Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Suspected Malware

Unread postby unknowndemon808 » May 5th, 2012, 4:06 am

I have been fighting with my ISP for a couple of days complaining about my internet because it won't let me connect to google or game servers or even skype. The tecnition said it could be a malware or rootkit so I did a Dell Factory Image Restore to remove everything and I still can't connect to google or games like League of Legends and still can't connect to skype (although it signs in fine). If it is a malware still on my computer I hope you can help me. Also the internet works occasionally at weird times where I can download stuff and log on skype to talk. Also I can load Youtube, Facebook, and this site just fine. (Logged on to both during the time I could download things) Got League of Legends downloaded but can't run it.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kevin at 22:02:01 on 2012-05-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6320 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k NetworkService
c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.54\deploy\LoLLauncher.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{CE8D4A10-FC95-4B2B-815E-091BDD31B4BF} : DhcpNameServer = 8.8.8.8 8.8.4.4
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
mRun-x64: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\novwjqt8.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-4 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-15 122880]
R2 AMDFusionSVC;AMD Fusion Utility Service;C:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [2009-9-8 383544]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-8-11 1692480]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AmdLLD64;AMD Low Level Device Driver;C:\Windows\system32\DRIVERS\AmdLLD64.sys --> C:\Windows\system32\DRIVERS\AmdLLD64.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-3 253088]
S3 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-4-10 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-05 07:19:23 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-05-05 07:01:49 -------- d-----w- C:\Users\Kevin\AppData\Roaming\LolClient
2012-05-05 04:32:22 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2012-05-05 04:32:22 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2012-05-05 04:32:22 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2012-05-05 04:32:22 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2012-05-05 04:32:21 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2012-05-05 04:30:31 -------- d-----w- C:\Riot Games
2012-05-05 03:59:47 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-05-05 03:59:47 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-05-05 03:11:41 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 03:11:19 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-05-05 02:21:04 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-05-05 02:21:04 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-05-05 02:20:06 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-05-05 02:20:06 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-05-05 02:18:04 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-05 02:14:52 -------- d-----w- C:\Program Files\Dell Support Center
2012-05-05 02:10:12 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-05-05 02:10:12 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-05-05 02:00:28 -------- d-----w- C:\Users\Kevin\AppData\Roaming\PCDr
2012-05-05 02:00:01 -------- d-----w- C:\ProgramData\PCDr
2012-05-05 00:49:58 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-05-05 00:49:57 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2012-05-05 00:49:57 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2012-05-05 00:49:57 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2012-05-05 00:32:50 -------- d-----w- C:\Users\Kevin\AppData\Local\PMB Files
2012-05-05 00:32:48 -------- d-----w- C:\ProgramData\PMB Files
2012-05-05 00:27:44 -------- d-----w- C:\Windows\SysWow64\Wat
2012-05-05 00:27:44 -------- d-----w- C:\Windows\System32\Wat
2012-05-05 00:26:23 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-05 00:26:22 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-05 00:26:22 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-05 00:23:19 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-05-05 00:23:19 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2012-05-05 00:23:19 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-05-05 00:23:19 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2012-05-05 00:23:18 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-05-05 00:07:52 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-05-05 00:07:52 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-05-05 00:06:13 77312 ----a-w- C:\Windows\System32\packager.dll
2012-05-05 00:06:13 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-05-04 23:58:42 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-05-04 23:58:42 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-05-04 23:58:42 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-05-04 23:58:42 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-05-04 23:58:42 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-05-04 23:58:42 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-05-04 23:58:42 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-05-04 23:11:24 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2012-05-04 23:09:15 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-05-04 23:09:15 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-05-04 23:04:21 -------- d-----w- C:\Program Files (x86)\Pando Networks
2012-05-04 06:20:34 -------- d-----w- C:\Users\Kevin\AppData\Local\Diagnostics
2012-05-04 03:37:07 -------- d-----w- C:\Users\Kevin\AppData\Local\Nero
2012-05-04 03:07:58 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 03:00:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-04 02:51:38 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-05-04 02:51:38 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-05-04 02:51:37 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-05-04 02:51:37 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-05-04 02:51:36 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-05-04 02:51:36 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-05-04 02:51:36 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-05-03 21:30:10 -------- d-----w- C:\Users\Kevin\AppData\Local\Nero_AG
2012-05-03 21:20:37 -------- d-----w- C:\Users\Kevin\My Backup Files
2012-05-03 20:48:11 -------- d-----w- C:\Users\Kevin\AppData\Local\Mozilla
2012-05-03 20:37:50 -------- d-----w- C:\Users\Kevin\AppData\Local\AMD
2012-05-03 20:37:44 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Fingertapps
2012-05-03 20:37:44 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Dell
2012-05-03 20:37:38 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Dell Touch Zone
2012-05-03 20:37:35 -------- d-----w- C:\Users\Kevin\AppData\Local\ATI
2012-05-03 20:37:07 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-03 20:37:05 -------- d-----w- C:\Users\Kevin\AppData\Local\VirtualStore
2012-05-03 15:20:53 -------- d-----w- C:\Windows\SMINST
.
==================== Find3M ====================
.
2012-05-04 03:08:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:02:30.15 ===============
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am
Advertisement
Register to Remove

Re: Suspected Malware

Unread postby torreattack » May 5th, 2012, 11:16 pm

Checking your log, will reply soon.
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby torreattack » May 6th, 2012, 4:03 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi unknowndemon808 and welcome to Malware Removal :)

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.


Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.


Please post your Attach.txt from the DDS scan.

I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 6th, 2012, 5:03 am

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/3/2012 10:34:14 AM
System Uptime: 5/4/2012 9:57:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0NWWY0
Processor: AMD Phenom(tm) II X6 1055T Processor | CPU 1 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 918 GiB total, 878.051 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1525 (802.11n) WLAN PCIe Card
Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3173CF85&0&0048
Manufacturer: Atheros Communications Inc.
Name: DW1525 (802.11n) WLAN PCIe Card
PNP Device ID: PCI\VEN_168C&DEV_002A&SUBSYS_0203168C&REV_01\4&3173CF85&0&0048
Service: athr
.
==== System Restore Points ===================
.
RP24: 5/3/2012 2:08:37 PM - Scheduled Checkpoint
RP25: 5/3/2012 4:51:39 PM - Windows Update
RP26: 5/4/2012 1:58:22 PM - Windows Update
RP27: 5/4/2012 2:24:56 PM - Windows Update
RP28: 5/4/2012 4:14:32 PM - Installed Dell Support Center
RP29: 5/4/2012 4:25:42 PM - Windows Update
RP30: 5/4/2012 6:30:24 PM - Installed League of Legends
RP31: 5/4/2012 9:09:07 PM - Windows Update
RP32: 5/4/2012 9:45:53 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X MUI
AMD Fusion Media Explorer
AMD Fusion Utility for Desktops
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Blio
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Consumer In-Home Service Agreement
Cozi
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Stage
Dell VideoStage
DirectX 9 Runtime
GoToAssist 8.0.0.514
High-Definition Video Playback
Internet Explorer
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
League of Legends
Mesh Runtime
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Card Reader
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
Pando Media Booster
PhotoShowExpress
PlayReady PC Runtime x86
RAIDXpert
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Toolbars
Skype™ 5.9
Sonic CinePlayer Decoder Pack
SyncUP
THX TruStudio PC
TrustedID
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
5/4/2012 9:59:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
5/4/2012 2:10:08 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/4/2012 2:10:08 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
5/4/2012 2:10:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
5/3/2012 5:14:00 PM, Error: Service Control Manager [7034] - The SoftThinks Agent Service service terminated unexpectedly. It has done this 1 time(s).
5/3/2012 11:05:12 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
5/3/2012 11:05:06 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/3/2012 11:05:06 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/3/2012 11:05:06 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/3/2012 11:05:06 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/3/2012 10:55:42 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
5/3/2012 10:55:41 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.
5/3/2012 10:55:40 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/3/2012 10:55:40 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
.
==== End Of File ===========================
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby torreattack » May 6th, 2012, 6:43 am

Hi unknowndemon808 :

1. No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.

  • Download a new Anti-virus product to your computer from one these reliable vendors.
  • Save any work. Close all applications, especially your Internet connection.
  • Install the new AV product... following installation instructions.
  • Note: remember to Uncheck any extra software downloads you may be offered (optional)
  • Check for updates to the new AV product, if not done during install setup.
  • Run a full scan of your computer.
It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.



2. OTL
Please download OTL ... by Old Timer . Save it to your Desktop.
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.


3. Please tell me more about your computer:
a. Are you using router?
b. Are you facing any other problems beside those you mention in first post? Any re-direction?
c. An update of your problems.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 6th, 2012, 8:01 am

Problem is still there. During times of the day it won't let me connect to skype or log into game servers. It happened this afternoon. Right now it is 2 AM at night and i'm downloading/playing games (League of legends) just fine and can go one anything again. Personally i think its because of my ISP is horrid. I'm in student housing so i share a router that is locked up in a metal box with my roommate. Thing is when the technician came to my room to see the problem, he plugged his laptop in and it was working just fine against my computer that couldn't load google (during the day). Like I said at night it runs fine and the technician told me it may be a malware so I did a full Factory Image Restore, Downloaded League of Legends, Firefox and SuperAntiSpyware right after and came up with 0 results on anything and still getting the problems.

speedtest of my ISP (so called high speed in student housing) = http://imgur.com/OrMSu


OTL logfile created on: 5/6/2012 1:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Kevin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.99% Memory free
16.00 Gb Paging File | 13.87 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.22 Gb Total Space | 875.81 Gb Free Space | 95.38% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
PRC - c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
PRC - C:\WINDOWS\SysWOW64\WinMsgBalloonServer.exe ()
PRC - C:\WINDOWS\SysWOW64\WinMsgBalloonClient.exe ()
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)
PRC - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AMD External Events Utility) -- C:\WINDOWS\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AMD Reservation Manager) -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Advanced Micro Devices)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AMDFusionSVC) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe (Advanced Micro Devices)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AMD_RAIDXpert) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe (AMD)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (NisDrv) -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdkmdag) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\WINDOWS\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\WINDOWS\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (ahcix64s) -- C:\WINDOWS\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (PxHlpa64) -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (amdiox64) -- C:\WINDOWS\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\WINDOWS\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\WINDOWS\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmdLLD64) -- C:\WINDOWS\SysNative\drivers\AmdLLD64.sys (Advanced Micro Devices)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2618032477-790887771-2832652424-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2618032477-790887771-2832652424-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2618032477-790887771-2832652424-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-2618032477-790887771-2832652424-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/08/11 11:28:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/08/11 11:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/08/11 11:28:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/04 14:09:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/03 10:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2012/05/04 13:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\novwjqt8.default\extensions
[2012/05/03 10:46:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 15:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/20 15:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/20 15:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618032477-790887771-2832652424-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE8D4A10-FC95-4B2B-815E-091BDD31B4BF}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/06 01:05:54 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft Games
[2012/05/06 00:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/06 00:47:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/06 00:46:49 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/05/04 21:19:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/05/04 21:18:11 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/05/04 21:18:10 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/05/04 21:18:10 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/05/04 21:18:10 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/05/04 21:18:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/05/04 21:18:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/05/04 21:18:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/05/04 21:18:09 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/05/04 21:18:09 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/05/04 21:18:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/05/04 21:18:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/05/04 21:01:49 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2012/05/04 18:32:22 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/05/04 18:32:22 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/05/04 18:32:22 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/05/04 18:32:22 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/05/04 18:32:21 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/05/04 18:30:31 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012/05/04 18:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2012/05/04 17:59:47 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/05/04 17:12:54 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/05/04 17:12:53 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/05/04 17:12:53 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/05/04 17:12:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/05/04 17:12:53 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/05/04 17:12:53 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/05/04 17:12:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/05/04 17:12:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/05/04 17:12:53 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/05/04 17:12:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/05/04 17:12:50 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/05/04 17:12:50 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/05/04 17:12:50 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/05/04 17:12:50 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/05/04 17:12:37 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/05/04 17:12:37 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/05/04 17:12:37 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/05/04 17:12:37 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/05/04 17:12:37 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/05/04 17:12:36 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/05/04 17:12:36 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/05/04 17:12:36 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/05/04 17:12:36 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/05/04 17:12:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/05/04 17:12:36 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/05/04 17:12:36 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/05/04 17:12:36 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/05/04 17:12:08 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/05/04 17:12:08 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/05/04 17:12:08 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/05/04 17:12:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/05/04 17:12:08 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/05/04 17:12:08 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/05/04 17:11:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/05/04 16:21:04 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/05/04 16:21:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/05/04 16:20:06 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/05/04 16:15:00 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/05/04 16:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2012/05/04 16:10:12 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/05/04 16:10:12 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/05/04 16:00:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\PCDr
[2012/05/04 16:00:01 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2012/05/04 14:49:58 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/05/04 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\League Of Legends
[2012/05/04 14:32:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\PMB Files
[2012/05/04 14:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2012/05/04 14:27:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/04 14:27:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/04 14:26:23 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/05/04 14:26:22 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/05/04 14:26:22 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/05/04 14:23:19 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/05/04 14:23:19 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/05/04 14:23:19 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/05/04 14:23:19 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/05/04 14:08:58 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/05/04 14:08:58 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/05/04 14:08:58 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/05/04 14:08:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/05/04 14:08:58 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/05/04 14:08:58 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/05/04 14:08:58 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/05/04 14:08:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/05/04 14:08:58 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/05/04 14:08:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/05/04 14:08:58 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/05/04 14:08:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/05/04 14:08:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/05/04 14:08:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/05/04 14:08:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/05/04 14:08:58 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/05/04 14:08:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/04 14:08:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/04 14:08:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/05/04 14:08:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/05/04 14:08:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/05/04 14:08:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/05/04 14:08:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/05/04 14:08:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/05/04 14:08:54 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/05/04 14:08:54 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/05/04 14:08:49 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/05/04 14:08:47 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/05/04 14:08:47 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/05/04 14:08:44 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/05/04 14:08:44 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/05/04 14:07:52 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/05/04 14:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/04 14:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/04 14:06:13 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/05/04 14:06:13 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/05/04 13:58:42 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/05/04 13:58:42 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/05/04 13:58:42 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/05/04 13:11:24 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
[2012/05/04 13:09:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/05/04 13:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/05/04 13:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/05/04 13:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2012/05/03 20:20:34 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Diagnostics
[2012/05/03 17:37:07 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Nero
[2012/05/03 17:37:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Nero
[2012/05/03 17:07:58 | 008,744,608 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/03 17:00:03 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/03 17:00:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/03 16:51:38 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/05/03 16:51:38 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/05/03 16:51:36 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/05/03 16:51:36 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/05/03 16:51:36 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/05/03 11:30:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Nero_AG
[2012/05/03 11:20:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\My Backup Files
[2012/05/03 11:19:42 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop\MySyncUPFiles
[2012/05/03 11:10:24 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Skype
[2012/05/03 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2012/05/03 10:48:11 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Mozilla
[2012/05/03 10:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/05/03 10:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/03 10:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/05/03 10:38:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2012/05/03 10:37:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\AMD
[2012/05/03 10:37:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Fingertapps
[2012/05/03 10:37:44 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Dell
[2012/05/03 10:37:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Dell Touch Zone
[2012/05/03 10:37:37 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Roxio
[2012/05/03 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ATI
[2012/05/03 10:37:35 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ATI
[2012/05/03 10:37:18 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/03 10:37:18 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Searches
[2012/05/03 10:37:18 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/03 10:37:18 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/03 10:37:10 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Identities
[2012/05/03 10:37:08 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Contacts
[2012/05/03 10:37:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/03 10:37:05 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore
[2012/05/03 10:34:25 | 000,000,000 | --SD | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Videos
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Saved Games
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Pictures
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Music
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Links
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Favorites
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Downloads
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Documents
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop
[2012/05/03 10:34:25 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Temporary Internet Files
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Templates
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Start Menu
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\SendTo
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Recent
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\PrintHood
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\NetHood
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Videos
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Pictures
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Music
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\My Documents
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Local Settings
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\History
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Cookies
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Application Data
[2012/05/03 10:34:25 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Application Data
[2012/05/03 10:34:25 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\AppData
[2012/05/03 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Temp
[2012/05/03 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\SoftThinks
[2012/05/03 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft
[2012/05/03 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2012/05/03 10:34:25 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2012/05/03 05:31:44 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/05/03 05:20:53 | 000,000,000 | ---D | C] -- C:\Windows\SMINST

========== Files - Modified Within 30 Days ==========

[2012/05/06 01:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/06 00:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 00:53:10 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 00:48:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/06 00:47:48 | 000,795,928 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/06 00:47:48 | 000,662,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/06 00:47:48 | 000,122,024 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/06 00:47:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2012/05/05 21:42:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/05 19:06:23 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/05/05 19:06:23 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/05/05 19:06:21 | 008,744,608 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/05/05 16:38:18 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/05 16:32:25 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/05 16:32:14 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 21:39:48 | 000,328,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/04 18:32:22 | 000,001,722 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/05/04 16:28:13 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/04 15:14:34 | 001,138,521 | ---- | M] () -- C:\Users\Kevin\Desktop\Lose Control.MP3
[2012/05/04 14:07:34 | 000,002,533 | ---- | M] () -- C:\Users\Kevin\Desktop\Skype.lnk
[2012/05/04 13:09:27 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/03 10:46:34 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 10:38:02 | 000,001,439 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/03 05:33:17 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/05/03 05:33:17 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2012/05/06 00:48:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/06 00:47:52 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/04 18:32:22 | 000,001,722 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2012/05/04 16:15:08 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/05/04 16:15:03 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/05/04 15:13:13 | 001,138,521 | ---- | C] () -- C:\Users\Kevin\Desktop\Lose Control.MP3
[2012/05/04 14:07:34 | 000,002,533 | ---- | C] () -- C:\Users\Kevin\Desktop\Skype.lnk
[2012/05/04 13:09:27 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/03 17:00:03 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/03 10:46:34 | 000,001,144 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/03 10:46:34 | 000,001,132 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/05/03 10:38:02 | 000,001,439 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/03 10:37:23 | 000,001,371 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/03 10:37:20 | 000,001,445 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/03 10:34:40 | 000,001,935 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2012/05/03 10:34:25 | 000,000,290 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/03 10:34:25 | 000,000,272 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/03 05:31:40 | 2146,930,687 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/11 12:53:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/11 12:28:40 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/11 11:15:45 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/08/11 11:15:45 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/08/11 11:15:45 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/08/11 11:15:45 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/08/11 11:15:45 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/02/10 06:10:51 | 000,795,928 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
Last edited by unknowndemon808 on May 6th, 2012, 8:09 am, edited 1 time in total.
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 6th, 2012, 8:02 am

OTL Extras logfile created on: 5/6/2012 1:51:56 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Kevin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.64 Gb Available Physical Memory | 82.99% Memory free
16.00 Gb Paging File | 13.87 Gb Available in Paging File | 86.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 918.22 Gb Total Space | 875.81 Gb Free Space | 95.38% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2618032477-790887771-2832652424-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061D1780-99B3-4A96-B1CC-783E5E9AA43C}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{1F0FEAF9-27ED-437D-A44D-FE352BC4A0E8}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{59E59ED9-3AED-455C-8F40-9B73468BA244}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6C2CC718-AD5F-4659-B3F1-78CCE9AC80B6}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{C8D77444-9928-415E-A72B-C1ED18C78439}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C9D91FA4-E7C6-40F9-9161-FF8A4C22B2CE}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{D37BEB4B-F721-4ADD-969D-0F26442CD22E}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2398E78E-24D4-4A75-B4D9-FA5D9BD2C85E}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BFBC189-F473-4660-98C7-7BF6E8B121E9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4647A80D-5C1E-49E9-90B1-2B17E5B51403}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{52C3603A-B0C5-45CC-8B98-B6A99795E11B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75B638B9-5B0B-4BD2-B02B-5AF6EF31C6F3}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{76C9B9B6-CA75-4F41-AE56-8EDD0D5A8767}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{81E23808-487A-42A6-BF56-E745760AA859}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8C7F0562-EEB6-4CBC-A4FB-4EBEDD70818E}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{971DB4E1-ADF1-4877-95D0-34C5142358C2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9B44084C-F6EC-4DB4-B72E-90222D471BC4}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{AB05904F-AED4-4E83-B849-D744E0374AC2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B0C5FB36-F652-45AD-95DF-9D6007DA4B9E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CA2431C1-371D-4A30-967B-9035FF3D5FFE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{EC9139D6-D541-423E-9638-4242240CBD74}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F1DAF524-8FC1-4730-887C-0D478A619E2E}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{17A9A62A-4129-4E0C-6348-65BBD437B6C8}" = AMD Fuel
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3D4FFE-9614-4E58-9DE2-F9A036EAD491}" = ATI Catalyst Install Manager
"{83CB95E0-5518-AAC2-9B63-1FDBB4D51263}" = ATI AVIVO64 Codecs
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{C99B5E76-3EA1-9943-F394-1E9F9EC8B28C}" = ccc-utility64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010A785B-F920-4350-821B-6309909C20BB}" = THX TruStudio PC
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B043A05-B07C-9307-8CC8-0C72BC8895E2}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{16D6AA4F-959B-306B-0747-CFBEFCC7A0DE}" = CCC Help Greek
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C1473A1-1A26-4C8F-9548-A52D03066CE7}" = Catalyst Control Center - Branding
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22076B10-37D9-7B32-AB5D-3F97D9E87E15}" = CCC Help Turkish
"{22813428-038B-8C98-5AF8-22B7EF1B6284}" = CCC Help Spanish
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BDCCC79-2352-1CD6-80D0-1E1948FEF262}" = CCC Help Italian
"{2D162142-12F7-4419-577C-7BB3204F799F}" = CCC Help Chinese Standard
"{2D943F95-2C76-4951-9AEF-0977AF5DE11A}" = AMD Fusion Media Explorer
"{2F4FB074-80B6-118F-42AD-27B6F275D884}" = CCC Help Chinese Traditional
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{374EBC77-5E23-0B63-0B65-136AEFF98C1D}" = CCC Help Danish
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{400F29A3-58E9-4848-5BE1-01919F891D44}" = CCC Help Swedish
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFA3415-7B6A-EF20-225A-B1DC627BBAC5}" = CCC Help Korean
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81C3E664-CA21-3C4B-312F-54DEB08EF1A5}" = Catalyst Control Center InstallProxy
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8279F213-ECD0-4C36-A8EC-670FC16218E3}" = CCC Help Dutch
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F81F91-7BE9-44D1-98AF-2B87E0B8710C}" = AMD Fusion Utility for Desktops
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9842650A-98C5-A238-AC65-189F80285EBD}" = CCC Help Czech
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F41678D-3934-EBBA-F85C-E1A97DB84407}" = CCC Help Thai
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ADDD9902-3576-7071-1196-24E37F15BB52}" = Catalyst Control Center Localization All
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA0006CC-FB7D-6358-BF24-3394D509AB9C}" = CCC Help Japanese
"{CA04E3AD-FFAC-0EE9-3605-E9665EC05BF7}" = CCC Help Finnish
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCAE8CA3-5C96-FBF2-BD0F-27D4644217D3}" = CCC Help Portuguese
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0C8AC08-1B2C-AD87-E4CE-9C0A2618807E}" = CCC Help English
"{E2EBA7C0-8072-447F-856D-FFEE8D15B23B}" = Dell Stage
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E4F3A636-92E3-86C4-FA1E-19BC06CBB037}" = CCC Help German
"{E5F6575A-7567-9230-2BE0-615A46E5721B}" = CCC Help Russian
"{E9656E99-F59E-F377-DC5F-477047CA4FCF}" = CCC Help French
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16B7D69-784E-C12E-D42B-A1D69A38B752}" = CCC Help Hungarian
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FB85D440-98E6-B361-1727-DFD81F366943}" = ccc-core-static
"{FC4AAC27-3775-E69E-6DBB-381425D79A94}" = CCC Help Norwegian
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}" = Multimedia Card Reader
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4" = Zinio Reader 4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2012 12:56:12 AM | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/5/2012 3:03:13 AM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting
process id: 0xbc0 Faulting application start time: 0x01cd2a8d229d75f4 Faulting application
path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Faulting
module path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Report
Id: 613a1950-9680-11e1-800d-842b2b99cd1f

Error - 5/5/2012 3:03:28 AM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Faulting module name: rads_user_kernel.exe, version: 0.0.0.0,
time stamp: 0x4e65c1ac Exception code: 0xc0000005 Fault offset: 0x000b8554 Faulting
process id: 0xd38 Faulting application start time: 0x01cd2a8d2b8bd0de Faulting application
path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Faulting
module path: C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe Report
Id: 6a306399-9680-11e1-800d-842b2b99cd1f

Error - 5/5/2012 3:41:23 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 3:52:09 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 3:59:51 AM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 4:13:42 AM | Computer Name = Kevin-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SyncUP.exe, version: 1.8.33.100, time stamp:
0x4da420c4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651, time stamp:
0x4e211319 Exception code: 0xe0434f4d Fault offset: 0x0000b9bc Faulting process id:
0x1b40 Faulting application start time: 0x01cd2a96f0f3d114 Faulting application path:
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe Faulting module path: C:\Windows\syswow64\KERNELBASE.dll
Report
Id: 39f59658-968a-11e1-9f6e-842b2b99cd1f

Error - 5/5/2012 10:34:01 PM | Computer Name = Kevin-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/5/2012 11:40:44 PM | Computer Name = Kevin-PC | Source = Application Hang | ID = 1002
Description = The program League of Legends.exe version 1.0.0.139 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1428 Start
Time: 01cd2b39dfb9b496 Termination Time: 0 Application Path: C:\Riot Games\League
of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.147\deploy\League
of Legends.exe Report Id: 4097925c-972d-11e1-a8a8-842b2b99cd1f

Error - 5/6/2012 12:35:11 AM | Computer Name = Kevin-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 5/4/2012 8:29:22 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/4/2012 8:29:52 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/4/2012 10:29:04 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/4/2012 10:29:34 PM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:40:42 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:41:13 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:51:15 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:51:45 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:58:53 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 5/5/2012 3:59:23 AM | Computer Name = Kevin-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.


< End of report >
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 6th, 2012, 8:03 am

Also ran the full scan of Microsoft Security Essentials and it had nothing.

EDIT: After scan and doing all of this I tried to connect to League of Legends and it won't let me now.

Update: 2:15AM - Can't Load google or Game servers again.

2:19AM - Google loads, Skype and Game Servers don't
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby torreattack » May 7th, 2012, 5:09 pm

Hi unknowndemon808 :

Let's run another test to gather more info about your problems.

1. TDSSKiller
Please download TDSSKiller.exe and save it to your Desktop.
  • Right click on TDSSKiller.exe and select "run as administrator" to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


2. MiniToolBox
Please download MiniToolBox.exe and save it to your Desktop.
  • Right click MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
  • Flush DNS.
  • Report IE proxy settings.
  • Report FF Proxy Settings
  • List contents of Hosts.
  • List IP Configuration.
  • List Winsock Entries
  • List Devices (Only Problems)
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.


3.I need more info about your problem:
a. Does the same problem happen to other computer? For example, your room mate computer?

b. Does the problem like fail to load google happen when your are playing the game: League of Legends? Or it also happen when your are not playing the game.

c. Does the problem happen only in IE or happen only in Firefox or happen in both browser?


Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 7th, 2012, 7:41 pm

My Roommate tells me at times that his downloader doesn't work. he doesn't get back till night time when everything works so I can't really ask him. When I say google doesn't work I usually run it by itself on Firefox. Before The factory restart it wouldn't load on chrome firefox and IE. I only have FF and IE now. My technician friend tells me that saying it's a malware is a trick that technicians use to not do any work.

13:37:33.0480 3460 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
13:37:35.0089 3460 ============================================================
13:37:35.0089 3460 Current date / time: 2012/05/07 13:37:35.0089
13:37:35.0089 3460 SystemInfo:
13:37:35.0089 3460
13:37:35.0089 3460 OS Version: 6.1.7601 ServicePack: 1.0
13:37:35.0089 3460 Product type: Workstation
13:37:35.0089 3460 ComputerName: KEVIN-PC
13:37:35.0089 3460 UserName: Kevin
13:37:35.0089 3460 Windows directory: C:\Windows
13:37:35.0089 3460 System windows directory: C:\Windows
13:37:35.0089 3460 Running under WOW64
13:37:35.0089 3460 Processor architecture: Intel x64
13:37:35.0089 3460 Number of processors: 6
13:37:35.0089 3460 Page size: 0x1000
13:37:35.0089 3460 Boot type: Normal boot
13:37:35.0089 3460 ============================================================
13:37:36.0128 3460 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:37:36.0160 3460 ============================================================
13:37:36.0160 3460 \Device\Harddisk0\DR0:
13:37:36.0160 3460 MBR partitions:
13:37:36.0160 3460 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1A7F000
13:37:36.0160 3460 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A93000, BlocksNum 0x72C73000
13:37:36.0160 3460 ============================================================
13:37:36.0190 3460 C: <-> \Device\Harddisk0\DR0\Partition1
13:37:36.0190 3460 ============================================================
13:37:36.0190 3460 Initialize success
13:37:36.0190 3460 ============================================================
13:37:42.0760 4112 ============================================================
13:37:42.0760 4112 Scan started
13:37:42.0760 4112 Mode: Manual;
13:37:42.0760 4112 ============================================================
13:37:43.0181 4112 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:37:43.0182 4112 !SASCORE - ok
13:37:43.0264 4112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:37:43.0266 4112 1394ohci - ok
13:37:43.0291 4112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:37:43.0294 4112 ACPI - ok
13:37:43.0297 4112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:37:43.0297 4112 AcpiPmi - ok
13:37:43.0370 4112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:37:43.0372 4112 AdobeARMservice - ok
13:37:43.0470 4112 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:37:43.0473 4112 AdobeFlashPlayerUpdateSvc - ok
13:37:43.0513 4112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:37:43.0522 4112 adp94xx - ok
13:37:43.0557 4112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:37:43.0607 4112 adpahci - ok
13:37:43.0629 4112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:37:43.0631 4112 adpu320 - ok
13:37:43.0650 4112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:37:43.0651 4112 AeLookupSvc - ok
13:37:43.0735 4112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:37:43.0749 4112 AFD - ok
13:37:43.0754 4112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:37:43.0755 4112 agp440 - ok
13:37:43.0797 4112 ahcix64s (37fa0f874ba8ecd5851d44a7f1c9700e) C:\Windows\system32\drivers\ahcix64s.sys
13:37:43.0801 4112 ahcix64s - ok
13:37:43.0818 4112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:37:43.0819 4112 ALG - ok
13:37:43.0822 4112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:37:43.0823 4112 aliide - ok
13:37:43.0861 4112 AMD External Events Utility (11276158eeeeadf3eb154061bfc80a19) C:\Windows\system32\atiesrxx.exe
13:37:43.0863 4112 AMD External Events Utility - ok
13:37:43.0890 4112 AMD FUEL Service - ok
13:37:43.0927 4112 AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
13:37:43.0929 4112 AMD Reservation Manager - ok
13:37:44.0140 4112 AMDFusionSVC (b2b7d8f695b5d97a63eda789e9d237e1) c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
13:37:44.0144 4112 AMDFusionSVC - ok
13:37:44.0147 4112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:37:44.0148 4112 amdide - ok
13:37:44.0170 4112 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
13:37:44.0171 4112 amdiox64 - ok
13:37:44.0190 4112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:37:44.0191 4112 AmdK8 - ok
13:37:44.0419 4112 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
13:37:44.0526 4112 amdkmdag - ok
13:37:44.0622 4112 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
13:37:44.0624 4112 amdkmdap - ok
13:37:44.0652 4112 AmdLLD64 (c27e46c19d5a48ca02c11e3c9b58f4c1) C:\Windows\system32\DRIVERS\AmdLLD64.sys
13:37:44.0653 4112 AmdLLD64 - ok
13:37:44.0669 4112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:37:44.0670 4112 AmdPPM - ok
13:37:44.0689 4112 amdsata (53d8d46d51d390abdb54eca623165cb7) C:\Windows\system32\drivers\amdsata.sys
13:37:44.0689 4112 amdsata - ok
13:37:44.0714 4112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:37:44.0717 4112 amdsbs - ok
13:37:44.0720 4112 amdxata (75c51148154e34eb3d7bb84749a758d5) C:\Windows\system32\drivers\amdxata.sys
13:37:44.0720 4112 amdxata - ok
13:37:44.0774 4112 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
13:37:44.0805 4112 AMD_RAIDXpert - ok
13:37:44.0824 4112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:37:44.0825 4112 AppID - ok
13:37:44.0840 4112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:37:44.0841 4112 AppIDSvc - ok
13:37:44.0858 4112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:37:44.0859 4112 Appinfo - ok
13:37:44.0864 4112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:37:44.0865 4112 arc - ok
13:37:44.0871 4112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:37:44.0872 4112 arcsas - ok
13:37:44.0945 4112 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:37:44.0946 4112 aspnet_state - ok
13:37:44.0963 4112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:37:44.0964 4112 AsyncMac - ok
13:37:44.0969 4112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:37:44.0970 4112 atapi - ok
13:37:45.0040 4112 athr (195786ed7a26e1913a4f9799fdbc2c71) C:\Windows\system32\DRIVERS\athrx.sys
13:37:45.0053 4112 athr - ok
13:37:45.0132 4112 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
13:37:45.0133 4112 AtiHDAudioService - ok
13:37:45.0186 4112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:37:45.0196 4112 AudioEndpointBuilder - ok
13:37:45.0202 4112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:37:45.0205 4112 AudioSrv - ok
13:37:45.0221 4112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:37:45.0223 4112 AxInstSV - ok
13:37:45.0254 4112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:37:45.0263 4112 b06bdrv - ok
13:37:45.0306 4112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:37:45.0308 4112 b57nd60a - ok
13:37:45.0322 4112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:37:45.0323 4112 BDESVC - ok
13:37:45.0338 4112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:37:45.0338 4112 Beep - ok
13:37:45.0384 4112 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:37:45.0394 4112 BFE - ok
13:37:45.0453 4112 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:37:45.0467 4112 BITS - ok
13:37:45.0510 4112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:37:45.0511 4112 blbdrive - ok
13:37:45.0517 4112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:37:45.0518 4112 bowser - ok
13:37:45.0521 4112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:37:45.0522 4112 BrFiltLo - ok
13:37:45.0524 4112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:37:45.0524 4112 BrFiltUp - ok
13:37:45.0540 4112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:37:45.0541 4112 Browser - ok
13:37:45.0553 4112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:37:45.0556 4112 Brserid - ok
13:37:45.0560 4112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:37:45.0561 4112 BrSerWdm - ok
13:37:45.0563 4112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:37:45.0564 4112 BrUsbMdm - ok
13:37:45.0566 4112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:37:45.0567 4112 BrUsbSer - ok
13:37:45.0585 4112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:37:45.0587 4112 BTHMODEM - ok
13:37:45.0619 4112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:37:45.0620 4112 bthserv - ok
13:37:45.0626 4112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:37:45.0627 4112 cdfs - ok
13:37:45.0634 4112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:37:45.0635 4112 cdrom - ok
13:37:45.0647 4112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:37:45.0649 4112 CertPropSvc - ok
13:37:45.0652 4112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:37:45.0653 4112 circlass - ok
13:37:45.0677 4112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:37:45.0680 4112 CLFS - ok
13:37:45.0742 4112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:37:45.0744 4112 clr_optimization_v2.0.50727_32 - ok
13:37:45.0783 4112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:37:45.0784 4112 clr_optimization_v2.0.50727_64 - ok
13:37:45.0834 4112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:37:45.0836 4112 clr_optimization_v4.0.30319_32 - ok
13:37:45.0851 4112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:37:45.0853 4112 clr_optimization_v4.0.30319_64 - ok
13:37:45.0855 4112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:37:45.0856 4112 CmBatt - ok
13:37:45.0859 4112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:37:45.0860 4112 cmdide - ok
13:37:45.0910 4112 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:37:45.0914 4112 CNG - ok
13:37:45.0945 4112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:37:45.0946 4112 Compbatt - ok
13:37:45.0962 4112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:37:45.0963 4112 CompositeBus - ok
13:37:45.0972 4112 COMSysApp - ok
13:37:45.0975 4112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:37:45.0976 4112 crcdisk - ok
13:37:45.0992 4112 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
13:37:45.0994 4112 CryptSvc - ok
13:37:46.0046 4112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:37:46.0051 4112 DcomLaunch - ok
13:37:46.0076 4112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:37:46.0079 4112 defragsvc - ok
13:37:46.0084 4112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:37:46.0085 4112 DfsC - ok
13:37:46.0113 4112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:37:46.0117 4112 Dhcp - ok
13:37:46.0120 4112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:37:46.0121 4112 discache - ok
13:37:46.0134 4112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:37:46.0135 4112 Disk - ok
13:37:46.0150 4112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:37:46.0152 4112 Dnscache - ok
13:37:46.0164 4112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:37:46.0167 4112 dot3svc - ok
13:37:46.0174 4112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:37:46.0196 4112 DPS - ok
13:37:46.0214 4112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:37:46.0214 4112 drmkaud - ok
13:37:46.0262 4112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:37:46.0266 4112 DXGKrnl - ok
13:37:46.0293 4112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:37:46.0295 4112 EapHost - ok
13:37:46.0415 4112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:37:46.0457 4112 ebdrv - ok
13:37:46.0548 4112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:37:46.0549 4112 EFS - ok
13:37:46.0628 4112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:37:46.0638 4112 ehRecvr - ok
13:37:46.0670 4112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:37:46.0671 4112 ehSched - ok
13:37:46.0704 4112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:37:46.0711 4112 elxstor - ok
13:37:46.0713 4112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:37:46.0714 4112 ErrDev - ok
13:37:46.0762 4112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:37:46.0773 4112 EventSystem - ok
13:37:46.0791 4112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:37:46.0794 4112 exfat - ok
13:37:46.0810 4112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:37:46.0813 4112 fastfat - ok
13:37:46.0856 4112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:37:46.0867 4112 Fax - ok
13:37:46.0879 4112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:37:46.0880 4112 fdc - ok
13:37:46.0885 4112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:37:46.0886 4112 fdPHost - ok
13:37:46.0896 4112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:37:46.0897 4112 FDResPub - ok
13:37:46.0901 4112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:37:46.0902 4112 FileInfo - ok
13:37:46.0905 4112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:37:46.0906 4112 Filetrace - ok
13:37:46.0986 4112 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:37:46.0995 4112 FLEXnet Licensing Service - ok
13:37:47.0003 4112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:37:47.0004 4112 flpydisk - ok
13:37:47.0016 4112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:37:47.0018 4112 FltMgr - ok
13:37:47.0066 4112 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:37:47.0081 4112 FontCache - ok
13:37:47.0136 4112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:37:47.0136 4112 FontCache3.0.0.0 - ok
13:37:47.0156 4112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:37:47.0157 4112 FsDepends - ok
13:37:47.0202 4112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:37:47.0202 4112 Fs_Rec - ok
13:37:47.0222 4112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:37:47.0224 4112 fvevol - ok
13:37:47.0238 4112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:37:47.0239 4112 gagp30kx - ok
13:37:47.0283 4112 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
13:37:47.0284 4112 GoToAssist - ok
13:37:47.0322 4112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:37:47.0331 4112 gpsvc - ok
13:37:47.0345 4112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:37:47.0346 4112 hcw85cir - ok
13:37:47.0361 4112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:37:47.0362 4112 HDAudBus - ok
13:37:47.0372 4112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:37:47.0389 4112 HidBatt - ok
13:37:47.0394 4112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:37:47.0395 4112 HidBth - ok
13:37:47.0408 4112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:37:47.0409 4112 HidIr - ok
13:37:47.0413 4112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:37:47.0414 4112 hidserv - ok
13:37:47.0421 4112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:37:47.0422 4112 HidUsb - ok
13:37:47.0440 4112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:37:47.0442 4112 hkmsvc - ok
13:37:47.0464 4112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:37:47.0467 4112 HomeGroupListener - ok
13:37:47.0493 4112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:37:47.0496 4112 HomeGroupProvider - ok
13:37:47.0501 4112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:37:47.0502 4112 HpSAMD - ok
13:37:47.0532 4112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:37:47.0548 4112 HTTP - ok
13:37:47.0555 4112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:37:47.0556 4112 hwpolicy - ok
13:37:47.0563 4112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:37:47.0564 4112 i8042prt - ok
13:37:47.0594 4112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:37:47.0640 4112 iaStorV - ok
13:37:47.0735 4112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:37:47.0749 4112 idsvc - ok
13:37:47.0753 4112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:37:47.0754 4112 iirsp - ok
13:37:47.0803 4112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:37:47.0817 4112 IKEEXT - ok
13:37:47.0913 4112 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
13:37:47.0922 4112 IntcAzAudAddService - ok
13:37:47.0977 4112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:37:47.0978 4112 intelide - ok
13:37:47.0982 4112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
13:37:47.0983 4112 intelppm - ok
13:37:47.0994 4112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:37:47.0996 4112 IPBusEnum - ok
13:37:48.0001 4112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:37:48.0002 4112 IpFilterDriver - ok
13:37:48.0035 4112 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:37:48.0040 4112 iphlpsvc - ok
13:37:48.0045 4112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:37:48.0046 4112 IPMIDRV - ok
13:37:48.0052 4112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:37:48.0053 4112 IPNAT - ok
13:37:48.0056 4112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:37:48.0056 4112 IRENUM - ok
13:37:48.0059 4112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:37:48.0060 4112 isapnp - ok
13:37:48.0070 4112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:37:48.0073 4112 iScsiPrt - ok
13:37:48.0107 4112 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
13:37:48.0109 4112 k57nd60a - ok
13:37:48.0116 4112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:37:48.0117 4112 kbdclass - ok
13:37:48.0129 4112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:37:48.0130 4112 kbdhid - ok
13:37:48.0156 4112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:37:48.0157 4112 KeyIso - ok
13:37:48.0163 4112 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:37:48.0164 4112 KSecDD - ok
13:37:48.0237 4112 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:37:48.0238 4112 KSecPkg - ok
13:37:48.0242 4112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:37:48.0243 4112 ksthunk - ok
13:37:48.0281 4112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:37:48.0293 4112 KtmRm - ok
13:37:48.0324 4112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:37:48.0327 4112 LanmanServer - ok
13:37:48.0359 4112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:37:48.0361 4112 LanmanWorkstation - ok
13:37:48.0377 4112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:37:48.0378 4112 lltdio - ok
13:37:48.0408 4112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:37:48.0412 4112 lltdsvc - ok
13:37:48.0421 4112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:37:48.0422 4112 lmhosts - ok
13:37:48.0444 4112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:37:48.0445 4112 LSI_FC - ok
13:37:48.0452 4112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:37:48.0454 4112 LSI_SAS - ok
13:37:48.0458 4112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:37:48.0459 4112 LSI_SAS2 - ok
13:37:48.0465 4112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:37:48.0467 4112 LSI_SCSI - ok
13:37:48.0473 4112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:37:48.0474 4112 luafv - ok
13:37:48.0490 4112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:37:48.0491 4112 Mcx2Svc - ok
13:37:48.0495 4112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:37:48.0496 4112 megasas - ok
13:37:48.0507 4112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:37:48.0510 4112 MegaSR - ok
13:37:48.0523 4112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:37:48.0525 4112 MMCSS - ok
13:37:48.0528 4112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:37:48.0529 4112 Modem - ok
13:37:48.0532 4112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:37:48.0532 4112 monitor - ok
13:37:48.0536 4112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:37:48.0537 4112 mouclass - ok
13:37:48.0540 4112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:37:48.0541 4112 mouhid - ok
13:37:48.0546 4112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:37:48.0547 4112 mountmgr - ok
13:37:48.0609 4112 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:37:48.0610 4112 MozillaMaintenance - ok
13:37:48.0658 4112 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:37:48.0660 4112 MpFilter - ok
13:37:48.0687 4112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:37:48.0689 4112 mpio - ok
13:37:48.0693 4112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:37:48.0694 4112 mpsdrv - ok
13:37:48.0741 4112 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:37:48.0755 4112 MpsSvc - ok
13:37:48.0762 4112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:37:48.0764 4112 MRxDAV - ok
13:37:48.0818 4112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:37:48.0820 4112 mrxsmb - ok
13:37:48.0833 4112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:37:48.0836 4112 mrxsmb10 - ok
13:37:48.0842 4112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:37:48.0843 4112 mrxsmb20 - ok
13:37:48.0846 4112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:37:48.0847 4112 msahci - ok
13:37:48.0854 4112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:37:48.0856 4112 msdsm - ok
13:37:48.0871 4112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:37:48.0873 4112 MSDTC - ok
13:37:48.0893 4112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:37:48.0894 4112 Msfs - ok
13:37:48.0900 4112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:37:48.0901 4112 mshidkmdf - ok
13:37:48.0904 4112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:37:48.0904 4112 msisadrv - ok
13:37:48.0931 4112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:37:48.0933 4112 MSiSCSI - ok
13:37:48.0935 4112 msiserver - ok
13:37:48.0952 4112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:37:48.0953 4112 MSKSSRV - ok
13:37:49.0036 4112 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:37:49.0036 4112 MsMpSvc - ok
13:37:49.0053 4112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:37:49.0054 4112 MSPCLOCK - ok
13:37:49.0068 4112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:37:49.0068 4112 MSPQM - ok
13:37:49.0083 4112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:37:49.0086 4112 MsRPC - ok
13:37:49.0091 4112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:37:49.0091 4112 mssmbios - ok
13:37:49.0098 4112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:37:49.0099 4112 MSTEE - ok
13:37:49.0112 4112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:37:49.0112 4112 MTConfig - ok
13:37:49.0116 4112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:37:49.0117 4112 Mup - ok
13:37:49.0175 4112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:37:49.0181 4112 napagent - ok
13:37:49.0216 4112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:37:49.0219 4112 NativeWifiP - ok
13:37:49.0326 4112 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
13:37:49.0338 4112 NAUpdate - ok
13:37:49.0395 4112 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
13:37:49.0426 4112 NDIS - ok
13:37:49.0444 4112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:37:49.0445 4112 NdisCap - ok
13:37:49.0459 4112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:37:49.0460 4112 NdisTapi - ok
13:37:49.0468 4112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:37:49.0469 4112 Ndisuio - ok
13:37:49.0476 4112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:37:49.0478 4112 NdisWan - ok
13:37:49.0483 4112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:37:49.0484 4112 NDProxy - ok
13:37:49.0487 4112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:37:49.0488 4112 NetBIOS - ok
13:37:49.0498 4112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:37:49.0501 4112 NetBT - ok
13:37:49.0531 4112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:37:49.0532 4112 Netlogon - ok
13:37:49.0590 4112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:37:49.0602 4112 Netman - ok
13:37:49.0677 4112 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:37:49.0679 4112 NetMsmqActivator - ok
13:37:49.0681 4112 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:37:49.0682 4112 NetPipeActivator - ok
13:37:49.0700 4112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:37:49.0704 4112 netprofm - ok
13:37:49.0707 4112 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:37:49.0708 4112 NetTcpActivator - ok
13:37:49.0710 4112 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:37:49.0711 4112 NetTcpPortSharing - ok
13:37:49.0743 4112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:37:49.0745 4112 nfrd960 - ok
13:37:49.0805 4112 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:37:49.0806 4112 NisDrv - ok
13:37:49.0927 4112 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:37:49.0930 4112 NisSrv - ok
13:37:49.0945 4112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:37:49.0949 4112 NlaSvc - ok
13:37:50.0108 4112 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
13:37:50.0146 4112 NOBU - ok
13:37:50.0294 4112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:37:50.0295 4112 Npfs - ok
13:37:50.0302 4112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:37:50.0304 4112 nsi - ok
13:37:50.0306 4112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:37:50.0307 4112 nsiproxy - ok
13:37:50.0361 4112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:37:50.0387 4112 Ntfs - ok
13:37:50.0417 4112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:37:50.0417 4112 Null - ok
13:37:50.0440 4112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:37:50.0441 4112 nvraid - ok
13:37:50.0451 4112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:37:50.0453 4112 nvstor - ok
13:37:50.0459 4112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:37:50.0460 4112 nv_agp - ok
13:37:50.0465 4112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:37:50.0466 4112 ohci1394 - ok
13:37:50.0501 4112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:37:50.0504 4112 p2pimsvc - ok
13:37:50.0544 4112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:37:50.0554 4112 p2psvc - ok
13:37:50.0559 4112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:37:50.0561 4112 Parport - ok
13:37:50.0566 4112 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
13:37:50.0566 4112 partmgr - ok
13:37:50.0587 4112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:37:50.0590 4112 PcaSvc - ok
13:37:50.0739 4112 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms
13:37:50.0740 4112 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
13:37:50.0763 4112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:37:50.0765 4112 pci - ok
13:37:50.0768 4112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:37:50.0768 4112 pciide - ok
13:37:50.0786 4112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:37:50.0788 4112 pcmcia - ok
13:37:50.0792 4112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:37:50.0793 4112 pcw - ok
13:37:50.0815 4112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:37:50.0821 4112 PEAUTH - ok
13:37:50.0878 4112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:37:50.0879 4112 PerfHost - ok
13:37:50.0947 4112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:37:50.0963 4112 pla - ok
13:37:51.0025 4112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:37:51.0028 4112 PlugPlay - ok
13:37:51.0035 4112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:37:51.0037 4112 PNRPAutoReg - ok
13:37:51.0076 4112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:37:51.0079 4112 PNRPsvc - ok
13:37:51.0117 4112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:37:51.0125 4112 PolicyAgent - ok
13:37:51.0162 4112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:37:51.0165 4112 Power - ok
13:37:51.0227 4112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:37:51.0228 4112 PptpMiniport - ok
13:37:51.0240 4112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:37:51.0242 4112 Processor - ok
13:37:51.0258 4112 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
13:37:51.0261 4112 ProfSvc - ok
13:37:51.0289 4112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:37:51.0291 4112 ProtectedStorage - ok
13:37:51.0319 4112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:37:51.0320 4112 Psched - ok
13:37:51.0347 4112 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
13:37:51.0347 4112 PxHlpa64 - ok
13:37:51.0410 4112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:37:51.0424 4112 ql2300 - ok
13:37:51.0487 4112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:37:51.0489 4112 ql40xx - ok
13:37:51.0506 4112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:37:51.0509 4112 QWAVE - ok
13:37:51.0514 4112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:37:51.0515 4112 QWAVEdrv - ok
13:37:51.0517 4112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:37:51.0518 4112 RasAcd - ok
13:37:51.0537 4112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:37:51.0538 4112 RasAgileVpn - ok
13:37:51.0555 4112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:37:51.0557 4112 RasAuto - ok
13:37:51.0575 4112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:37:51.0576 4112 Rasl2tp - ok
13:37:51.0601 4112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:37:51.0605 4112 RasMan - ok
13:37:51.0610 4112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:37:51.0612 4112 RasPppoe - ok
13:37:51.0617 4112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:37:51.0618 4112 RasSstp - ok
13:37:51.0630 4112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:37:51.0633 4112 rdbss - ok
13:37:51.0641 4112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:37:51.0642 4112 rdpbus - ok
13:37:51.0667 4112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:37:51.0668 4112 RDPCDD - ok
13:37:51.0680 4112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:37:51.0681 4112 RDPENCDD - ok
13:37:51.0693 4112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:37:51.0693 4112 RDPREFMP - ok
13:37:51.0714 4112 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
13:37:51.0716 4112 RDPWD - ok
13:37:51.0726 4112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:37:51.0728 4112 rdyboost - ok
13:37:51.0748 4112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:37:51.0750 4112 RemoteAccess - ok
13:37:51.0765 4112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:37:51.0768 4112 RemoteRegistry - ok
13:37:51.0870 4112 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
13:37:51.0884 4112 RoxMediaDB12OEM - ok
13:37:51.0910 4112 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
13:37:51.0913 4112 RoxWatch12 - ok
13:37:51.0985 4112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:37:51.0987 4112 RpcEptMapper - ok
13:37:52.0008 4112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:37:52.0009 4112 RpcLocator - ok
13:37:52.0029 4112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:37:52.0033 4112 RpcSs - ok
13:37:52.0064 4112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:37:52.0065 4112 rspndr - ok
13:37:52.0089 4112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:37:52.0090 4112 SamSs - ok
13:37:52.0192 4112 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:37:52.0192 4112 SASDIFSV - ok
13:37:52.0202 4112 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:37:52.0202 4112 SASKUTIL - ok
13:37:52.0218 4112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:37:52.0220 4112 sbp2port - ok
13:37:52.0239 4112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:37:52.0241 4112 SCardSvr - ok
13:37:52.0245 4112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:37:52.0246 4112 scfilter - ok
13:37:52.0286 4112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:37:52.0303 4112 Schedule - ok
13:37:52.0339 4112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:37:52.0339 4112 SCPolicySvc - ok
13:37:52.0368 4112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:37:52.0371 4112 SDRSVC - ok
13:37:52.0453 4112 SeaPort (331e7bde228914574fc9ae6cd520dafa) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
13:37:52.0455 4112 SeaPort - ok
13:37:52.0470 4112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:37:52.0471 4112 secdrv - ok
13:37:52.0487 4112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:37:52.0489 4112 seclogon - ok
13:37:52.0504 4112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:37:52.0506 4112 SENS - ok
13:37:52.0518 4112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:37:52.0520 4112 SensrSvc - ok
13:37:52.0535 4112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:37:52.0536 4112 Serenum - ok
13:37:52.0541 4112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:37:52.0543 4112 Serial - ok
13:37:52.0546 4112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:37:52.0547 4112 sermouse - ok
13:37:52.0571 4112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:37:52.0573 4112 SessionEnv - ok
13:37:52.0577 4112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:37:52.0577 4112 sffdisk - ok
13:37:52.0580 4112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:37:52.0581 4112 sffp_mmc - ok
13:37:52.0583 4112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:37:52.0584 4112 sffp_sd - ok
13:37:52.0595 4112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:37:52.0595 4112 sfloppy - ok
13:37:52.0674 4112 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
13:37:52.0688 4112 SftService - ok
13:37:52.0785 4112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:37:52.0788 4112 SharedAccess - ok
13:37:52.0811 4112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:37:52.0823 4112 ShellHWDetection - ok
13:37:52.0829 4112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:37:52.0830 4112 SiSRaid2 - ok
13:37:52.0843 4112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:37:52.0844 4112 SiSRaid4 - ok
13:37:52.0912 4112 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:37:52.0914 4112 SkypeUpdate - ok
13:37:52.0932 4112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:37:52.0934 4112 Smb - ok
13:37:52.0947 4112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:37:52.0949 4112 SNMPTRAP - ok
13:37:52.0958 4112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:37:52.0959 4112 spldr - ok
13:37:52.0987 4112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:37:52.0991 4112 Spooler - ok
13:37:53.0106 4112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:37:53.0122 4112 sppsvc - ok
13:37:53.0146 4112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:37:53.0148 4112 sppuinotify - ok
13:37:53.0177 4112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:37:53.0185 4112 srv - ok
13:37:53.0212 4112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:37:53.0223 4112 srv2 - ok
13:37:53.0235 4112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:37:53.0236 4112 srvnet - ok
13:37:53.0282 4112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:37:53.0285 4112 SSDPSRV - ok
13:37:53.0290 4112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:37:53.0292 4112 SstpSvc - ok
13:37:53.0306 4112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:37:53.0307 4112 stexstor - ok
13:37:53.0365 4112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:37:53.0379 4112 stisvc - ok
13:37:53.0436 4112 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
13:37:53.0457 4112 stllssvr - ok
13:37:53.0466 4112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:37:53.0466 4112 swenum - ok
13:37:53.0501 4112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:37:53.0509 4112 swprv - ok
13:37:53.0583 4112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:37:53.0600 4112 SysMain - ok
13:37:53.0678 4112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:37:53.0680 4112 TabletInputService - ok
13:37:53.0706 4112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:37:53.0711 4112 TapiSrv - ok
13:37:53.0729 4112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:37:53.0731 4112 TBS - ok
13:37:53.0842 4112 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
13:37:53.0858 4112 Tcpip - ok
13:37:53.0982 4112 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
13:37:53.0990 4112 TCPIP6 - ok
13:37:54.0025 4112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:37:54.0026 4112 tcpipreg - ok
13:37:54.0038 4112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:37:54.0039 4112 TDPIPE - ok
13:37:54.0058 4112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:37:54.0059 4112 TDTCP - ok
13:37:54.0078 4112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:37:54.0080 4112 tdx - ok
13:37:54.0092 4112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:37:54.0093 4112 TermDD - ok
13:37:54.0128 4112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:37:54.0140 4112 TermService - ok
13:37:54.0150 4112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:37:54.0152 4112 Themes - ok
13:37:54.0173 4112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:37:54.0174 4112 THREADORDER - ok
13:37:54.0185 4112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:37:54.0187 4112 TrkWks - ok
13:37:54.0223 4112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:37:54.0225 4112 TrustedInstaller - ok
13:37:54.0230 4112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:37:54.0231 4112 tssecsrv - ok
13:37:54.0235 4112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:37:54.0236 4112 TsUsbFlt - ok
13:37:54.0258 4112 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:37:54.0316 4112 TsUsbGD - ok
13:37:54.0347 4112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:37:54.0349 4112 tunnel - ok
13:37:54.0353 4112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:37:54.0354 4112 uagp35 - ok
13:37:54.0367 4112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:37:54.0370 4112 udfs - ok
13:37:54.0384 4112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:37:54.0386 4112 UI0Detect - ok
13:37:54.0390 4112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:37:54.0391 4112 uliagpkx - ok
13:37:54.0401 4112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:37:54.0402 4112 umbus - ok
13:37:54.0405 4112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:37:54.0405 4112 UmPass - ok
13:37:54.0444 4112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:37:54.0458 4112 upnphost - ok
13:37:54.0480 4112 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:37:54.0482 4112 usbaudio - ok
13:37:54.0488 4112 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys
13:37:54.0489 4112 usbccgp - ok
13:37:54.0505 4112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:37:54.0507 4112 usbcir - ok
13:37:54.0511 4112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:37:54.0512 4112 usbehci - ok
13:37:54.0524 4112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:37:54.0528 4112 usbhub - ok
13:37:54.0531 4112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
13:37:54.0532 4112 usbohci - ok
13:37:54.0535 4112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:37:54.0536 4112 usbprint - ok
13:37:54.0541 4112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:37:54.0542 4112 USBSTOR - ok
13:37:54.0545 4112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:37:54.0546 4112 usbuhci - ok
13:37:54.0564 4112 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:37:54.0566 4112 usbvideo - ok
13:37:54.0577 4112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:37:54.0578 4112 UxSms - ok
13:37:54.0606 4112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:37:54.0607 4112 VaultSvc - ok
13:37:54.0611 4112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:37:54.0611 4112 vdrvroot - ok
13:37:54.0649 4112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:37:54.0657 4112 vds - ok
13:37:54.0670 4112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:37:54.0671 4112 vga - ok
13:37:54.0674 4112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:37:54.0675 4112 VgaSave - ok
13:37:54.0684 4112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:37:54.0687 4112 vhdmp - ok
13:37:54.0690 4112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:37:54.0691 4112 viaide - ok
13:37:54.0698 4112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:37:54.0699 4112 volmgr - ok
13:37:54.0724 4112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:37:54.0728 4112 volmgrx - ok
13:37:54.0739 4112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:37:54.0742 4112 volsnap - ok
13:37:54.0749 4112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:37:54.0751 4112 vsmraid - ok
13:37:54.0819 4112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:37:54.0834 4112 VSS - ok
13:37:54.0901 4112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:37:54.0902 4112 vwifibus - ok
13:37:54.0926 4112 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:37:54.0927 4112 vwififlt - ok
13:37:54.0952 4112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:37:54.0964 4112 W32Time - ok
13:37:54.0975 4112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:37:54.0976 4112 WacomPen - ok
13:37:54.0990 4112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:54.0991 4112 WANARP - ok
13:37:55.0000 4112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:37:55.0000 4112 Wanarpv6 - ok
13:37:55.0086 4112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:37:55.0098 4112 WatAdminSvc - ok
13:37:55.0158 4112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:37:55.0172 4112 wbengine - ok
13:37:55.0247 4112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:37:55.0250 4112 WbioSrvc - ok
13:37:55.0265 4112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:37:55.0269 4112 wcncsvc - ok
13:37:55.0282 4112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:37:55.0284 4112 WcsPlugInService - ok
13:37:55.0294 4112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:37:55.0295 4112 Wd - ok
13:37:55.0331 4112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:37:55.0344 4112 Wdf01000 - ok
13:37:55.0352 4112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:37:55.0355 4112 WdiServiceHost - ok
13:37:55.0357 4112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:37:55.0358 4112 WdiSystemHost - ok
13:37:55.0377 4112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:37:55.0381 4112 WebClient - ok
13:37:55.0400 4112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:37:55.0403 4112 Wecsvc - ok
13:37:55.0409 4112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:37:55.0411 4112 wercplsupport - ok
13:37:55.0428 4112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:37:55.0430 4112 WerSvc - ok
13:37:55.0449 4112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:37:55.0450 4112 WfpLwf - ok
13:37:55.0475 4112 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
13:37:55.0477 4112 WimFltr - ok
13:37:55.0490 4112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:37:55.0491 4112 WIMMount - ok
13:37:55.0535 4112 WinDefend - ok
13:37:55.0539 4112 WinHttpAutoProxySvc - ok
13:37:55.0581 4112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:37:55.0584 4112 Winmgmt - ok
13:37:55.0662 4112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:37:55.0681 4112 WinRM - ok
13:37:55.0781 4112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:37:55.0795 4112 Wlansvc - ok
13:37:55.0826 4112 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:37:55.0827 4112 wlcrasvc - ok
13:37:55.0947 4112 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:37:55.0983 4112 wlidsvc - ok
13:37:56.0024 4112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:37:56.0025 4112 WmiAcpi - ok
13:37:56.0045 4112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:37:56.0047 4112 wmiApSrv - ok
13:37:56.0104 4112 WMPNetworkSvc - ok
13:37:56.0121 4112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:37:56.0123 4112 WPCSvc - ok
13:37:56.0137 4112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:37:56.0140 4112 WPDBusEnum - ok
13:37:56.0143 4112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:37:56.0144 4112 ws2ifsl - ok
13:37:56.0155 4112 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:37:56.0157 4112 wscsvc - ok
13:37:56.0160 4112 WSearch - ok
13:37:56.0296 4112 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
13:37:56.0319 4112 wuauserv - ok
13:37:56.0404 4112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:37:56.0406 4112 WudfPf - ok
13:37:56.0435 4112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:37:56.0437 4112 WUDFRd - ok
13:37:56.0442 4112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:37:56.0444 4112 wudfsvc - ok
13:37:56.0454 4112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:37:56.0457 4112 WwanSvc - ok
13:37:56.0477 4112 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:37:56.0529 4112 \Device\Harddisk0\DR0 - ok
13:37:56.0530 4112 Boot (0x1200) (8a2bec3719b9ae9b05157ed9c5bdf99b) \Device\Harddisk0\DR0\Partition0
13:37:56.0532 4112 \Device\Harddisk0\DR0\Partition0 - ok
13:37:56.0545 4112 Boot (0x1200) (a1022ad13d9b893eee6a5f1774c0b9c8) \Device\Harddisk0\DR0\Partition1
13:37:56.0546 4112 \Device\Harddisk0\DR0\Partition1 - ok
13:37:56.0547 4112 ============================================================
13:37:56.0547 4112 Scan finished
13:37:56.0547 4112 ============================================================
13:37:56.0553 3352 Detected object count: 0
13:37:56.0553 3352 Actual detected object count: 0
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby unknowndemon808 » May 7th, 2012, 7:45 pm

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kevin (administrator) on 07-05-2012 at 13:43:02
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================



========================= IP Configuration: ================================

Broadcom NetLink (TM) Gigabit Ethernet = Local Area Connection (Connected)
DW1525 (802.11n) WLAN PCIe Card = Wireless Network Connection (Hardware not present)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Kevin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet
Physical Address. . . . . . . . . : 84-2B-2B-99-CD-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::654a:3283:27d0:a44d%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.11.2.16(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Sunday, May 06, 2012 5:12:32 PM
Lease Expires . . . . . . . . . . : Saturday, May 12, 2012 1:35:08 PM
Default Gateway . . . . . . . . . : fe80::742d:950e:6aca:ea18%11
10.11.1.1
DHCP Server . . . . . . . . . . . : 10.11.1.1
DHCPv6 IAID . . . . . . . . . . . : 243542827
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-D6-15-D4-84-2B-2B-99-CD-1F
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{CE8D4A10-FC95-4B2B-815E-091BDD31B4BF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24d7:3a13:bfb4:481d(Preferred)
Link-local IPv6 Address . . . . . : fe80::24d7:3a13:bfb4:481d%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: google-public-dns-a.google.com
Address: 8.8.8.8

DNS request timed out.
timeout was 2 seconds.
Name: google.com
Addresses: 74.125.224.35
74.125.224.41
74.125.224.38
74.125.224.37
74.125.224.34
74.125.224.46
74.125.224.33
74.125.224.32
74.125.224.36
74.125.224.39
74.125.224.40


Pinging google.com [74.125.224.38] with 32 bytes of data:
Reply from 74.125.224.38: bytes=32 time=62ms TTL=55
Reply from 74.125.224.38: bytes=32 time=63ms TTL=55

Ping statistics for 74.125.224.38:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 62ms, Maximum = 63ms, Average = 62ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
209.191.122.70


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=153ms TTL=53
Reply from 98.139.183.24: bytes=32 time=188ms TTL=53

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 153ms, Maximum = 188ms, Average = 170ms
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...84 2b 2b 99 cd 1f ......Broadcom NetLink (TM) Gigabit Ethernet
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.11.1.1 10.11.2.16 20
10.11.0.0 255.255.252.0 On-link 10.11.2.16 276
10.11.2.16 255.255.255.255 On-link 10.11.2.16 276
10.11.3.255 255.255.255.255 On-link 10.11.2.16 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.11.2.16 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.11.2.16 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
11 276 ::/0 fe80::742d:950e:6aca:ea18
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:4137:9e76:24d7:3a13:bfb4:481d/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::24d7:3a13:bfb4:481d/128
On-link
11 276 fe80::654a:3283:27d0:a44d/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Devices: ================================

Name: DW1525 (802.11n) WLAN PCIe Card
Description: DW1525 (802.11n) WLAN PCIe Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


**** End of log ****
unknowndemon808
Active Member
 
Posts: 10
Joined: May 3rd, 2012, 6:40 am

Re: Suspected Malware

Unread postby torreattack » May 8th, 2012, 5:54 pm

Hi unknowndemon808:

I saw you game: League of Legends had cause a few errors in the previous logs. I hope you don't mind to uninstall it temporary to see whether it is the causes of your problem.

1. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
  • Click start>> Control Panel >> Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    League of Legends
    Pando Media Booster
  • Select the program above and click on Uninstall to uninstall it.
NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


RESTART your computer now.


2. Your Java is out of date.

It can be updated by the Java control panel
  • click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Just follow the prompts.



3. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



4. re-scan with OTL
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop. Disable you antivirus if needed.
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of OTL.txt ONLY in your next reply.



5. Checklist
Please post:
  • Eset online scanning result
  • OTL.txt
  • An update on your problems
note: These logs can be lengthy, please post in several replies if needed. Please ensure you post COMPLETE log.

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby torreattack » May 10th, 2012, 5:43 pm

Hi unknowndemon808

3 Day Response Rule
It has been 2 days since my last post to you.
  • Do you still need help with this problem?
  • Do you need more time?
  • Are you having problems understanding or following my instructions?
Just let me know what's going on otherwise...
After 24 hrs., if you have not replied to this thread... it will be closed!

Thanks,
torreattack
torreattack
Retired Graduate
 
Posts: 940
Joined: July 27th, 2008, 1:36 am

Re: Suspected Malware

Unread postby Cypher » May 12th, 2012, 5:21 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 296 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware