Media Center Events ]
    Error - 10/7/2009 5:43:52 PM | Computer Name = Home | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 10/26/2009 5:45:55 AM | Computer Name = Home | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/4/2012 9:14:38 AM | Computer Name = Home | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
    returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
    Description =

    Error - 11/1/2012 9:15:31 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7023
    Description =

    Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
    Description =

    Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7000
    Description =

    Error - 11/1/2012 9:50:29 PM | Computer Name = Home | Source = Service Control Manager | ID = 7003
    Description =

    Error - 11/1/2012 9:51:12 PM | Computer Name = Home | Source = Service Control Manager | ID = 7022
    Description =

    Error - 11/1/2012 9:51:12 PM | Computer Name = Home | Source = Service Control Manager | ID = 7026
    Description =

    Error - 11/1/2012 9:51:17 PM | Computer Name = Home | Source = WMPNetworkSvc | ID = 866293
    Description =


    < End of report >
  24. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    More details about the prompt? I didnt write it down or capture it sorry
  25. cjbrown

    cjbrown Newcomer, in training Topic Starter Posts: 45

    What is svchost.exe? I see a lot of them in task manager (not now, a few days ago)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.