TechSpot

Trojan.agent svchost.exe 1276

Solved
By Jeremy Hoshor
Oct 18, 2012
  1. It appears I have the rootkit virus disguised as svchost.exe. I cannot boot into normal mode, as I get a blue almost immediately after logging in.

    A scan in safe mode using MalwareBytes shows two entries showing the Trojan.Agent, c:\windows\svchost.exe as both a file and a memory process. MalwareBytes attempts to clean, but upon a reboot and a rescan, the instances reappear. I have not posted any logs, because I cannot get to the internet. Should I risk using a flash drive with this virus situation?

    Any help is much appreciated.


    Thanks,

    Jeremy
     
  2. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    I cannot access Normal mode. Is it safe to use a usb flash drive to work on this?
     
  4. Broni

    Broni Malware Annihilator Posts: 46,861   +254

  5. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.23.07

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Deborah A Baines :: DEBORAHABAINES [administrator]

    10/18/2012 7:27:44 PM
    mbam-log-2012-10-18 (19-36-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203186
    Time elapsed: 5 minute(s), 24 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 1276 -> No action taken.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

    (end)
     
  6. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-10-18 22:25:13
    Windows 6.1.7601 Service Pack 1
    Running: t18ws0mr.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c812a0
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38c812a0@0015d35b2019 0x72 0x88 0xE8 0x9E ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c812a0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38c812a0@0015d35b2019 0x72 0x88 0xE8 0x9E ...
    ---- EOF - GMER 1.0.15 ----
     
  7. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-10-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/17/2011 5:31:08 PM
    System Uptime: 10/18/2012 8:35:39 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0WXY9J
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU 1 | 2400/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 332.727 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: McAfee Inc. mfehidk
    Device ID: ROOT\LEGACY_MFEHIDK\0000
    Manufacturer:
    Name: McAfee Inc. mfehidk
    PNP Device ID: ROOT\LEGACY_MFEHIDK\0000
    Service: mfehidk
    .
    ==== System Restore Points ===================
    .
    RP137: 9/12/2012 8:47:26 PM - Windows Update
    RP138: 9/18/2012 9:59:44 PM - Windows Update
    RP139: 9/21/2012 10:28:21 PM - Windows Update
    RP140: 9/28/2012 7:38:50 PM - Windows Update
    RP141: 9/29/2012 11:12:23 PM - Installed iCloud
    RP142: 10/7/2012 9:23:17 AM - Scheduled Checkpoint
    RP143: 10/10/2012 11:07:49 PM - Windows Update
    RP144: 10/17/2012 7:58:39 PM - Installed Java(TM) 6 Update 37
    RP145: 10/17/2012 8:15:55 PM - Windows Update
    RP146: 10/17/2012 9:19:00 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Absolute Notifier
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1
    Advanced Audio FX Engine
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    AutoSave Essentials
    Avanquest update
    Battleship Fleet Command (remove only)
    Bonjour
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Consumer In-Home Service Agreement
    Cozi
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Dock
    Dell Getting Started Guide
    Dell Support Center
    Dell Webcam Central
    DW WLAN Card Utility
    Google Chrome
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToAssist 8.0.0.514
    HoMedics or Walgreens Blood Pressure Monitor v2.2.9
    HP Deskjet 3050A J611 series Basic Device Software
    iCloud
    IDT Audio
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 22 (64-bit)
    Java(TM) 6 Update 31
    Jewel Quest III (remove only)
    Jewel Quest Solitaire II (remove only)
    Jojos Fashion Show (remove only)
    Junk Mail filter update
    Live! Cam Avatar Creator
    Mah Jong Quest III (remove only)
    Mahjongg - Ancient Egypt
    Malwarebytes Anti-Malware version 1.61.0.1400
    McAfee Security Scan Plus
    McAfee SecurityCenter
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft HealthVault Connection Center
    Microsoft HealthVault Connection Center Configuration
    Microsoft Office 2010
    Microsoft PowerPoint Viewer
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MobileMe Control Panel
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MyInvoices & Estimates Deluxe
    MyLabel Designer Deluxe
    Neat
    Neat ADF Scanner 2008 Driver
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner (Silver) Driver
    Neat Mobile Scanner 2008 Driver
    Neat Mobile Scanner Driver
    Newsflash
    OpenOffice.org 3.3
    Polly Pride Pet Detective (remove only)
    Proclaim
    Quicken 2011
    Quickset64
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek USB 2.0 Card Reader
    RealUpgrade 1.1
    Roxio Burn
    Safari
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Send To Neat
    Skype Toolbars
    Skype™ 4.2
    Synaptics Pointing Device Driver
    Text Express 2 Deluxe
    TurboTax 2010
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wneiper
    TurboTax 2010 wrapper
    TVgnome Toolbar
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    WATCH FREE TV
    WIDCOMM Bluetooth Software
    WildTangent Games
    Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/18/2012 8:45:03 PM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/18/2012 8:40:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    10/18/2012 8:40:04 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    10/18/2012 8:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/18/2012 8:38:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/18/2012 8:37:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/18/2012 8:37:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/18/2012 8:37:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/18/2012 8:37:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/18/2012 8:36:38 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AutoSave DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:36 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:33 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/18/2012 8:36:33 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:36:33 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:36:33 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:36:33 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2012 8:35:03 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The pipe has been ended.
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7038] - The NlaSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7038] - The mfevtp service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7000] - The Program Compatibility Assistant Service service failed to start due to the following error: A system shutdown is in progress.
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7000] - The Network Location Awareness service failed to start due to the following error: The service did not start due to a logon failure.
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7000] - The McAfee Validation Trust Protection Service service failed to start due to the following error: The service did not start due to a logon failure.
    10/18/2012 8:34:51 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The pipe has been ended.
    10/18/2012 8:34:49 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The pipe has been ended.
    10/18/2012 8:34:34 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    10/18/2012 8:33:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800034bd4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101812-64147-01.
    10/18/2012 10:26:45 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/17/2012 9:49:36 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807898c800, 0x0000000000000001, 0xfffffa8004ac82e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-36722-01.
    10/17/2012 9:45:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
    10/17/2012 9:44:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807834ea00, 0x0000000000000001, 0xfffffa8004a9e2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-31621-01.
    10/17/2012 9:40:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807fca8c00, 0x0000000000000001, 0xfffffa8004b162e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-31871-01.
    10/17/2012 9:35:19 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff880765b1e00, 0x0000000000000001, 0xfffffa8006f1c2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-40809-01.
    10/17/2012 9:25:44 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    10/17/2012 9:20:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2749655).
    10/17/2012 9:20:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2739159).
    10/17/2012 9:20:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2731771).
    10/17/2012 9:20:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2661254).
    10/17/2012 9:20:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Windows 7 for x64-based Systems (KB2743555).
    10/17/2012 9:19:08 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88075316400, 0x0000000000000001, 0xfffffa8006f772e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-41137-01.
    10/17/2012 9:13:51 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807521f600, 0x0000000000000001, 0xfffffa8006f3b2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-35006-01.
    10/17/2012 9:13:22 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..
    10/17/2012 9:10:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88077c36800, 0x0000000000000001, 0xfffffa8006f452e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-37627-01.
    10/17/2012 8:51:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/17/2012 8:49:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88075189400, 0x0000000000000001, 0xfffffa8006f2d2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-50747-01.
    10/17/2012 8:46:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    10/17/2012 8:46:49 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/17/2012 8:31:25 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff800034af4aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-35256-01.
    10/17/2012 8:27:20 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88075347c00, 0x0000000000000001, 0xfffffa8006f0b2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-45115-01.
    10/17/2012 10:15:30 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800037906ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101712-54725-01.
    .
    ==== End Of File ===========================
     
  8. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    DDS (Ver_2012-10-19.01) - NTFS_AMD64 MINIMAL
    Internet Explorer: 9.0.8112.16421
    Run by Deborah A Baines at 22:27:26 on 2012-10-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3107 [GMT -5:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: TVgnome Toolbar: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll
    mURLSearchHooks: TVgnome Toolbar: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\MSK\mskapbho.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120509213204.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: TVgnome Toolbar: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: TVgnome Toolbar: {B2AB0CC4-22F9-47A4-BBAA-A23BD1B30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: TVgnome Toolbar: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [AutoSave] C:\Program Files (x86)\Avanquest\AutoSaveEssentials\Autosave Essentials.exe
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
    mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    StartupFolder: C:\Users\DEBORA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
    StartupFolder: C:\Users\DEBORA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exe
    StartupFolder: C:\Users\DEBORA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MEDAPP~1.LNK - C:\Windows\Installer\{057FC282-826A-41E4-B6D9-9E6BCFD8B8E3}\_11C58EEF5D7511CC7409FC.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NEWSFL~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\Newsflsh.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\147696E676055726C69636 : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\265736B6778647D27657563747 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\2716D6962756A7 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\4556368602C416260282351647028392 : DHCPNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\8616D626572776C65627D27657563747 : DHCPNameServer = 76.85.229.110 76.85.229.111
    TCP: Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}\C4C402F46666963656A3021637B60235F6D6D6562756270243020737772746 : DHCPNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{C22CB225-7C34-4F45-8D58-C1DBD1404E25} : DHCPNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
    x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120509213204.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
    x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-25 289664]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-14 55280]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-14 56344]
    S0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-10-13 647208]
    S1 AutoSave;AutoSave;C:\Windows\System32\drivers\AutoSave.sys [2009-8-13 36896]
    S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\System32\drivers\mfenlfk.sys [2011-2-25 75936]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    S2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-8 10408]
    S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-1-14 89600]
    S2 Agent;Agent;C:\Windows\agent_x64.exe [2012-4-1 102912]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-14 13336]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-7 249936]
    S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-7 249936]
    S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-7 249936]
    S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-11-7 249936]
    S2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-25 199272]
    S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-25 210584]
    S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-25 162192]
    S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-1-14 1692480]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-1-14 2320920]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-9-10 250056]
    S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-1-14 20984]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-1-14 53800]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-1-14 35104]
    S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-2-25 65264]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-14 172704]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-8 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-11 136176]
    S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-14 158976]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-14 289280]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
    S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-2-25 229528]
    S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-2-25 487296]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-25 100912]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-14 232480]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-1-14 325152]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-10 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-19 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-19 01:01:55--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{A3FF3C13-C69E-47F6-8D77-B3991AF46EB9}
    2012-10-19 00:46:1520480----a-w-C:\Windows\svchost.exe
    2012-10-18 02:19:36--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{F9C9F38C-5E64-41CB-9E26-33959215D7B1}
    2012-10-18 00:49:52--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{2210E145-B398-4B39-8469-D3F36D66E4A5}
    2012-10-11 04:46:17--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{E3961E9D-4385-4AD0-8DD6-4107B5E2E8BE}
    2012-10-11 00:42:315632----a-w-C:\ProgramData\Microsoft\Windows\DRM\D692.tmp
    2012-10-11 00:42:315632----a-w-C:\ProgramData\Microsoft\Windows\DRM\D682.tmp
    2012-10-10 23:04:17--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{F30E7710-7013-45C8-81F5-7366700DCA6C}
    2012-10-07 13:20:42--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{9AD571B1-1C56-45C7-B9FF-9FC05BB85CFB}
    2012-10-07 01:17:57--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{0559C8EA-572B-4F6D-9253-A2E31C3294A8}
    2012-10-06 11:42:01--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{319D4C9F-84CA-4FD1-99D0-93452D6FF74D}
    2012-10-04 23:21:43--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{0BD82A8E-89F7-4D3C-A53C-C1959BD362DB}
    2012-10-03 21:09:06--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{288BDB32-813F-4076-A154-1FC6E614930C}
    2012-10-02 21:07:14--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{D68BF2D4-15DA-418B-B267-6E8E02B0BAED}
    2012-10-02 13:20:50--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{4185DB19-85C7-412A-B951-181577CB66C4}
    2012-10-02 01:20:11--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{DDF2049C-E4EE-4757-B873-652DDC632B0F}
    2012-10-01 02:07:37--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{E38B21A9-806E-45F5-B47F-C86106A94B1C}
    2012-09-30 21:52:30--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{CA771F56-8A0E-40EB-A73B-0BACC5A3F33C}
    2012-09-30 04:14:49--------d-----w-C:\Program Files (x86)\bSaving
    2012-09-30 04:05:28--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{2437A9E9-3E5F-426E-B793-2154A2606D23}
    2012-09-29 00:37:30--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{88850BE2-1CCD-4524-810F-D8DFB634B9C8}
    2012-09-26 01:40:37--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{7E107019-72D9-46DD-AAEA-D7B8A4A399D9}
    2012-09-25 01:49:19--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{42E2F4E0-382E-4E25-9EC4-BB98D1E591DB}
    2012-09-24 23:54:10--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{B478F141-A80C-40EC-A24B-A03A72FB2BDD}
    2012-09-23 02:23:30--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{50C8FEAA-B9FC-431D-BB25-85317E266851}
    2012-09-22 14:04:43--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{82232CBD-9474-45E6-8409-6B86EC596098}
    2012-09-22 02:39:17--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{459E72CE-AF3F-40D7-B8A3-6AADA3BB15EE}
    2012-09-21 03:29:11--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{BB4AE6B0-57AF-41A6-9A84-F4F5258F5414}
    2012-09-19 23:59:06--------d-----w-C:\Users\Deborah A Baines\AppData\Local\{2075E681-E8BD-4D00-85DA-05347398DA44}
    .
    ==================== Find3M ====================
    .
    2012-09-10 19:32:1270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-10 19:32:12426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    .
    ============= FINISH: 22:28:02.93 ===============
     
  9. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  10. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    19:22:34.0148 1992 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
    19:22:34.0319 1992 ============================================================
    19:22:34.0319 1992 Current date / time: 2012/10/19 19:22:34.0319
    19:22:34.0319 1992 SystemInfo:
    19:22:34.0319 1992
    19:22:34.0319 1992 OS Version: 6.1.7601 ServicePack: 1.0
    19:22:34.0319 1992 Product type: Workstation
    19:22:34.0319 1992 ComputerName: DEBORAHABAINES
    19:22:34.0319 1992 UserName: Deborah A Baines
    19:22:34.0319 1992 Windows directory: C:\Windows
    19:22:34.0319 1992 System windows directory: C:\Windows
    19:22:34.0319 1992 Running under WOW64
    19:22:34.0319 1992 Processor architecture: Intel x64
    19:22:34.0319 1992 Number of processors: 4
    19:22:34.0319 1992 Page size: 0x1000
    19:22:34.0319 1992 Boot type: Safe boot
    19:22:34.0319 1992 ============================================================
    19:22:35.0442 1992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:22:35.0442 1992 Drive \Device\Harddisk1\DR1 - Size: 0xF2300000 (3.78 Gb), SectorSize: 0x200, Cylinders: 0x1ED, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:22:35.0442 1992 ============================================================
    19:22:35.0442 1992 \Device\Harddisk0\DR0:
    19:22:35.0442 1992 MBR partitions:
    19:22:35.0442 1992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
    19:22:35.0442 1992 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
    19:22:35.0442 1992 \Device\Harddisk1\DR1:
    19:22:35.0442 1992 MBR partitions:
    19:22:35.0442 1992 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x78F880
    19:22:35.0442 1992 ============================================================
    19:22:35.0458 1992 C: <-> \Device\Harddisk0\DR0\Partition2
    19:22:35.0458 1992 ============================================================
    19:22:35.0458 1992 Initialize success
    19:22:35.0458 1992 ============================================================
    19:22:39.0639 2024 ============================================================
    19:22:39.0639 2024 Scan started
    19:22:39.0639 2024 Mode: Manual;
    19:22:39.0639 2024 ============================================================
    19:22:40.0138 2024 ================ Scan system memory ========================
    19:22:40.0138 2024 System memory - ok
    19:22:40.0138 2024 ================ Scan services =============================
    19:22:40.0372 2024 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:22:40.0372 2024 1394ohci - ok
    19:22:40.0466 2024 [ 426E0E8127BAC7D5DDEE8251F104E053 ] AbsoluteNotifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
    19:22:40.0466 2024 AbsoluteNotifier - ok
    19:22:40.0512 2024 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:22:40.0512 2024 ACPI - ok
    19:22:40.0559 2024 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:22:40.0559 2024 AcpiPmi - ok
    19:22:40.0715 2024 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:22:40.0762 2024 AdobeFlashPlayerUpdateSvc - ok
    19:22:40.0824 2024 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:22:40.0840 2024 adp94xx - ok
    19:22:40.0887 2024 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:22:40.0887 2024 adpahci - ok
    19:22:40.0934 2024 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:22:40.0949 2024 adpu320 - ok
    19:22:40.0980 2024 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:22:40.0996 2024 AeLookupSvc - ok
    19:22:41.0090 2024 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
    19:22:41.0090 2024 AESTFilters - ok
    19:22:41.0168 2024 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:22:41.0168 2024 AFD - ok
    19:22:41.0214 2024 [ 6953D8D79A275EAD9DA145982981236B ] Agent C:\Windows\agent_x64.exe
    19:22:41.0214 2024 Agent - ok
    19:22:41.0261 2024 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:22:41.0261 2024 agp440 - ok
    19:22:41.0292 2024 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:22:41.0292 2024 ALG - ok
    19:22:41.0604 2024 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:22:41.0604 2024 aliide - ok
    19:22:41.0698 2024 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:22:41.0698 2024 amdide - ok
    19:22:41.0729 2024 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:22:41.0729 2024 AmdK8 - ok
    19:22:41.0729 2024 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:22:41.0745 2024 AmdPPM - ok
    19:22:41.0792 2024 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:22:41.0792 2024 amdsata - ok
    19:22:41.0823 2024 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:22:41.0823 2024 amdsbs - ok
    19:22:41.0854 2024 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:22:41.0854 2024 amdxata - ok
    19:22:41.0901 2024 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:22:41.0901 2024 AppID - ok
    19:22:41.0932 2024 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:22:41.0932 2024 AppIDSvc - ok
    19:22:41.0979 2024 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:22:41.0979 2024 Appinfo - ok
    19:22:42.0088 2024 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:22:42.0104 2024 Apple Mobile Device - ok
    19:22:42.0150 2024 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:22:42.0150 2024 arc - ok
    19:22:42.0166 2024 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:22:42.0166 2024 arcsas - ok
    19:22:42.0197 2024 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:22:42.0197 2024 AsyncMac - ok
    19:22:42.0244 2024 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:22:42.0244 2024 atapi - ok
    19:22:42.0291 2024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:22:42.0306 2024 AudioEndpointBuilder - ok
    19:22:42.0322 2024 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:22:42.0322 2024 AudioSrv - ok
    19:22:42.0431 2024 [ FB0DA46CD04E1A0EF3FE86D6E7C6C371 ] AutoSave C:\Windows\system32\DRIVERS\AutoSave.sys
    19:22:42.0431 2024 AutoSave - ok
    19:22:42.0494 2024 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:22:42.0494 2024 AxInstSV - ok
    19:22:42.0556 2024 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:22:42.0572 2024 b06bdrv - ok
    19:22:42.0634 2024 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:22:42.0650 2024 b57nd60a - ok
    19:22:42.0696 2024 [ AC4E2D84DE54CD3A013AEFF0CC56095C ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
    19:22:42.0696 2024 BCM42RLY - ok
    19:22:42.0774 2024 [ 8B5D16D20774FC3727F44E161BE2C0AC ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    19:22:42.0837 2024 BCM43XX - ok
    19:22:42.0946 2024 [ D224B2E6BB543F1D8F1177D57FEC2950 ] BcmVWL C:\Windows\system32\DRIVERS\bcmvwl64.sys
    19:22:42.0946 2024 BcmVWL - ok
    19:22:42.0962 2024 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:22:42.0962 2024 BDESVC - ok
    19:22:43.0040 2024 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:22:43.0040 2024 Beep - ok
    19:22:43.0118 2024 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:22:43.0118 2024 BFE - ok
    19:22:43.0227 2024 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:22:43.0289 2024 BITS - ok
    19:22:43.0320 2024 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:22:43.0320 2024 blbdrive - ok
    19:22:43.0398 2024 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:22:43.0414 2024 Bonjour Service - ok
    19:22:43.0476 2024 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:22:43.0476 2024 bowser - ok
    19:22:43.0539 2024 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:22:43.0539 2024 BrFiltLo - ok
    19:22:43.0554 2024 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:22:43.0554 2024 BrFiltUp - ok
    19:22:43.0586 2024 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:22:43.0586 2024 Browser - ok
    19:22:43.0601 2024 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:22:43.0601 2024 Brserid - ok
    19:22:43.0648 2024 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:22:43.0648 2024 BrSerWdm - ok
    19:22:43.0664 2024 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:22:43.0664 2024 BrUsbMdm - ok
    19:22:43.0679 2024 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:22:43.0679 2024 BrUsbSer - ok
    19:22:43.0742 2024 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    19:22:43.0742 2024 BthEnum - ok
    19:22:43.0773 2024 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:22:43.0773 2024 BTHMODEM - ok
    19:22:43.0788 2024 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    19:22:43.0788 2024 BthPan - ok
    19:22:43.0835 2024 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
    19:22:43.0851 2024 BTHPORT - ok
    19:22:43.0898 2024 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:22:43.0898 2024 bthserv - ok
    19:22:43.0960 2024 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
    19:22:43.0960 2024 BTHUSB - ok
    19:22:43.0976 2024 [ D3466F77C2C49C6E393BA5FBA963A33E ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
    19:22:43.0976 2024 btusbflt - ok
    19:22:44.0038 2024 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    19:22:44.0038 2024 btwaudio - ok
    19:22:44.0085 2024 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    19:22:44.0085 2024 btwavdt - ok
    19:22:44.0147 2024 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    19:22:44.0163 2024 btwdins - ok
    19:22:44.0225 2024 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    19:22:44.0225 2024 btwl2cap - ok
    19:22:44.0241 2024 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    19:22:44.0241 2024 btwrchid - ok
    19:22:44.0272 2024 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:22:44.0272 2024 cdfs - ok
    19:22:44.0319 2024 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:22:44.0319 2024 cdrom - ok
    19:22:44.0366 2024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:22:44.0366 2024 CertPropSvc - ok
    19:22:44.0428 2024 [ 274CE03459896006F7A5069266E0469E ] cfwids C:\Windows\system32\drivers\cfwids.sys
    19:22:44.0428 2024 cfwids - ok
    19:22:44.0475 2024 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:22:44.0475 2024 circlass - ok
    19:22:44.0506 2024 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:22:44.0522 2024 CLFS - ok
    19:22:44.0600 2024 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:22:44.0615 2024 clr_optimization_v2.0.50727_32 - ok
    19:22:44.0646 2024 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:22:44.0662 2024 clr_optimization_v2.0.50727_64 - ok
    19:22:44.0771 2024 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:22:44.0818 2024 clr_optimization_v4.0.30319_32 - ok
    19:22:44.0912 2024 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:22:44.0912 2024 clr_optimization_v4.0.30319_64 - ok
    19:22:44.0958 2024 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:22:44.0958 2024 CmBatt - ok
    19:22:44.0990 2024 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:22:44.0990 2024 cmdide - ok
    19:22:45.0021 2024 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:22:45.0036 2024 CNG - ok
    19:22:45.0068 2024 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:22:45.0068 2024 Compbatt - ok
    19:22:45.0114 2024 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:22:45.0114 2024 CompositeBus - ok
    19:22:45.0130 2024 COMSysApp - ok
    19:22:45.0146 2024 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:22:45.0146 2024 crcdisk - ok
    19:22:45.0192 2024 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:22:45.0192 2024 CryptSvc - ok
    19:22:45.0255 2024 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys
    19:22:45.0255 2024 CtClsFlt - ok
    19:22:45.0317 2024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:22:45.0333 2024 DcomLaunch - ok
    19:22:45.0395 2024 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:22:45.0395 2024 defragsvc - ok
    19:22:45.0458 2024 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:22:45.0458 2024 DfsC - ok
    19:22:45.0520 2024 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:22:45.0520 2024 Dhcp - ok
    19:22:45.0567 2024 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:22:45.0567 2024 discache - ok
    19:22:45.0598 2024 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:22:45.0598 2024 Disk - ok
    19:22:45.0645 2024 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:22:45.0645 2024 Dnscache - ok
    19:22:45.0723 2024 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
    19:22:45.0723 2024 DockLoginService - ok
    19:22:45.0785 2024 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:22:45.0785 2024 dot3svc - ok
    19:22:45.0816 2024 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:22:45.0816 2024 DPS - ok
    19:22:45.0863 2024 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:22:45.0863 2024 drmkaud - ok
    19:22:45.0910 2024 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:22:45.0926 2024 DXGKrnl - ok
    19:22:45.0988 2024 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:22:45.0988 2024 EapHost - ok
    19:22:46.0050 2024 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:22:46.0128 2024 ebdrv - ok
    19:22:46.0160 2024 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:22:46.0160 2024 EFS - ok
    19:22:46.0222 2024 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:22:46.0222 2024 ehRecvr - ok
    19:22:46.0253 2024 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:22:46.0253 2024 ehSched - ok
    19:22:46.0316 2024 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:22:46.0316 2024 elxstor - ok
    19:22:46.0362 2024 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:22:46.0362 2024 ErrDev - ok
    19:22:46.0425 2024 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:22:46.0425 2024 EventSystem - ok
    19:22:46.0440 2024 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:22:46.0440 2024 exfat - ok
    19:22:46.0487 2024 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:22:46.0487 2024 fastfat - ok
    19:22:46.0550 2024 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:22:46.0565 2024 Fax - ok
    19:22:46.0596 2024 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:22:46.0596 2024 fdc - ok
    19:22:46.0628 2024 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:22:46.0628 2024 fdPHost - ok
    19:22:46.0643 2024 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:22:46.0643 2024 FDResPub - ok
    19:22:46.0659 2024 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:22:46.0659 2024 FileInfo - ok
    19:22:46.0674 2024 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:22:46.0674 2024 Filetrace - ok
    19:22:46.0721 2024 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:22:46.0721 2024 flpydisk - ok
    19:22:46.0768 2024 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:22:46.0784 2024 FltMgr - ok
    19:22:46.0815 2024 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:22:46.0846 2024 FontCache - ok
    19:22:46.0908 2024 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:22:46.0908 2024 FontCache3.0.0.0 - ok
    19:22:46.0940 2024 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:22:46.0940 2024 FsDepends - ok
    19:22:46.0986 2024 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    19:22:46.0986 2024 fssfltr - ok
    19:22:47.0096 2024 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    19:22:47.0127 2024 fsssvc - ok
    19:22:47.0158 2024 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:22:47.0158 2024 Fs_Rec - ok
    19:22:47.0220 2024 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:22:47.0220 2024 fvevol - ok
    19:22:47.0252 2024 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:22:47.0252 2024 gagp30kx - ok
    19:22:47.0298 2024 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:22:47.0298 2024 GEARAspiWDM - ok
    19:22:47.0345 2024 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
    19:22:47.0345 2024 GoToAssist - ok
    19:22:47.0392 2024 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:22:47.0408 2024 gpsvc - ok
    19:22:47.0548 2024 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:22:47.0548 2024 gupdate - ok
    19:22:47.0579 2024 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:22:47.0595 2024 gupdatem - ok
    19:22:47.0657 2024 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:22:47.0657 2024 gusvc - ok
    19:22:47.0688 2024 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:22:47.0688 2024 hcw85cir - ok
    19:22:47.0735 2024 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:22:47.0735 2024 HdAudAddService - ok
    19:22:47.0766 2024 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:22:47.0766 2024 HDAudBus - ok
    19:22:47.0829 2024 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    19:22:47.0829 2024 HECIx64 - ok
    19:22:47.0829 2024 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:22:47.0844 2024 HidBatt - ok
    19:22:47.0860 2024 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:22:47.0860 2024 HidBth - ok
    19:22:47.0860 2024 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:22:47.0860 2024 HidIr - ok
    19:22:47.0907 2024 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:22:47.0907 2024 hidserv - ok
    19:22:47.0969 2024 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:22:47.0969 2024 HidUsb - ok
    19:22:48.0016 2024 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:22:48.0016 2024 hkmsvc - ok
    19:22:48.0063 2024 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:22:48.0063 2024 HomeGroupListener - ok
    19:22:48.0110 2024 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:22:48.0110 2024 HomeGroupProvider - ok
    19:22:48.0141 2024 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:22:48.0156 2024 HpSAMD - ok
    19:22:48.0203 2024 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:22:48.0203 2024 HTTP - ok
    19:22:48.0281 2024 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:22:48.0281 2024 hwpolicy - ok
    19:22:48.0344 2024 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:22:48.0344 2024 i8042prt - ok
    19:22:48.0406 2024 [ 2064090C9FAAD92C090D77E50E735B2E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    19:22:48.0406 2024 iaStor - ok
    19:22:48.0484 2024 [ A9BE186ABF28B3D3D698CB855EDF457E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    19:22:48.0484 2024 IAStorDataMgrSvc - ok
    19:22:48.0531 2024 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:22:48.0546 2024 iaStorV - ok
    19:22:48.0624 2024 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:22:48.0640 2024 idsvc - ok
    19:22:48.0874 2024 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:22:49.0046 2024 igfx - ok
    19:22:49.0077 2024 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:22:49.0077 2024 iirsp - ok
    19:22:49.0124 2024 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:22:49.0139 2024 IKEEXT - ok
    19:22:49.0186 2024 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    19:22:49.0186 2024 Impcd - ok
    19:22:49.0233 2024 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    19:22:49.0233 2024 IntcDAud - ok
    19:22:49.0280 2024 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:22:49.0280 2024 intelide - ok
    19:22:49.0311 2024 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:22:49.0311 2024 intelppm - ok
    19:22:49.0404 2024 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    19:22:49.0404 2024 IntuitUpdateService - ok
    19:22:49.0436 2024 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:22:49.0436 2024 IPBusEnum - ok
    19:22:49.0467 2024 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:22:49.0467 2024 IpFilterDriver - ok
    19:22:49.0514 2024 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:22:49.0529 2024 iphlpsvc - ok
    19:22:49.0576 2024 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:22:49.0576 2024 IPMIDRV - ok
    19:22:49.0607 2024 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:22:49.0607 2024 IPNAT - ok
    19:22:49.0701 2024 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:22:49.0732 2024 iPod Service - ok
    19:22:49.0763 2024 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:22:49.0779 2024 IRENUM - ok
    19:22:49.0794 2024 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:22:49.0794 2024 isapnp - ok
    19:22:49.0841 2024 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:22:49.0841 2024 iScsiPrt - ok
    19:22:49.0904 2024 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    19:22:49.0904 2024 kbdclass - ok
    19:22:49.0950 2024 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    19:22:49.0950 2024 kbdhid - ok
    19:22:49.0966 2024 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:22:49.0966 2024 KeyIso - ok
    19:22:49.0997 2024 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:22:50.0013 2024 KSecDD - ok
    19:22:50.0044 2024 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:22:50.0044 2024 KSecPkg - ok
    19:22:50.0075 2024 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:22:50.0075 2024 ksthunk - ok
    19:22:50.0122 2024 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:22:50.0122 2024 KtmRm - ok
    19:22:50.0200 2024 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:22:50.0200 2024 LanmanServer - ok
    19:22:50.0278 2024 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:22:50.0278 2024 LanmanWorkstation - ok
    19:22:50.0340 2024 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:22:50.0340 2024 lltdio - ok
    19:22:50.0372 2024 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:22:50.0372 2024 lltdsvc - ok
    19:22:50.0418 2024 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:22:50.0418 2024 lmhosts - ok
    19:22:50.0465 2024 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    19:22:50.0481 2024 LMS - ok
    19:22:50.0512 2024 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:22:50.0512 2024 LSI_FC - ok
    19:22:50.0528 2024 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:22:50.0528 2024 LSI_SAS - ok
    19:22:50.0543 2024 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:22:50.0543 2024 LSI_SAS2 - ok
    19:22:50.0559 2024 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:22:50.0559 2024 LSI_SCSI - ok
    19:22:50.0606 2024 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:22:50.0606 2024 luafv - ok
    19:22:50.0699 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0699 2024 McAfee SiteAdvisor Service - ok
    19:22:50.0793 2024 [ FD3AD5E1ECDAA94A89D6697F5C5465D6 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe
    19:22:50.0793 2024 McComponentHostService - ok
    19:22:50.0840 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0840 2024 McMPFSvc - ok
    19:22:50.0871 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0871 2024 mcmscsvc - ok
    19:22:50.0871 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0871 2024 McNaiAnn - ok
    19:22:50.0902 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0902 2024 McNASvc - ok
    19:22:50.0980 2024 [ DD01BF24DD6BF70A90549F9A7BB2D1EB ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
    19:22:50.0980 2024 McODS - ok
    19:22:50.0996 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:50.0996 2024 McProxy - ok
    19:22:51.0074 2024 [ E998E3B12101288D716558466CBF6AE1 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
     
  11. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    19:22:51.0074 2024 McShield - ok
    19:22:51.0136 2024 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:22:51.0136 2024 Mcx2Svc - ok
    19:22:51.0183 2024 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:22:51.0183 2024 megasas - ok
    19:22:51.0183 2024 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:22:51.0183 2024 MegaSR - ok
    19:22:51.0230 2024 [ 01884CB7655C8908B43FF5E364FE6FD2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
    19:22:51.0230 2024 mfeapfk - ok
    19:22:51.0276 2024 [ DAB9A9CDFB04E4D68924492AA043019D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
    19:22:51.0276 2024 mfeavfk - ok
    19:22:51.0339 2024 [ B26782C3D6045B4464017D7926877560 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    19:22:51.0339 2024 mfefire - ok
    19:22:51.0401 2024 [ CE9A3680675C0907ADE16404CA967B49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
    19:22:51.0417 2024 mfefirek - ok
    19:22:51.0479 2024 [ 60CF67458DD29CD17E77F2327B1A9A54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
    19:22:51.0479 2024 mfehidk - ok
    19:22:51.0557 2024 [ A8129CFB919347F8533C934B365E9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
    19:22:51.0557 2024 mfenlfk - ok
    19:22:51.0588 2024 [ 5041FA2BD2B3A2693B015771BFBF6DCA ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
    19:22:51.0588 2024 mferkdet - ok
    19:22:51.0635 2024 [ 723A5EB6CEF7F408C3D0F15A82A6BFF8 ] mfevtp C:\Windows\system32\mfevtps.exe
    19:22:51.0635 2024 mfevtp - ok
    19:22:51.0682 2024 [ 919C56DB14A0E1E2AB6DA5D2821DC26E ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
    19:22:51.0682 2024 mfewfpk - ok
    19:22:51.0729 2024 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:22:51.0729 2024 MMCSS - ok
    19:22:51.0744 2024 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:22:51.0760 2024 Modem - ok
    19:22:51.0776 2024 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:22:51.0791 2024 monitor - ok
    19:22:51.0822 2024 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:22:51.0822 2024 mouclass - ok
    19:22:51.0869 2024 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:22:51.0869 2024 mouhid - ok
    19:22:51.0916 2024 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:22:51.0916 2024 mountmgr - ok
    19:22:51.0947 2024 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:22:51.0963 2024 mpio - ok
    19:22:51.0978 2024 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:22:51.0994 2024 mpsdrv - ok
    19:22:52.0025 2024 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:22:52.0041 2024 MpsSvc - ok
    19:22:52.0072 2024 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:22:52.0088 2024 MRxDAV - ok
    19:22:52.0119 2024 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:22:52.0119 2024 mrxsmb - ok
    19:22:52.0166 2024 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:22:52.0166 2024 mrxsmb10 - ok
    19:22:52.0197 2024 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:22:52.0197 2024 mrxsmb20 - ok
    19:22:52.0244 2024 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:22:52.0244 2024 msahci - ok
    19:22:52.0290 2024 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:22:52.0290 2024 msdsm - ok
    19:22:52.0337 2024 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:22:52.0337 2024 MSDTC - ok
    19:22:52.0415 2024 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:22:52.0415 2024 Msfs - ok
    19:22:52.0415 2024 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:22:52.0431 2024 mshidkmdf - ok
    19:22:52.0462 2024 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:22:52.0462 2024 msisadrv - ok
    19:22:52.0524 2024 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:22:52.0524 2024 MSiSCSI - ok
    19:22:52.0524 2024 msiserver - ok
    19:22:52.0587 2024 [ ACB01BF1A905356AB7F978C7FE852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    19:22:52.0602 2024 MSK80Service - ok
    19:22:52.0649 2024 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:22:52.0649 2024 MSKSSRV - ok
    19:22:52.0696 2024 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:22:52.0696 2024 MSPCLOCK - ok
    19:22:52.0727 2024 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:22:52.0727 2024 MSPQM - ok
    19:22:52.0790 2024 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:22:52.0790 2024 MsRPC - ok
    19:22:52.0821 2024 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:22:52.0821 2024 mssmbios - ok
    19:22:52.0852 2024 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:22:52.0852 2024 MSTEE - ok
    19:22:52.0868 2024 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:22:52.0868 2024 MTConfig - ok
    19:22:52.0914 2024 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:22:52.0914 2024 Mup - ok
    19:22:52.0961 2024 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:22:52.0961 2024 napagent - ok
    19:22:52.0992 2024 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:22:52.0992 2024 NativeWifiP - ok
    19:22:53.0070 2024 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:22:53.0086 2024 NDIS - ok
    19:22:53.0117 2024 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:22:53.0133 2024 NdisCap - ok
    19:22:53.0148 2024 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:22:53.0148 2024 NdisTapi - ok
    19:22:53.0195 2024 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:22:53.0195 2024 Ndisuio - ok
    19:22:53.0242 2024 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:22:53.0242 2024 NdisWan - ok
    19:22:53.0289 2024 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:22:53.0289 2024 NDProxy - ok
    19:22:53.0320 2024 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:22:53.0320 2024 NetBIOS - ok
    19:22:53.0367 2024 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:22:53.0367 2024 NetBT - ok
    19:22:53.0382 2024 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:22:53.0382 2024 Netlogon - ok
    19:22:53.0445 2024 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:22:53.0460 2024 Netman - ok
    19:22:53.0507 2024 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:22:53.0507 2024 netprofm - ok
    19:22:53.0570 2024 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:22:53.0570 2024 NetTcpPortSharing - ok
    19:22:53.0601 2024 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:22:53.0601 2024 nfrd960 - ok
    19:22:53.0663 2024 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:22:53.0663 2024 NlaSvc - ok
    19:22:53.0710 2024 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:22:53.0710 2024 Npfs - ok
    19:22:53.0741 2024 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:22:53.0741 2024 nsi - ok
    19:22:53.0757 2024 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:22:53.0757 2024 nsiproxy - ok
    19:22:53.0835 2024 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:22:53.0882 2024 Ntfs - ok
    19:22:53.0882 2024 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:22:53.0882 2024 Null - ok
    19:22:53.0944 2024 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:22:53.0944 2024 nvraid - ok
    19:22:53.0991 2024 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:22:53.0991 2024 nvstor - ok
    19:22:54.0022 2024 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:22:54.0022 2024 nv_agp - ok
    19:22:54.0053 2024 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:22:54.0069 2024 ohci1394 - ok
    19:22:54.0100 2024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:22:54.0100 2024 p2pimsvc - ok
    19:22:54.0131 2024 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:22:54.0131 2024 p2psvc - ok
    19:22:54.0162 2024 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:22:54.0162 2024 Parport - ok
    19:22:54.0194 2024 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:22:54.0194 2024 partmgr - ok
    19:22:54.0209 2024 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:22:54.0209 2024 PcaSvc - ok
    19:22:54.0256 2024 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:22:54.0256 2024 pci - ok
    19:22:54.0318 2024 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:22:54.0318 2024 pciide - ok
    19:22:54.0350 2024 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:22:54.0350 2024 pcmcia - ok
    19:22:54.0365 2024 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:22:54.0365 2024 pcw - ok
    19:22:54.0396 2024 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:22:54.0412 2024 PEAUTH - ok
    19:22:54.0474 2024 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:22:54.0537 2024 PerfHost - ok
    19:22:54.0615 2024 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:22:54.0646 2024 pla - ok
    19:22:54.0693 2024 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:22:54.0708 2024 PlugPlay - ok
    19:22:54.0724 2024 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:22:54.0724 2024 PNRPAutoReg - ok
    19:22:54.0755 2024 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:22:54.0771 2024 PNRPsvc - ok
    19:22:54.0802 2024 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:22:54.0818 2024 PolicyAgent - ok
    19:22:54.0849 2024 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:22:54.0849 2024 Power - ok
    19:22:54.0896 2024 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:22:54.0896 2024 PptpMiniport - ok
    19:22:54.0927 2024 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:22:54.0927 2024 Processor - ok
    19:22:54.0974 2024 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:22:54.0989 2024 ProfSvc - ok
    19:22:55.0005 2024 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:22:55.0005 2024 ProtectedStorage - ok
    19:22:55.0052 2024 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:22:55.0052 2024 Psched - ok
    19:22:55.0083 2024 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
    19:22:55.0083 2024 PxHlpa64 - ok
    19:22:55.0145 2024 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:22:55.0176 2024 ql2300 - ok
    19:22:55.0208 2024 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:22:55.0208 2024 ql40xx - ok
    19:22:55.0239 2024 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:22:55.0254 2024 QWAVE - ok
    19:22:55.0270 2024 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:22:55.0270 2024 QWAVEdrv - ok
    19:22:55.0286 2024 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:22:55.0286 2024 RasAcd - ok
    19:22:55.0348 2024 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:22:55.0348 2024 RasAgileVpn - ok
    19:22:55.0348 2024 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:22:55.0348 2024 RasAuto - ok
    19:22:55.0379 2024 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:22:55.0379 2024 Rasl2tp - ok
    19:22:55.0426 2024 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:22:55.0442 2024 RasMan - ok
    19:22:55.0457 2024 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:22:55.0457 2024 RasPppoe - ok
    19:22:55.0504 2024 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:22:55.0504 2024 RasSstp - ok
    19:22:55.0551 2024 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:22:55.0551 2024 rdbss - ok
    19:22:55.0582 2024 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:22:55.0582 2024 rdpbus - ok
    19:22:55.0598 2024 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:22:55.0598 2024 RDPCDD - ok
    19:22:55.0629 2024 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:22:55.0629 2024 RDPENCDD - ok
    19:22:55.0644 2024 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:22:55.0644 2024 RDPREFMP - ok
    19:22:55.0676 2024 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:22:55.0691 2024 RDPWD - ok
    19:22:55.0754 2024 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:22:55.0754 2024 rdyboost - ok
    19:22:55.0769 2024 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:22:55.0769 2024 RemoteAccess - ok
    19:22:55.0800 2024 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:22:55.0800 2024 RemoteRegistry - ok
    19:22:55.0847 2024 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    19:22:55.0847 2024 RFCOMM - ok
    19:22:55.0894 2024 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:22:55.0894 2024 RpcEptMapper - ok
    19:22:55.0910 2024 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:22:55.0910 2024 RpcLocator - ok
    19:22:55.0956 2024 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:22:55.0972 2024 RpcSs - ok
    19:22:56.0003 2024 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:22:56.0003 2024 rspndr - ok
    19:22:56.0081 2024 [ 30F463768D5143BFD7B2DF822B53CF4D ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    19:22:56.0081 2024 RSUSBSTOR - ok
    19:22:56.0128 2024 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:22:56.0128 2024 RTL8167 - ok
    19:22:56.0144 2024 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:22:56.0144 2024 SamSs - ok
    19:22:56.0190 2024 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:22:56.0190 2024 sbp2port - ok
    19:22:56.0222 2024 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:22:56.0222 2024 SCardSvr - ok
    19:22:56.0268 2024 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:22:56.0268 2024 scfilter - ok
    19:22:56.0331 2024 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:22:56.0346 2024 Schedule - ok
    19:22:56.0393 2024 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:22:56.0393 2024 SCPolicySvc - ok
    19:22:56.0440 2024 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:22:56.0440 2024 SDRSVC - ok
    19:22:56.0518 2024 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    19:22:56.0518 2024 SeaPort - ok
    19:22:56.0596 2024 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:22:56.0596 2024 secdrv - ok
    19:22:56.0627 2024 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:22:56.0627 2024 seclogon - ok
    19:22:56.0658 2024 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:22:56.0658 2024 SENS - ok
    19:22:56.0705 2024 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:22:56.0705 2024 SensrSvc - ok
    19:22:56.0768 2024 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:22:56.0768 2024 Serenum - ok
    19:22:56.0799 2024 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:22:56.0799 2024 Serial - ok
    19:22:56.0830 2024 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:22:56.0830 2024 sermouse - ok
    19:22:56.0924 2024 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:22:56.0924 2024 SessionEnv - ok
    19:22:56.0970 2024 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:22:56.0970 2024 sffdisk - ok
    19:22:56.0986 2024 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:22:56.0986 2024 sffp_mmc - ok
    19:22:57.0002 2024 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:22:57.0002 2024 sffp_sd - ok
    19:22:57.0048 2024 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:22:57.0048 2024 sfloppy - ok
    19:22:57.0158 2024 [ 74EC60E20516AAA573BE74F31175270F ] SftService C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    19:22:57.0204 2024 SftService - ok
    19:22:57.0251 2024 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:22:57.0267 2024 SharedAccess - ok
    19:22:57.0298 2024 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:22:57.0298 2024 ShellHWDetection - ok
    19:22:57.0314 2024 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:22:57.0329 2024 SiSRaid2 - ok
    19:22:57.0329 2024 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:22:57.0329 2024 SiSRaid4 - ok
    19:22:57.0345 2024 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:22:57.0345 2024 Smb - ok
    19:22:57.0392 2024 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:22:57.0392 2024 SNMPTRAP - ok
    19:22:57.0407 2024 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:22:57.0407 2024 spldr - ok
    19:22:57.0454 2024 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:22:57.0454 2024 Spooler - ok
    19:22:57.0548 2024 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:22:57.0610 2024 sppsvc - ok
    19:22:57.0657 2024 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:22:57.0657 2024 sppuinotify - ok
    19:22:57.0704 2024 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:22:57.0704 2024 srv - ok
    19:22:57.0750 2024 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:22:57.0750 2024 srv2 - ok
    19:22:57.0813 2024 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:22:57.0813 2024 srvnet - ok
    19:22:57.0860 2024 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:22:57.0860 2024 SSDPSRV - ok
    19:22:57.0875 2024 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:22:57.0875 2024 SstpSvc - ok
    19:22:57.0922 2024 [ 463E33B1EA7AF1E6EB87B66B831DB41A ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    19:22:57.0922 2024 STacSV - ok
    19:22:57.0938 2024 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:22:57.0953 2024 stexstor - ok
    19:22:58.0000 2024 [ 4304B75094E106FB5423A290C95841E5 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    19:22:58.0000 2024 STHDA - ok
    19:22:58.0047 2024 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:22:58.0047 2024 stisvc - ok
    19:22:58.0078 2024 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:22:58.0078 2024 swenum - ok
    19:22:58.0140 2024 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:22:58.0140 2024 swprv - ok
    19:22:58.0187 2024 [ 8A3FBCB3D6D4710730D27DA4392A4863 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    19:22:58.0187 2024 SynTP - ok
    19:22:58.0265 2024 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:22:58.0296 2024 SysMain - ok
    19:22:58.0343 2024 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:22:58.0343 2024 TabletInputService - ok
    19:22:58.0374 2024 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:22:58.0374 2024 TapiSrv - ok
    19:22:58.0406 2024 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:22:58.0406 2024 TBS - ok
    19:22:58.0484 2024 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:22:58.0515 2024 Tcpip - ok
    19:22:58.0562 2024 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:22:58.0577 2024 TCPIP6 - ok
    19:22:58.0608 2024 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:22:58.0608 2024 tcpipreg - ok
    19:22:58.0655 2024 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:22:58.0655 2024 TDPIPE - ok
    19:22:58.0702 2024 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:22:58.0702 2024 TDTCP - ok
    19:22:58.0749 2024 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:22:58.0749 2024 tdx - ok
    19:22:58.0796 2024 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:22:58.0796 2024 TermDD - ok
    19:22:58.0827 2024 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:22:58.0842 2024 TermService - ok
    19:22:58.0858 2024 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:22:58.0858 2024 Themes - ok
    19:22:58.0858 2024 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:22:58.0874 2024 THREADORDER - ok
    19:22:58.0874 2024 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:22:58.0889 2024 TrkWks - ok
    19:22:58.0952 2024 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:22:58.0952 2024 TrustedInstaller - ok
    19:22:58.0983 2024 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:22:58.0983 2024 tssecsrv - ok
    19:22:59.0045 2024 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:22:59.0045 2024 TsUsbFlt - ok
    19:22:59.0108 2024 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:22:59.0108 2024 tunnel - ok
    19:22:59.0154 2024 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:22:59.0154 2024 uagp35 - ok
    19:22:59.0186 2024 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:22:59.0201 2024 udfs - ok
    19:22:59.0232 2024 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:22:59.0232 2024 UI0Detect - ok
    19:22:59.0248 2024 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:22:59.0248 2024 uliagpkx - ok
    19:22:59.0295 2024 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:22:59.0295 2024 umbus - ok
    19:22:59.0326 2024 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:22:59.0326 2024 UmPass - ok
    19:22:59.0451 2024 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    19:22:59.0498 2024 UNS - ok
    19:22:59.0544 2024 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:22:59.0544 2024 upnphost - ok
    19:22:59.0591 2024 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    19:22:59.0607 2024 USBAAPL64 - ok
    19:22:59.0685 2024 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:22:59.0685 2024 usbccgp - ok
    19:22:59.0747 2024 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:22:59.0747 2024 usbcir - ok
    19:22:59.0810 2024 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    19:22:59.0810 2024 usbehci - ok
    19:22:59.0856 2024 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:22:59.0856 2024 usbhub - ok
    19:22:59.0919 2024 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:22:59.0919 2024 usbohci - ok
    19:22:59.0950 2024 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:22:59.0950 2024 usbprint - ok
    19:22:59.0997 2024 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:22:59.0997 2024 usbscan - ok
    19:23:00.0012 2024 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:23:00.0012 2024 USBSTOR - ok
    19:23:00.0028 2024 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:23:00.0028 2024 usbuhci - ok
    19:23:00.0090 2024 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    19:23:00.0090 2024 usbvideo - ok
    19:23:00.0122 2024 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:23:00.0137 2024 UxSms - ok
    19:23:00.0137 2024 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:23:00.0137 2024 VaultSvc - ok
    19:23:00.0200 2024 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:23:00.0200 2024 vdrvroot - ok
    19:23:00.0246 2024 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:23:00.0262 2024 vds - ok
    19:23:00.0309 2024 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:23:00.0309 2024 vga - ok
    19:23:00.0324 2024 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:23:00.0324 2024 VgaSave - ok
    19:23:00.0387 2024 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:23:00.0387 2024 vhdmp - ok
    19:23:00.0402 2024 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:23:00.0402 2024 viaide - ok
    19:23:00.0449 2024 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:23:00.0449 2024 volmgr - ok
    19:23:00.0496 2024 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:23:00.0496 2024 volmgrx - ok
    19:23:00.0527 2024 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:23:00.0527 2024 volsnap - ok
    19:23:00.0558 2024 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:23:00.0558 2024 vsmraid - ok
    19:23:00.0636 2024 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:23:00.0668 2024 VSS - ok
    19:23:00.0683 2024 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:23:00.0683 2024 vwifibus - ok
    19:23:00.0730 2024 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:23:00.0730 2024 vwififlt - ok
    19:23:00.0777 2024 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    19:23:00.0777 2024 vwifimp - ok
    19:23:00.0792 2024 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:23:00.0808 2024 W32Time - ok
    19:23:00.0824 2024 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:23:00.0824 2024 WacomPen - ok
    19:23:00.0870 2024 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:23:00.0870 2024 WANARP - ok
    19:23:00.0902 2024 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:23:00.0902 2024 Wanarpv6 - ok
    19:23:00.0964 2024 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:23:00.0995 2024 WatAdminSvc - ok
    19:23:01.0058 2024 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:23:01.0089 2024 wbengine - ok
    19:23:01.0104 2024 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:23:01.0104 2024 WbioSrvc - ok
    19:23:01.0151 2024 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:23:01.0151 2024 wcncsvc - ok
    19:23:01.0167 2024 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:23:01.0167 2024 WcsPlugInService - ok
    19:23:01.0198 2024 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:23:01.0198 2024 Wd - ok
    19:23:01.0229 2024 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:23:01.0245 2024 Wdf01000 - ok
    19:23:01.0245 2024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:23:01.0260 2024 WdiServiceHost - ok
    19:23:01.0260 2024 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:23:01.0260 2024 WdiSystemHost - ok
    19:23:01.0276 2024 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:23:01.0276 2024 WebClient - ok
    19:23:01.0292 2024 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:23:01.0307 2024 Wecsvc - ok
    19:23:01.0307 2024 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:23:01.0323 2024 wercplsupport - ok
    19:23:01.0354 2024 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:23:01.0370 2024 WerSvc - ok
    19:23:01.0416 2024 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:23:01.0416 2024 WfpLwf - ok
    19:23:01.0479 2024 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
    19:23:01.0479 2024 WimFltr - ok
    19:23:01.0494 2024 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:23:01.0494 2024 WIMMount - ok
    19:23:01.0510 2024 WinDefend - ok
    19:23:01.0510 2024 WinHttpAutoProxySvc - ok
    19:23:01.0557 2024 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:23:01.0572 2024 Winmgmt - ok
    19:23:01.0650 2024 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:23:01.0697 2024 WinRM - ok
    19:23:01.0822 2024 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:23:01.0822 2024 WinUsb - ok
    19:23:01.0869 2024 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:23:01.0884 2024 Wlansvc - ok
    19:23:01.0931 2024 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:23:01.0947 2024 wlcrasvc - ok
    19:23:02.0072 2024 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:23:02.0118 2024 wlidsvc - ok
    19:23:02.0150 2024 [ DE816A0624D54D68E1FB8A9028DCF81A ] wltrysvc C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    19:23:02.0165 2024 wltrysvc - ok
    19:23:02.0196 2024 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:23:02.0196 2024 WmiAcpi - ok
    19:23:02.0228 2024 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:23:02.0228 2024 wmiApSrv - ok
    19:23:02.0259 2024 WMPNetworkSvc - ok
    19:23:02.0290 2024 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:23:02.0290 2024 WPCSvc - ok
    19:23:02.0337 2024 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:23:02.0352 2024 WPDBusEnum - ok
    19:23:02.0384 2024 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:23:02.0384 2024 ws2ifsl - ok
    19:23:02.0399 2024 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:23:02.0399 2024 wscsvc - ok
    19:23:02.0399 2024 WSearch - ok
    19:23:02.0493 2024 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:23:02.0540 2024 wuauserv - ok
    19:23:02.0555 2024 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:23:02.0555 2024 WudfPf - ok
    19:23:02.0602 2024 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:23:02.0602 2024 WUDFRd - ok
    19:23:02.0633 2024 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:23:02.0633 2024 wudfsvc - ok
    19:23:02.0664 2024 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:23:02.0664 2024 WwanSvc - ok
    19:23:02.0711 2024 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    19:23:02.0711 2024 yukonw7 - ok
    19:23:02.0742 2024 ================ Scan global ===============================
    19:23:02.0789 2024 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:23:02.0836 2024 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:23:02.0836 2024 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    19:23:02.0883 2024 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:23:02.0930 2024 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:23:02.0930 2024 [Global] - ok
    19:23:02.0930 2024 ================ Scan MBR ==================================
    19:23:02.0961 2024 [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
    19:23:02.0961 2024 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    19:23:03.0023 2024 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    19:23:03.0023 2024 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    19:23:03.0023 2024 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR1
    19:23:03.0460 2024 \Device\Harddisk1\DR1 - ok
    19:23:03.0460 2024 ================ Scan VBR ==================================
    19:23:03.0460 2024 [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
    19:23:03.0460 2024 \Device\Harddisk0\DR0\Partition1 - ok
    19:23:03.0476 2024 [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
    19:23:03.0476 2024 \Device\Harddisk0\DR0\Partition2 - ok
    19:23:03.0476 2024 [ 2005861E1582E9881F7328AC05352B91 ] \Device\Harddisk1\DR1\Partition1
    19:23:03.0476 2024 \Device\Harddisk1\DR1\Partition1 - ok
    19:23:03.0476 2024 ============================================================
    19:23:03.0476 2024 Scan finished
    19:23:03.0476 2024 ============================================================
    19:23:03.0616 2016 Detected object count: 1
    19:23:03.0616 2016 Actual detected object count: 1
    19:23:20.0636 2016 \Device\Harddisk0\DR0\# - copied to quarantine
    19:23:20.0636 2016 \Device\Harddisk0\DR0 - copied to quarantine
    19:23:20.0714 2016 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    19:23:20.0714 2016 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    19:23:20.0729 2016 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    19:23:20.0729 2016 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    19:23:20.0745 2016 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    19:23:20.0760 2016 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    19:23:20.0776 2016 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    19:23:20.0776 2016 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    19:23:20.0807 2016 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    19:23:20.0838 2016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    19:23:20.0838 2016 \Device\Harddisk0\DR0 - ok
    19:23:21.0041 2016 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    19:23:26.0376 1988 Deinitialize success
     
     
  12. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Good :)

    Re-run MBAM and post new log.

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  13. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.23.07

    Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
    Internet Explorer 9.0.8112.16421
    Deborah A Baines :: DEBORAHABAINES [administrator]

    10/19/2012 11:33:45 PM
    mbam-log-2012-10-19 (23-33-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 203131
    Time elapsed: 5 minute(s), 39 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  14. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : Deborah A Baines [Admin rights]
    Mode : Scan -- Date : 10/19/2012 23:49:35
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][BLPATH] HKLM\[...]\Wow6432Node\RunOnce : AD09707F-22FA-49E8-B87F-2A68DB945CB0 (cmd.exe /C start /D "C:\Users\DEBORA~1\AppData\Local\Temp" /B AD09707F-22FA-49E8-B87F-2A68DB945CB0.exe -postboot) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 4d4a553e573f523dcd45eb0637c5eade
    [BSP] b75cfbc35e8fe26bc27080129c69379c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
    --- User ---
    [MBR] 379dc06f33a6de084c780f0932a18fda
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3871 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[1].txt >>
    RKreport[1].txt
    RogueKiller V8.1.1 [10/01/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com
    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Safe mode
    User : Deborah A Baines [Admin rights]
    Mode : Remove -- Date : 10/19/2012 23:50:08
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 7 ¤¤¤
    [RUN][BLPATH] HKLM\[...]\Wow6432Node\RunOnce : AD09707F-22FA-49E8-B87F-2A68DB945CB0 (cmd.exe /C start /D "C:\Users\DEBORA~1\AppData\Local\Temp" /B AD09707F-22FA-49E8-B87F-2A68DB945CB0.exe -postboot) -> DELETED
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED] ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts
    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000BEVT-75A0RT0 +++++
    --- User ---
    [MBR] 4d4a553e573f523dcd45eb0637c5eade
    [BSP] b75cfbc35e8fe26bc27080129c69379c : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 461838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: TOSHIBA TransMemory USB Device +++++
    --- User ---
    [MBR] 379dc06f33a6de084c780f0932a18fda
    [BSP] ef3177ea6997481f5647d45aa222b26f : MBR Code unknown
    Partition table:
    0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 3871 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR!
    Finished : << RKreport[2].txt >>
    RKreport[1].txt ; RKreport[2].txt
     
  15. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-10-19 23:51:04
    -----------------------------
    23:51:04.497 OS Version: Windows x64 6.1.7601 Service Pack 1
    23:51:04.497 Number of processors: 4 586 0x2505
    23:51:04.497 ComputerName: DEBORAHABAINES UserName:
    23:51:05.792 Initialize success
    23:51:10.019 AVAST engine download error: 0
    23:51:21.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:51:21.517 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
    23:51:21.532 Disk 0 MBR read successfully
    23:51:21.532 Disk 0 MBR scan
    23:51:21.532 Disk 0 Windows 7 default MBR code
    23:51:21.548 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
    23:51:21.563 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
    23:51:21.595 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
    23:51:21.610 Disk 0 scanning C:\Windows\system32\drivers
    23:51:31.610 Service scanning
    23:52:42.013 Modules scanning
    23:52:42.013 Disk 0 trace - called modules:
    23:52:42.028 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    23:52:42.028 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b73060]
    23:52:42.044 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004944050]
    23:52:42.044 Scan finished successfully
    23:53:06.895 Disk 0 MBR has been saved successfully to "C:\Users\Deborah A Baines\Desktop\MBR.dat"
    23:53:06.926 The log file has been saved successfully to "C:\Users\Deborah A Baines\Desktop\aswMBR.txt"
     
  16. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    Note: I completely uninstalled McAfee and Combofix still showed that it was running. I ran combofix anyway, pretty sure McAfee was not running.


    Log:

    ComboFix 12-10-21.01 - Deborah A Baines 10/21/2012 9:19.1.4 - x64 MINIMAL
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.3137 [GMT -5:00]
    Running from: c:\users\Deborah A Baines\Desktop\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Microsoft\Windows\DRM\D682.tmp
    c:\programdata\Microsoft\Windows\DRM\D692.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-21 14:29 . 2012-10-21 14:29--------d-----w-c:\users\Default\AppData\Local\temp
    2012-10-20 00:23 . 2012-10-20 00:23--------d-----w-C:\TDSSKiller_Quarantine
    2012-09-30 04:14 . 2012-10-18 02:11--------d-----w-c:\program files (x86)\bSaving
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-10 19:32 . 2012-09-10 18:33426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-09-10 19:32 . 2011-06-16 01:4570344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-24 00:47 . 2011-02-19 21:0762134624----a-w-c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    "{b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427}"= "c:\program files (x86)\TVgnome\prxtbTVgn.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427}]
    2011-01-17 21:54175912----a-w-c:\program files (x86)\TVgnome\prxtbTVgn.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2011-08-24 03:201515688----a-w-c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427}"= "c:\program files (x86)\TVgnome\prxtbTVgn.dll" [2011-01-17 175912]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
    .
    [HKEY_CLASSES_ROOT\clsid\{b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427}]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AutoSave"="c:\program files (x86)\Avanquest\AutoSaveEssentials\Autosave Essentials.exe" [2010-12-03 1934592]
    "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
    "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
    "Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2010-10-08 86184]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-30 296056]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-07 559616]
    "Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-04-04 1082440]
    .
    c:\users\Deborah A Baines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    Microsoft HealthVault Connection Center.lnk - c:\program files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exe [2010-7-29 2234232]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
    MedApps Device Monitor.lnk - c:\windows\Installer\{057FC282-826A-41E4-B6D9-9E6BCFD8B8E3}\_11C58EEF5D7511CC7409FC.exe [2011-3-26 10134]
    Newsflash.lnk - c:\program files (x86)\Common Files\MySoftware\Newsflsh.exe [2011-5-30 233472]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R1 AutoSave;AutoSave;c:\windows\system32\DRIVERS\AutoSave.sys [2009-08-13 36896]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    R2 0099671350828685mcinstcleanup;McAfee Application Installer Cleanup (0099671350828685);c:\users\DEBORA~1\AppData\Local\Temp\009967~1.EXE [x]
    R2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2010-10-08 10408]
    R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    R2 Agent;Agent;c:\windows\agent_x64.exe [2011-08-24 102912]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-06-08 13336]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 250056]
    R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-03 20984]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-03-30 53800]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-30 35104]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 136176]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-08-30 289280]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-03-17 232480]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-17 325152]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-19 1255736]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-10 19:32]
    .
    2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 15:49]
    .
    2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-11 15:49]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
    "Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Trusted Zone: intuit.com\ttlc
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-22178229.sys
    HKLM_Wow6432Node-ActiveSetup-Neat ADF Scanner 2008 - reg copy HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008 HKCU\Software\The Neat Company\Neat ADF Scanner 2008
    WebBrowser-{B2AB0CC4-22F9-47A4-BBAA-A23BD1B30427} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-21 09:32:06
    ComboFix-quarantined-files.txt 2012-10-21 14:32
    .
    Pre-Run: 358,498,852,864 bytes free
    Post-Run: 359,692,406,784 bytes free
    .
    - - End Of File - - 9AB6F6ADEDB1E83EE60D4113786DCFA3
     
  18. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    You didn't have to uninstall McAfee in order to run Combofix.
    You can reinstall it now.

    Any current issues?

    =============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  19. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    I uninstalled it because the defs were way out of date so I was going to replace it with Avast after getting this virus fixed.

    Logs:

    OTL Extras logfile created on: 10/21/2012 4:07:42 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deborah A Baines\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 85.26% Memory free
    7.61 Gb Paging File | 7.06 Gb Available in Paging File | 92.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 335.15 Gb Free Space | 74.31% Space Free | Partition Type: NTFS
    Drive E: | 3.77 Gb Total Space | 3.00 Gb Free Space | 79.65% Space Free | Partition Type: FAT32

    Computer Name: DEBORAHABAINES | User Name: Deborah A Baines | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0295B27C-F45F-4132-94FB-A7806CC7200A}" = rport=445 | protocol=6 | dir=out | app=system |
    "{18DE9062-DEF3-4487-9A31-ED965225F922}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2F7AC376-456E-43F5-BD99-72BF90CFB329}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{47C13397-509D-45C2-84AD-B84C2A33302F}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{5A92C71B-106B-4B3F-9C7D-32AC647016DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{61B2732A-E415-42ED-9433-13942B11B926}" = rport=137 | protocol=17 | dir=out | app=system |
    "{68082779-BF9A-40BD-A148-C7FCB0A01A4C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{682FFD44-4945-40BE-A06F-459D25BF945F}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6D014D8B-EF61-471B-9E52-99FB59C102EC}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |
    "{725AC560-BEA7-4117-814D-087D82A09B0C}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |
    "{78E99D2D-338E-449D-8877-DA1E546C496E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{9172A07F-64B3-497C-8916-B3A60B51D7C8}" = rport=139 | protocol=6 | dir=out | app=system |
    "{95C4878F-B00B-4D76-8293-42841CEC6300}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{96039556-673C-4911-B6F2-0B6F9AB17960}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{980E1072-9F98-43B4-A83E-E8FED1050BAA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{AAB5A8A9-3094-4052-94C0-06B3EC61EC99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{B4CE48C9-40D0-4F2E-840F-00B6A90EA8D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B7346D5F-877C-401B-B32A-BC58F83B9B04}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C587428B-C13B-448B-962B-4A737EF28EE4}" = lport=139 | protocol=6 | dir=in | app=system |
    "{C7A0463B-59C9-48B0-B88F-19ED3352CB04}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C8FA53B9-7AC7-43F6-BA74-2278B89BF45A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{CDBB93FD-5AAE-4538-80DC-58E2D113223D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{D293F2E6-1582-463C-9EAA-9DC1EB162DA9}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D6BBFBC9-630A-4D97-88B2-FCE408F06D98}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{DE8F27ED-9BC0-4A47-ACE5-19B2BDCAD7FE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{EFC1D526-2BB0-4A31-96EB-EBAD12F03D9D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F17B872A-E47D-4A3B-BD6E-C7C7DA6C5F69}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{FAE5CD48-2024-418E-ACD9-FE777E49A7FA}" = rport=138 | protocol=17 | dir=out | app=system |
    "{FE770A51-C10B-4FA4-8895-0739B3654959}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{004DC803-F9FB-43C3-99EA-893723E04A48}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{0894BD66-34DE-444A-99B3-DF84C3AE88A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{18A1894C-32E7-4809-8D8B-89A05D8EDDF9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1B574851-4E29-4356-A033-2641B6432962}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{23E54129-79FD-4BF2-8849-9AD14E52D283}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{24B65F87-2433-4C3E-AE39-8B392153C5C3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2C717E79-4D7A-4B81-B8ED-9A01C718AC61}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{49FE7784-146B-4479-AE98-8A65C56363C9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4FBF3431-7FA3-44F4-A51B-1454017EA077}" = protocol=6 | dir=out | app=system |
    "{5409521E-8B37-4D83-A796-D56B2FF159BA}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{56F515DA-BAD8-49DC-BE15-B3C7D129578C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{6EF79475-531E-49BB-9446-0FE027B45812}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{72DFFCCA-5050-4E46-A261-31D6ADC414A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7AA25298-556A-48B5-A09D-6041D8ADDFD5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{8377CBDF-1553-4B1D-A8EE-0B1C1EF2058A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{94847F4A-9050-4AEA-94CA-14B43F0CD34E}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe |
    "{9857A7E1-5E31-44CB-BDB7-D09CEB826B21}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{9B1B80C1-3B46-4341-BF53-F85137028528}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{9F9FA1C9-A86A-4795-800D-6072C95DDBD1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{A9F9BBB4-71A2-4599-A936-AE4F913B2BE2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{B3F44B1B-2FFF-49B7-893B-CE7203ABD005}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{B99CD6D7-3D41-443B-BE0A-94E30413CC78}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{BB45A373-AB00-4B98-8D90-0B02021CBC17}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe |
    "{C3E00B75-E82F-4A9F-8B68-D221EF6DB1BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{C604A97B-7153-4BE0-91FA-88589318BFC4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{CE3E1259-AD32-4413-98F3-CDED3005F917}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{CEA52542-8AA2-463E-A522-493876B17BF5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D13B486B-B812-47FB-AC93-9F554D546E84}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{D791BAA5-D256-4A99-9EF8-99CBA4187519}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3AA8C9E-2CB2-4DC3-8867-DC1EF6B891EF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E7C47114-2C0A-4959-A0A9-26084629DC8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EDCBDF99-C74A-4C70-99E1-F05C35608AAD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EE9C2429-8649-4B22-A19C-5A61DB0FF023}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F0C28C0A-66D3-46E8-B807-9AA2C37D4801}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F35C2536-F5B0-426D-B3E4-00575403652D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FBC18A49-9816-4A90-8BE0-2A8AFB983913}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{FE096866-808C-44F5-9D49-97413F4954BE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{FF52067D-4700-4F3C-90F2-56F89B6C0F03}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{057FC282-826A-41E4-B6D9-9E6BCFD8B8E3}" = HoMedics or Walgreens Blood Pressure Monitor v2.2.9
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{237E305C-B625-466A-88CE-1E121BF4FDB1}" = Send To Neat
    "{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7EA2D88A-C8B7-4102-8644-0A437B6FC143}" = Neat Mobile Scanner Driver
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}" = Neat ADF Scanner 2008 Driver
    "{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}" = Neat ADF Scanner Driver
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
    "{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}" = Neat Mobile Scanner (Silver) Driver
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}" = Neat Mobile Scanner 2008 Driver
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
    "AF09E130E2FD4D1BEFD1B9132AE624BAE0364719" = Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth (03/24/2010 6.3.0.2501)
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "PC-Doctor for Windows" = Dell Support Center
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A722192-4AEA-4911-9F71-EBECEDC970B5}" = Newsflash
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{255D3EE5-4E62-4E3C-A777-2C26D0A58E47}" = Microsoft HealthVault Connection Center Configuration
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{50C078F9-CBA1-4AD9-8C3B-BC5E1A59B44B}" = MyInvoices & Estimates Deluxe
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5B59928C-B074-41E0-92CD-FEE1B826369E}" = AutoSave Essentials
    "{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{856CD2A4-9BCE-4ED2-B7F5-A96C960081C1}" = MyLabel Designer Deluxe
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{9021848E-F315-44C7-8D45-3B16162AA73A}" = TurboTax 2010 wneiper
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{99432E4C-1189-4887-9D75-DAA796015FFD}" = Neat Core Files
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
    "{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{F0B1C62D-2D77-45FE-A592-AEADC7F7FF84}" = Microsoft HealthVault Connection Center
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Battleship Fleet Command" = Battleship Fleet Command (remove only)
    "Dell Dock" = Dell Dock
    "Dell Webcam Central" = Dell Webcam Central
    "Google Chrome" = Google Chrome
    "GoToAssist" = GoToAssist 8.0.0.514
    "HealthVault Connection Center" = Microsoft HealthVault Connection Center
    "Jewel Quest III" = Jewel Quest III (remove only)
    "Jewel Quest Solitaire II" = Jewel Quest Solitaire II (remove only)
    "Jojos Fashion Show" = Jojos Fashion Show (remove only)
    "Mah Jong Quest III" = Mah Jong Quest III (remove only)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "Neat" = Neat
    "Polly Pride Pet Detective" = Polly Pride Pet Detective (remove only)
    "RealPlayer 15.0" = RealPlayer
    "TurboTax 2010" = TurboTax 2010
    "TVgnome Toolbar" = TVgnome Toolbar
    "WATCH FREE TV" = WATCH FREE TV
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WTA-7144278d-085f-4102-8f9f-5bb66b586e2a" = Mahjongg - Ancient Egypt
    "WTA-a79d8bc8-c106-4764-b6ea-2ebaa043e208" = Text Express 2 Deluxe

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "be441f4e7d0af918" = Proclaim

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 10/8/2012 1:33:45 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/8/2012 1:33:45 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2060

    Error - 10/8/2012 1:33:45 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2060

    Error - 10/8/2012 1:33:46 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/8/2012 1:33:46 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3089

    Error - 10/8/2012 1:33:46 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3089

    Error - 10/8/2012 1:33:47 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 10/8/2012 1:33:47 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 4134

    Error - 10/8/2012 1:33:47 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 4134

    Error - 10/8/2012 1:33:48 AM | Computer Name = DeborahABaines | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    [ Broadcom Wireless LAN Events ]
    Error - 7/23/2012 7:23:10 AM | Computer Name = DeborahABaines | Source = WLAN-Tray | ID = 0
    Description = 06:23:09, Mon, Jul 23, 12 Error - Unable to gain access to user store


    Error - 10/11/2012 12:04:08 AM | Computer Name = DeborahABaines | Source = WLAN-Tray | ID = 0
    Description = 23:03:49, Wed, Oct 10, 12 Error - Unable to gain access to user store


    Error - 10/17/2012 12:57:47 PM | Computer Name = DeborahABaines | Source = WLAN-Tray | ID = 0
    Description = 11:57:43, Wed, Oct 17, 12 Error - Unable to gain access to user store


    [ Dell Events ]
    Error - 9/9/2011 8:28:35 AM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2011 10:49:20 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/14/2011 10:49:20 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/17/2011 7:23:37 AM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/17/2011 7:23:37 AM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 3:47:54 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 3:47:54 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 4:47:36 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 9/24/2011 4:47:36 PM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 10/17/2011 9:28:26 AM | Computer Name = DeborahABaines | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 8/25/2011 6:37:48 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 5:37:48 AM - Failed to retrieve SportsV2 (Error: The remote name could
    not be resolved: 'data.tvdownload.microsoft.com')

    Error - 8/25/2011 6:37:48 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 5:37:48 AM - Failed to retrieve Broadband (Error: The remote name
    could not be resolved: 'data.tvdownload.microsoft.com')

    Error - 9/5/2011 12:38:37 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 11:38:37 PM - Error connecting to the internet. 11:38:37 PM - Unable
    to contact server..

    Error - 9/5/2011 12:38:52 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 11:38:42 PM - Error connecting to the internet. 11:38:42 PM - Unable
    to contact server..

    Error - 9/5/2011 1:54:46 PM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 12:54:35 PM - Error connecting to the internet. 12:54:35 PM - Unable
    to contact server..

    Error - 9/5/2011 2:55:07 PM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 1:55:02 PM - Error connecting to the internet. 1:55:02 PM - Unable
    to contact server..

    Error - 9/5/2011 3:55:20 PM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 2:55:17 PM - Error connecting to the internet. 2:55:17 PM - Unable
    to contact server..

    Error - 9/5/2011 4:55:49 PM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 3:55:43 PM - Error connecting to the internet. 3:55:43 PM - Unable
    to contact server..

    Error - 9/9/2011 8:23:29 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 7:23:29 AM - Error connecting to the internet. 7:23:29 AM - Unable
    to contact server..

    Error - 9/9/2011 8:23:43 AM | Computer Name = DeborahABaines | Source = MCUpdate | ID = 0
    Description = 7:23:35 AM - Error connecting to the internet. 7:23:35 AM - Unable
    to contact server..

    [ System Events ]
    Error - 10/21/2012 5:04:30 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:31 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:35 PM | Computer Name = DeborahABaines | Source = DCOM | ID = 10005
    Description =

    Error - 10/21/2012 5:04:35 PM | Computer Name = DeborahABaines | Source = DCOM | ID = 10005
    Description =

    Error - 10/21/2012 5:04:36 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:37 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:37 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:37 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:37 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 10/21/2012 5:04:37 PM | Computer Name = DeborahABaines | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068


    < End of report >
     
  20. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    OTL logfile created on: 10/21/2012 4:07:42 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Deborah A Baines\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 3.24 Gb Available Physical Memory | 85.26% Memory free
    7.61 Gb Paging File | 7.06 Gb Available in Paging File | 92.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 335.15 Gb Free Space | 74.31% Space Free | Partition Type: NTFS
    Drive E: | 3.77 Gb Total Space | 3.00 Gb Free Space | 79.65% Space Free | Partition Type: FAT32

    Computer Name: DEBORAHABAINES | User Name: Deborah A Baines | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/10/21 16:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah A Baines\Desktop\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/18 00:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/02/02 23:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/12/29 15:19:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/06/09 09:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/03/03 05:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2012/09/10 14:32:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2011/08/24 12:59:58 | 000,102,912 | ---- | M] () [Auto | Stopped] -- C:\Windows\agent_x64.exe -- (Agent)
    SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/01/14 21:03:31 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
    SRV - [2010/10/08 11:01:14 | 000,010,408 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
    SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2010/06/08 11:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 15:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 15:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/30 07:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/25 15:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/06/18 00:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/06/08 11:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/30 14:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/03/30 14:58:06 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010/03/30 14:58:06 | 000,053,800 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/30 14:58:06 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010/03/30 14:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/03/17 16:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/17 16:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/03/17 16:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/02 23:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2010/02/02 23:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2010/02/02 23:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/13 10:36:22 | 000,036,896 | ---- | M] (Avanquest) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\AutoSave.sys -- (AutoSave)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/15 14:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\URLSearchHook: {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\SearchScopes\{3811A6F5-DAAE-4433-AE6A-785F261ABD41}: "URL" = http://websearch.ask.com/redirect?c...n_sauid=03F3FEF6-47FA-4EFA-8E60-EFDD3E171DB8&
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\SearchScopes\{F53C7F67-EA15-4A39-A73B-20D4A2DBE769}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/17 21:11:15 | 000,000,000 | ---D | M]

    [2012/06/06 19:40:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Deborah A Baines\AppData\Roaming\Mozilla\Extensions

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Yahoo! (Enabled)
    CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
    CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
    CHR - Extension: Surf Canyon = C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjagnifjocnddgeknajocbkkhlgibem\3.3.8_0\
    CHR - Extension: SiteAdvisor = C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

    O1 HOSTS File: ([2012/10/21 09:29:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\MSK\mskapbho.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (TVgnome Toolbar) - {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (TVgnome Toolbar) - {b2ab0cc4-22f9-47a4-bbaa-a23bd1b30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\Toolbar\WebBrowser: (TVgnome Toolbar) - {B2AB0CC4-22F9-47A4-BBAA-A23BD1B30427} - C:\Program Files (x86)\TVgnome\prxtbTVgn.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000..\Run: [AutoSave] C:\Program Files (x86)\Avanquest\AutoSaveEssentials\AutoSave Essentials.exe (Avanquest Software)
    O4 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
    O4 - Startup: C:\Users\Deborah A Baines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
    O4 - Startup: C:\Users\Deborah A Baines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft HealthVault Connection Center.lnk = C:\Program Files (x86)\Microsoft HealthVault\Connection Center\ConnectionCenter.exe (Microsoft Corp.)
    O4 - Startup: C:\Users\Deborah A Baines\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
    O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E406933-9907-4039-B10B-1ACEC35780AD}: DhcpNameServer = 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C22CB225-7C34-4F45-8D58-C1DBD1404E25}: DhcpNameServer = 192.168.0.1
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/10/21 22:35:28 | 000,000,000 | ---D | M] - C:\AutoSave OfficeDocuments 1 -- [ NTFS ]
    O32 - AutoRun File - [2011/06/08 01:21:42 | 000,000,000 | ---D | M] - C:\AutoSave PicturesAndPhotos 1 -- [ NTFS ]
    O32 - AutoRun File - [2011/06/03 07:13:26 | 000,000,000 | ---D | M] - C:\AutoSave SoundsAndMusic 1 -- [ NTFS ]
    O32 - AutoRun File - [2012/10/18 20:29:22 | 000,000,000 | -HS- | M] () - E:\autorun.inf -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/10/21 16:07:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Deborah A Baines\Desktop\OTL.exe
    [2012/10/21 16:04:23 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/10/21 09:32:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/10/21 09:18:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/10/21 09:18:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/10/21 09:18:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/10/21 09:10:11 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/10/21 09:09:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/10/21 09:09:28 | 004,985,492 | R--- | C] (Swearware) -- C:\Users\Deborah A Baines\Desktop\ComboFix.exe
    [2012/10/19 23:49:03 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\Desktop\RK_Quarantine
    [2012/10/19 23:48:57 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Deborah A Baines\Desktop\aswMBR.exe
    [2012/10/19 19:23:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/10/18 22:27:01 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Deborah A Baines\Desktop\dds.com
    [2012/10/18 20:01:55 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{A3FF3C13-C69E-47F6-8D77-B3991AF46EB9}
    [2012/10/17 21:19:36 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{F9C9F38C-5E64-41CB-9E26-33959215D7B1}
    [2012/10/17 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{2210E145-B398-4B39-8469-D3F36D66E4A5}
    [2012/10/10 23:46:17 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{E3961E9D-4385-4AD0-8DD6-4107B5E2E8BE}
    [2012/10/10 18:53:54 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\Documents\Social Studies
    [2012/10/10 18:04:17 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{F30E7710-7013-45C8-81F5-7366700DCA6C}
    [2012/10/07 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{9AD571B1-1C56-45C7-B9FF-9FC05BB85CFB}
    [2012/10/06 20:17:57 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{0559C8EA-572B-4F6D-9253-A2E31C3294A8}
    [2012/10/06 06:42:01 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{319D4C9F-84CA-4FD1-99D0-93452D6FF74D}
    [2012/10/04 18:21:43 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{0BD82A8E-89F7-4D3C-A53C-C1959BD362DB}
    [2012/10/03 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\Documents\English Quarter Projects
    [2012/10/03 16:09:06 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{288BDB32-813F-4076-A154-1FC6E614930C}
    [2012/10/02 16:07:14 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{D68BF2D4-15DA-418B-B267-6E8E02B0BAED}
    [2012/10/02 10:38:12 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\Documents\BillsNewPhone
    [2012/10/02 08:20:50 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{4185DB19-85C7-412A-B951-181577CB66C4}
    [2012/10/01 20:20:11 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{DDF2049C-E4EE-4757-B873-652DDC632B0F}
    [2012/09/30 21:07:37 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{E38B21A9-806E-45F5-B47F-C86106A94B1C}
    [2012/09/30 16:52:30 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{CA771F56-8A0E-40EB-A73B-0BACC5A3F33C}
    [2012/09/29 23:14:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bSaving
    [2012/09/29 23:05:28 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{2437A9E9-3E5F-426E-B793-2154A2606D23}
    [2012/09/28 19:37:30 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{88850BE2-1CCD-4524-810F-D8DFB634B9C8}
    [2012/09/25 20:40:37 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{7E107019-72D9-46DD-AAEA-D7B8A4A399D9}
    [2012/09/24 20:49:19 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{42E2F4E0-382E-4E25-9EC4-BB98D1E591DB}
    [2012/09/24 18:54:10 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{B478F141-A80C-40EC-A24B-A03A72FB2BDD}
    [2012/09/22 21:23:30 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{50C8FEAA-B9FC-431D-BB25-85317E266851}
    [2012/09/22 09:04:43 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{82232CBD-9474-45E6-8409-6B86EC596098}
    [2012/09/21 21:39:17 | 000,000,000 | ---D | C] -- C:\Users\Deborah A Baines\AppData\Local\{459E72CE-AF3F-40D7-B8A3-6AADA3BB15EE}
    [2011/03/11 20:43:41 | 005,943,392 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Deborah A Baines\AppData\Roaming\LoJackSetup.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/10/21 16:03:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/10/21 16:03:15 | 3062,902,784 | -HS- | M] () -- C:\hiberfil.sys
    [2012/10/21 16:02:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Deborah A Baines\Desktop\OTL.exe
    [2012/10/21 09:29:29 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/10/21 09:04:14 | 004,985,492 | R--- | M] (Swearware) -- C:\Users\Deborah A Baines\Desktop\ComboFix.exe
    [2012/10/19 23:53:06 | 000,000,512 | ---- | M] () -- C:\Users\Deborah A Baines\Desktop\MBR.dat
    [2012/10/19 23:32:44 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Deborah A Baines\Desktop\aswMBR.exe
    [2012/10/19 23:32:00 | 001,425,920 | ---- | M] () -- C:\Users\Deborah A Baines\Desktop\RogueKiller.exe
    [2012/10/19 19:26:52 | 000,732,638 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/10/19 19:26:52 | 000,628,304 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/10/19 19:26:52 | 000,108,482 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/10/19 19:18:10 | 002,194,704 | ---- | M] () -- C:\Users\Deborah A Baines\Desktop\tdsskiller.zip
    [2012/10/18 20:33:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/10/18 20:32:51 | 490,904,910 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/10/18 20:32:38 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Deborah A Baines\Desktop\dds.com
    [2012/10/17 21:22:21 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/10/17 21:22:21 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/10/17 20:43:29 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
    [2012/10/02 10:16:15 | 000,000,217 | ---- | M] () -- C:\Users\Deborah A Baines\Desktop\Mix It Up Schools Teaching Tolerance.url

    ========== Files Created - No Company Name ==========

    [2012/10/21 09:18:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/10/21 09:18:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/10/21 09:18:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/10/21 09:18:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/10/21 09:18:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/10/19 23:53:06 | 000,000,512 | ---- | C] () -- C:\Users\Deborah A Baines\Desktop\MBR.dat
    [2012/10/19 23:48:57 | 001,425,920 | ---- | C] () -- C:\Users\Deborah A Baines\Desktop\RogueKiller.exe
    [2012/10/19 19:22:22 | 002,194,704 | ---- | C] () -- C:\Users\Deborah A Baines\Desktop\tdsskiller.zip
    [2012/10/17 20:43:29 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
    [2012/10/02 10:16:15 | 000,000,217 | ---- | C] () -- C:\Users\Deborah A Baines\Desktop\Mix It Up Schools Teaching Tolerance.url
    [2012/04/01 20:18:54 | 000,102,912 | ---- | C] () -- C:\Windows\agent_x64.exe
    [2012/01/02 23:58:30 | 004,581,594 | ---- | C] () -- C:\Users\Deborah A Baines\lw_wtr2006.pdf
    [2012/01/02 23:57:42 | 003,922,157 | ---- | C] () -- C:\Users\Deborah A Baines\lw_spr2009.pdf
    [2011/07/11 08:15:48 | 000,000,057 | ---- | C] () -- C:\Windows\hegames.ini
    [2011/05/30 21:49:00 | 000,000,098 | ---- | C] () -- C:\Windows\mylabels32.INI
    [2011/03/13 16:43:01 | 000,005,632 | ---- | C] () -- C:\Users\Deborah A Baines\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/02/25 06:21:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2011/02/19 20:08:00 | 000,000,138 | ---- | C] () -- C:\Users\Deborah A Baines\AppData\Roaming\FactoryInstaller.xml
    [2011/02/17 19:36:40 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2011/01/14 21:46:21 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/01/14 21:46:21 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2011/01/14 21:46:21 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2011/01/14 21:46:21 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/01/14 21:46:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/01/14 21:43:13 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
    [2011/01/14 21:43:13 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
    [2011/01/14 21:43:13 | 000,000,035 | ---- | C] () -- C:\Windows\DELL_LANGCODE.ini
    [2011/01/14 21:43:13 | 000,000,033 | ---- | C] () -- C:\Windows\DELL_OSTYPE.ini
    [2011/01/14 21:43:13 | 000,000,032 | ---- | C] () -- C:\Windows\WisHWDest.ini
    [2011/01/14 21:43:13 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
    [2011/01/14 21:43:13 | 000,000,023 | ---- | C] () -- C:\Windows\WisSysInfo.ini
    [2011/01/14 21:11:17 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/03/11 20:56:07 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Absolute
    [2011/03/11 20:56:30 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Absolute Software
    [2011/03/11 21:20:16 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\cerasus.media
    [2011/06/07 15:57:28 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Gamelab
    [2011/06/08 12:38:25 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\iWin
    [2011/06/07 15:53:41 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\iWinArcade
    [2012/04/01 20:44:24 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Neat
    [2012/04/01 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Nuance
    [2011/03/19 19:22:51 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\OpenOffice.org
    [2011/03/02 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\PCDr
    [2011/08/06 17:05:52 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\PlayFirst
    [2011/03/22 20:16:57 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\WATCH FREE TV
    [2011/05/07 06:14:48 | 000,000,000 | ---D | M] -- C:\Users\Deborah A Baines\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2836460B
    @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:48429D0E
    @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EA031481
    < End of report >
     
  21. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Install Avast right now. You don't want to be without any protection.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)
      O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
      IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\SearchScopes\{F53C7F67-EA15-4A39-A73B-20D4A2DBE769}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
      CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
      CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
      CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
      O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\MSK\mskapbho.dll ()
      IE - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
      O15 - HKU\S-1-5-21-3256552544-202353469-4249488404-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
      [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      
      [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
      
      [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
      "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
      "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Apartment
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
      "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Free
      
      [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
      "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
      "ThreadingModel" = Both
      
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
      @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:2836460B
      @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:48429D0E
      @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:EA031481
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

    ===============================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    3. Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    Next...

    • Double click on adwcleaner.exe to run the tool.
    • Click on Uninstall.
    • Confirm with yes.

    4. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    5. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Error: No service named McMPFSvc was found to stop!
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\McMPFSvc deleted successfully.
    File C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F53C7F67-EA15-4A39-A73B-20D4A2DBE769}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F53C7F67-EA15-4A39-A73B-20D4A2DBE769}\ not found.
    File C:\Users\Deborah A Baines\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll not found.
    File C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll not found.
    File c:\progra~2\mcafee\msc\npmcsn~1.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
    c:\Program Files\mcafee\MSK\mskapbho.dll moved successfully.
    Registry value HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
    Registry key HKEY_USERS\S-1-5-21-3256552544-202353469-4249488404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
    C:\Windows\assembly\Desktop.ini moved successfully.
    File EY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    File EY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 not found.
    File EY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] not found.
    File EY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 not found.
    File EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]\ not found.
    Folder EY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64\ not found.
    Folder EY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]\ not found.
    ADS C:\ProgramData\TEMP:2836460B deleted successfully.
    ADS C:\ProgramData\TEMP:48429D0E deleted successfully.
    ADS C:\ProgramData\TEMP:EA031481 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files (x86)\Ask.com\assets folder moved successfully.
    C:\Program Files (x86)\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Deborah A Baines
    ->Temp folder emptied: 13292 bytes
    ->Temporary Internet Files folder emptied: 374136435 bytes
    ->Java cache emptied: 696023 bytes
    ->Google Chrome cache emptied: 21066035 bytes
    ->Apple Safari cache emptied: 20972544 bytes
    ->Flash cache emptied: 230456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1686 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 733230 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 398.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Deborah A Baines
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Deborah A Baines
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 10222012_190103
     
  23. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    Farbar Service Scanner Version: 19-10-2012
    Ran by Deborah A Baines (administrator) on 22-10-2012 at 19:10:11
    Running from "C:\Users\Deborah A Baines\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Minimal
    ****************************************************************
    Internet Services:
    ============
    Dnscache Service is not running. Checking service configuration:
    The start type of Dnscache service is OK.
    The ImagePath of Dnscache service is OK.
    The ServiceDll of Dnscache service is OK.
    Dhcp Service is not running. Checking service configuration:
    The start type of Dhcp service is OK.
    The ImagePath of Dhcp service is OK.
    The ServiceDll of Dhcp service is OK.
    Nsi Service is not running. Checking service configuration:
    The start type of Nsi service is OK.
    The ImagePath of Nsi service is OK.
    The ServiceDll of Nsi service is OK.
    nsiproxy Service is not running. Checking service configuration:
    The start type of nsiproxy service is OK.
    The ImagePath of nsiproxy service is OK.
    tdx Service is not running. Checking service configuration:
    The start type of tdx service is OK.
    The ImagePath of tdx service is OK.
    afd Service is not running. Checking service configuration:
    The start type of afd service is OK.
    The ImagePath of afd service is OK.

    Connection Status:
    ==============
    Attempt to access Local Host IP returned error: Localhost is blocked: Other errors
    There is no connection to network.
    Attempt to access Google IP returned error: Other errors
    Attempt to access Google.com returned error: Other errors
    Attempt to access Yahoo IP returned error: Other errors
    Attempt to access Yahoo.com returned error: Other errors

    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.
    MpsSvc Service is not running. Checking service configuration:
    The start type of MpsSvc service is OK.
    The ImagePath of MpsSvc service is OK.
    The ServiceDll of MpsSvc service is OK.
    bfe Service is not running. Checking service configuration:
    The start type of bfe service is OK.
    The ImagePath of bfe service is OK.
    The ServiceDll of bfe service is OK.

    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    SDRSVC Service is not running. Checking service configuration:
    The start type of SDRSVC service is OK.
    The ImagePath of SDRSVC service is OK.
    The ServiceDll of SDRSVC service is OK.
    VSS Service is not running. Checking service configuration:
    The start type of VSS service is OK.
    The ImagePath of VSS service is OK.

    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    wscsvc Service is not running. Checking service configuration:
    The start type of wscsvc service is OK.
    The ImagePath of wscsvc service is OK.
    The ServiceDll of wscsvc service is OK.

    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is OK.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.
    EventSystem Service is not running. Checking service configuration:
    The start type of EventSystem service is OK.
    The ImagePath of EventSystem service is OK.
    The ServiceDll of EventSystem service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  24. Broni

    Broni Malware Annihilator Posts: 46,861   +254

    Please re-run FSS from normal mode.
     
  25. Jeremy Hoshor

    Jeremy Hoshor TS Rookie Topic Starter Posts: 21

    Eset results:

    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\D682.tmp.vir Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\ProgramData\Microsoft\Windows\DRM\D692.tmp.vir Win64/Olmarik.AO trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.OX trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AN trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan cleaned by deleting - quarantined
    C:\TDSSKiller_Quarantine\19.10.2012_19.22.34\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan cleaned by deleting - quarantined
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.