Jump to content

Flyte75

Members
  • Posts

    15
  • Joined

  • Last visited

Reputation

0 Neutral
  1. The most obvious continuing problem is with Internet Explorer. Some pages won't load, others loan in a strange format. Actions take a long time to complete.
  2. ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=88d6f9ab4e561b45995ea47d426dc8c8 # end=stopped # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-14 09:49:48 # local_time=2012-08-14 05:49:48 (+0800, Ulaanbaatar Standard Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 4892907 10184456 0 0 # compatibility_mode=5893 16776573 100 94 0 96567210 0 0 # compatibility_mode=8192 67108863 100 0 234 234 0 0 # scanned=13148 # found=8 # cleaned=0 # scan_time=427 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEIPlug.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEZSETP.dll Win32/Toolbar.MyWebSearch.Q application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\NP3kEISb.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=88d6f9ab4e561b45995ea47d426dc8c8 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-14 10:44:11 # local_time=2012-08-14 06:44:11 (+0800, Ulaanbaatar Standard Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 4893557 10185106 0 0 # compatibility_mode=5893 16776573 100 94 0 96567860 0 0 # compatibility_mode=8192 67108863 100 0 884 884 0 0 # scanned=180127 # found=6 # cleaned=0 # scan_time=3040 C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEIPlug.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\3kEZSETP.dll Win32/Toolbar.MyWebSearch.Q application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\CrazyForCricket_3kEI\Installr\1.bin\NP3kEISb.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I C:\Program Files (x86)\ExpressFiles\uninstall.exe a variant of Win32/ExpressFiles application (unable to clean) 00000000000000000000000000000000 I C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
  3. And the MBAM log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Seb :: SEB-PC [administrator] 14/08/2012 16:02:27 mbam-log-2012-08-14 (16-02-27).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 351497 Time elapsed: 52 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. Combo fix below. MBAM to follow in about one hour 20 mins. Scan takes quite a long time. ComboFix 12-08-13.01 - Seb 14/08/2012 15:38:11.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2514 [GMT 8:00] Running from: c:\users\Seb\Desktop\ComboFix.exe Command switches used :: c:\users\Seb\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 07:42 . 2012-08-14 07:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll 2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe 2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.21.53 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-03 03:13 . 2012-08-14 07:46 85176 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 07:46 34094 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-11 06:50 . 2012-08-14 07:46 20522 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin + 2010-03-10 18:05 . 2012-08-14 06:59 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-10 18:05 . 2012-08-14 06:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-13 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-14 06:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 07:43 . 2012-08-14 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 07:43 . 2012-08-14 07:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-14 01:04 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 07:42 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-07 00:14 . 2012-08-14 07:42 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat - 2011-07-07 00:14 . 2012-08-14 01:04 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "FAStartup"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bbc.co.uk/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\ExpressFiles\EFupdater.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe . ************************************************************************** . Completion time: 2012-08-14 15:51:41 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-14 07:51 ComboFix2.txt 2012-08-14 07:06 ComboFix3.txt 2012-08-14 03:19 ComboFix4.txt 2012-08-14 02:57 ComboFix5.txt 2012-08-14 07:36 . Pre-Run: 16,303,022,080 bytes free Post-Run: 16,302,739,456 bytes free . - - End Of File - - 3510AC9A7DD806E1F25D2A27ADE27053
  5. Results of screen317's Security Check version 0.99.43 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 31 Java version out of Date! Adobe Reader 9 Adobe Reader out of Date! Google Chrome 21.0.1180.75 Google Chrome 21.0.1180.77 Google Chrome VisualElementsManifest.xml.. ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  6. ComboFix 12-08-10.02 - Seb 14/08/2012 14:53:52.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2664 [GMT 8:00] Running from: c:\users\Seb\Desktop\ComboFix.exe Command switches used :: c:\users\Seb\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Seb\AppData\Local\fxjagetq c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll 2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe 2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.21.53 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-03 03:13 . 2012-08-14 07:01 85160 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 07:01 34086 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-11 06:50 . 2012-08-14 03:04 20380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin + 2010-03-10 18:05 . 2012-08-14 06:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-10 18:05 . 2012-08-14 06:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-13 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-14 06:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 06:59 . 2012-08-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 06:59 . 2012-08-14 06:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-14 01:04 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 06:58 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-07 00:14 . 2012-08-14 06:58 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat - 2011-07-07 00:14 . 2012-08-14 01:04 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] "NebMqedh"="c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "FAStartup"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bbc.co.uk/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) URLSearchHooks-{656461ef-40f6-4115-9ff1-bced9812ccbb} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-BitTorrent - c:\program files (x86)\BitTorrent\BitTorrent.exe WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe c:\program files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe . ************************************************************************** . Completion time: 2012-08-14 15:06:43 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-14 07:06 ComboFix2.txt 2012-08-14 03:19 ComboFix3.txt 2012-08-14 02:57 ComboFix4.txt 2012-08-14 02:21 ComboFix5.txt 2012-08-14 06:53 . Pre-Run: 16,424,374,272 bytes free Post-Run: 16,425,177,088 bytes free . - - End Of File - - FD57B9099A76297F19B56FE36F864DF1
  7. Thanks. I will read and o he above. I have in the meantime restarted my laptop and run a full scan. This shows that the problem is still there. Vendor is Hijack.Userinit. category is Redistry Data. Item is HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winloquon|Userinit. Other is Bad(C:\Windows\system32\userinit.exe,,C:\Users\Seb\AppData\Local\fxjaqetq\nebmqedh.exe) Good: (userinit.exe).
  8. That scan has come up clean. Is there anything else that I can do to ensure that the problem has been competent resolved? Many thanks.
  9. I ran the programs in the safe mode but was unable to conneect to the Internet to send the above logs. However after having run in safe mode, I was able to access McAfee in normal mode and so run from there. I am not quite sure if it has worked and am running the full Malwarebytes scan now.
  10. 11:20:05.0259 2140 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 11:20:06.0135 2140 ============================================================ 11:20:06.0135 2140 Current date / time: 2012/08/14 11:20:06.0135 11:20:06.0135 2140 SystemInfo: 11:20:06.0135 2140 11:20:06.0135 2140 OS Version: 6.1.7601 ServicePack: 1.0 11:20:06.0135 2140 Product type: Workstation 11:20:06.0136 2140 ComputerName: SEB-PC 11:20:06.0136 2140 UserName: Seb 11:20:06.0136 2140 Windows directory: C:\Windows 11:20:06.0136 2140 System windows directory: C:\Windows 11:20:06.0136 2140 Running under WOW64 11:20:06.0136 2140 Processor architecture: Intel x64 11:20:06.0136 2140 Number of processors: 4 11:20:06.0136 2140 Page size: 0x1000 11:20:06.0136 2140 Boot type: Normal boot 11:20:06.0136 2140 ============================================================ 11:20:07.0170 2140 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:20:07.0175 2140 ============================================================ 11:20:07.0175 2140 \Device\Harddisk0\DR0: 11:20:07.0175 2140 MBR partitions: 11:20:07.0175 2140 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000 11:20:07.0175 2140 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x38625E6B 11:20:07.0175 2140 ============================================================ 11:20:07.0212 2140 C: <-> \Device\Harddisk0\DR0\Partition1 11:20:07.0212 2140 ============================================================ 11:20:07.0212 2140 Initialize success 11:20:07.0212 2140 ============================================================ 11:20:11.0113 3192 ============================================================ 11:20:11.0113 3192 Scan started 11:20:11.0113 3192 Mode: Manual; 11:20:11.0113 3192 ============================================================ 11:20:12.0708 3192 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:20:12.0717 3192 1394ohci - ok 11:20:12.0781 3192 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:20:12.0793 3192 ACPI - ok 11:20:12.0829 3192 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:20:12.0830 3192 AcpiPmi - ok 11:20:12.0962 3192 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:20:12.0972 3192 AdobeFlashPlayerUpdateSvc - ok 11:20:13.0058 3192 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:20:13.0074 3192 adp94xx - ok 11:20:13.0126 3192 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:20:13.0139 3192 adpahci - ok 11:20:13.0169 3192 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:20:13.0180 3192 adpu320 - ok 11:20:13.0208 3192 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:20:13.0210 3192 AeLookupSvc - ok 11:20:13.0281 3192 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:20:13.0297 3192 AFD - ok 11:20:13.0397 3192 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:20:13.0399 3192 agp440 - ok 11:20:13.0471 3192 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:20:13.0474 3192 ALG - ok 11:20:13.0482 3192 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:20:13.0484 3192 aliide - ok 11:20:13.0537 3192 AMD External Events Utility (5989d711769200f0f3e145319250472b) C:\Windows\system32\atiesrxx.exe 11:20:13.0546 3192 AMD External Events Utility - ok 11:20:13.0552 3192 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:20:13.0553 3192 amdide - ok 11:20:13.0594 3192 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:20:13.0596 3192 AmdK8 - ok 11:20:13.0616 3192 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:20:13.0618 3192 AmdPPM - ok 11:20:13.0672 3192 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:20:13.0674 3192 amdsata - ok 11:20:13.0707 3192 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:20:13.0710 3192 amdsbs - ok 11:20:13.0729 3192 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:20:13.0730 3192 amdxata - ok 11:20:13.0789 3192 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:20:13.0792 3192 AppID - ok 11:20:13.0820 3192 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:20:13.0822 3192 AppIDSvc - ok 11:20:13.0866 3192 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:20:13.0869 3192 Appinfo - ok 11:20:13.0993 3192 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:20:13.0995 3192 Apple Mobile Device - ok 11:20:14.0067 3192 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:20:14.0068 3192 arc - ok 11:20:14.0092 3192 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:20:14.0094 3192 arcsas - ok 11:20:14.0198 3192 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 11:20:14.0200 3192 aspnet_state - ok 11:20:14.0222 3192 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:20:14.0223 3192 AsyncMac - ok 11:20:14.0259 3192 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:20:14.0260 3192 atapi - ok 11:20:14.0302 3192 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys 11:20:14.0317 3192 AtiHdmiService - ok 11:20:14.0819 3192 atikmdag (b5fb227a09a9ec28163fa4b45487c3c7) C:\Windows\system32\DRIVERS\atikmdag.sys 11:20:14.0910 3192 atikmdag - ok 11:20:15.0102 3192 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:20:15.0117 3192 AudioEndpointBuilder - ok 11:20:15.0133 3192 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:20:15.0140 3192 AudioSrv - ok 11:20:15.0181 3192 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:20:15.0198 3192 AxInstSV - ok 11:20:15.0276 3192 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:20:15.0283 3192 b06bdrv - ok 11:20:15.0344 3192 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:20:15.0361 3192 b57nd60a - ok 11:20:15.0467 3192 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 11:20:15.0481 3192 BBSvc - ok 11:20:15.0508 3192 BCM42RLY (e001dd475a7c27ebe5a0db45c11bad71) C:\Windows\system32\drivers\BCM42RLY.sys 11:20:15.0510 3192 BCM42RLY - ok 11:20:15.0769 3192 BCM43XX (f4cd5f52850bf2c978de178f256ba372) C:\Windows\system32\DRIVERS\bcmwl664.sys 11:20:15.0797 3192 BCM43XX - ok 11:20:15.0948 3192 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:20:15.0950 3192 BDESVC - ok 11:20:16.0008 3192 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:20:16.0010 3192 Beep - ok 11:20:16.0107 3192 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:20:16.0120 3192 BFE - ok 11:20:16.0234 3192 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 11:20:16.0243 3192 BITS - ok 11:20:16.0312 3192 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:20:16.0313 3192 blbdrive - ok 11:20:16.0422 3192 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:20:16.0431 3192 Bonjour Service - ok 11:20:16.0474 3192 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:20:16.0480 3192 bowser - ok 11:20:16.0514 3192 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:20:16.0516 3192 BrFiltLo - ok 11:20:16.0525 3192 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:20:16.0526 3192 BrFiltUp - ok 11:20:16.0576 3192 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:20:16.0581 3192 BridgeMP - ok 11:20:16.0624 3192 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:20:16.0627 3192 Browser - ok 11:20:16.0664 3192 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:20:16.0680 3192 Brserid - ok 11:20:16.0698 3192 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:20:16.0700 3192 BrSerWdm - ok 11:20:16.0724 3192 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:20:16.0725 3192 BrUsbMdm - ok 11:20:16.0741 3192 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:20:16.0742 3192 BrUsbSer - ok 11:20:16.0791 3192 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys 11:20:16.0793 3192 BthEnum - ok 11:20:16.0814 3192 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:20:16.0820 3192 BTHMODEM - ok 11:20:16.0855 3192 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 11:20:16.0870 3192 BthPan - ok 11:20:16.0930 3192 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 11:20:16.0951 3192 BTHPORT - ok 11:20:16.0998 3192 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:20:17.0004 3192 bthserv - ok 11:20:17.0028 3192 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 11:20:17.0034 3192 BTHUSB - ok 11:20:17.0079 3192 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys 11:20:17.0081 3192 btwaudio - ok 11:20:17.0117 3192 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys 11:20:17.0131 3192 btwavdt - ok 11:20:17.0271 3192 btwdins (6dde1e97be4d50253dfb9090a6a62524) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 11:20:17.0302 3192 btwdins - ok 11:20:17.0328 3192 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys 11:20:17.0329 3192 btwl2cap - ok 11:20:17.0342 3192 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys 11:20:17.0343 3192 btwrchid - ok 11:20:17.0347 3192 catchme - ok 11:20:17.0390 3192 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:20:17.0396 3192 cdfs - ok 11:20:17.0473 3192 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 11:20:17.0488 3192 cdrom - ok 11:20:17.0538 3192 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:20:17.0541 3192 CertPropSvc - ok 11:20:17.0577 3192 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 11:20:17.0579 3192 cfwids - ok 11:20:17.0619 3192 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:20:17.0621 3192 circlass - ok 11:20:17.0686 3192 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:20:17.0697 3192 CLFS - ok 11:20:17.0770 3192 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:20:17.0772 3192 clr_optimization_v2.0.50727_32 - ok 11:20:17.0812 3192 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:20:17.0818 3192 clr_optimization_v2.0.50727_64 - ok 11:20:17.0927 3192 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:20:17.0941 3192 clr_optimization_v4.0.30319_32 - ok 11:20:18.0001 3192 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:20:18.0014 3192 clr_optimization_v4.0.30319_64 - ok 11:20:18.0040 3192 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:20:18.0042 3192 CmBatt - ok 11:20:18.0079 3192 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:20:18.0081 3192 cmdide - ok 11:20:18.0152 3192 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 11:20:18.0158 3192 CNG - ok 11:20:18.0199 3192 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:20:18.0200 3192 Compbatt - ok 11:20:18.0241 3192 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:20:18.0243 3192 CompositeBus - ok 11:20:18.0259 3192 COMSysApp - ok 11:20:18.0281 3192 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:20:18.0283 3192 crcdisk - ok 11:20:18.0334 3192 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 11:20:18.0337 3192 CryptSvc - ok 11:20:18.0380 3192 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys 11:20:18.0391 3192 CtClsFlt - ok 11:20:18.0470 3192 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:20:18.0478 3192 DcomLaunch - ok 11:20:18.0697 3192 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:20:18.0703 3192 defragsvc - ok 11:20:18.0899 3192 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:20:18.0904 3192 DfsC - ok 11:20:18.0977 3192 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:20:18.0991 3192 Dhcp - ok 11:20:19.0018 3192 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:20:19.0020 3192 discache - ok 11:20:19.0061 3192 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:20:19.0067 3192 Disk - ok 11:20:19.0118 3192 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:20:19.0129 3192 Dnscache - ok 11:20:19.0226 3192 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe 11:20:19.0228 3192 DockLoginService - ok 11:20:19.0280 3192 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:20:19.0298 3192 dot3svc - ok 11:20:19.0341 3192 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:20:19.0353 3192 DPS - ok 11:20:19.0385 3192 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:20:19.0387 3192 drmkaud - ok 11:20:19.0496 3192 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:20:19.0520 3192 DXGKrnl - ok 11:20:19.0561 3192 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:20:19.0576 3192 EapHost - ok 11:20:19.0781 3192 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:20:19.0853 3192 ebdrv - ok 11:20:19.0968 3192 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:20:19.0970 3192 EFS - ok 11:20:20.0097 3192 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:20:20.0112 3192 ehRecvr - ok 11:20:20.0146 3192 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:20:20.0161 3192 ehSched - ok 11:20:20.0262 3192 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:20:20.0273 3192 elxstor - ok 11:20:20.0345 3192 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE 11:20:20.0348 3192 EPSON_EB_RPCV4_01 - ok 11:20:20.0371 3192 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 11:20:20.0372 3192 EPSON_PM_RPCV4_01 - ok 11:20:20.0396 3192 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:20:20.0397 3192 ErrDev - ok 11:20:20.0472 3192 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:20:20.0478 3192 EventSystem - ok 11:20:20.0534 3192 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:20:20.0544 3192 exfat - ok 11:20:20.0597 3192 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys 11:20:20.0605 3192 FACAP - ok 11:20:20.0870 3192 FAService (2b85d60e470acf871e4ef0db02e26861) C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe 11:20:20.0881 3192 FAService - ok 11:20:21.0012 3192 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:20:21.0022 3192 fastfat - ok 11:20:21.0117 3192 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:20:21.0133 3192 Fax - ok 11:20:21.0151 3192 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:20:21.0152 3192 fdc - ok 11:20:21.0187 3192 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:20:21.0189 3192 fdPHost - ok 11:20:21.0200 3192 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:20:21.0202 3192 FDResPub - ok 11:20:21.0229 3192 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:20:21.0231 3192 FileInfo - ok 11:20:21.0244 3192 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:20:21.0246 3192 Filetrace - ok 11:20:21.0263 3192 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:20:21.0264 3192 flpydisk - ok 11:20:21.0321 3192 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:20:21.0337 3192 FltMgr - ok 11:20:21.0460 3192 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:20:21.0485 3192 FontCache - ok 11:20:21.0563 3192 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:20:21.0565 3192 FontCache3.0.0.0 - ok 11:20:21.0610 3192 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:20:21.0612 3192 FsDepends - ok 11:20:21.0628 3192 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:20:21.0629 3192 Fs_Rec - ok 11:20:21.0684 3192 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:20:21.0692 3192 fvevol - ok 11:20:21.0720 3192 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:20:21.0722 3192 gagp30kx - ok 11:20:21.0764 3192 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:20:21.0766 3192 GEARAspiWDM - ok 11:20:21.0878 3192 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:20:21.0899 3192 gpsvc - ok 11:20:22.0036 3192 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:20:22.0040 3192 gupdate - ok 11:20:22.0067 3192 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:20:22.0069 3192 gupdatem - ok 11:20:22.0127 3192 gusvc (5d4bc124faae6730ac002cdb67bf1a1c) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:20:22.0130 3192 gusvc - ok 11:20:22.0177 3192 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:20:22.0178 3192 hcw85cir - ok 11:20:22.0232 3192 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:20:22.0247 3192 HDAudBus - ok 11:20:22.0268 3192 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:20:22.0269 3192 HidBatt - ok 11:20:22.0290 3192 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:20:22.0296 3192 HidBth - ok 11:20:22.0327 3192 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:20:22.0329 3192 HidIr - ok 11:20:22.0353 3192 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:20:22.0355 3192 hidserv - ok 11:20:22.0410 3192 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 11:20:22.0411 3192 HidUsb - ok 11:20:22.0455 3192 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:20:22.0472 3192 hkmsvc - ok 11:20:22.0522 3192 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:20:22.0530 3192 HomeGroupListener - ok 11:20:22.0575 3192 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:20:22.0585 3192 HomeGroupProvider - ok 11:20:22.0624 3192 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:20:22.0631 3192 HpSAMD - ok 11:20:22.0733 3192 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:20:22.0754 3192 HTTP - ok 11:20:22.0782 3192 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:20:22.0784 3192 hwpolicy - ok 11:20:22.0845 3192 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 11:20:22.0859 3192 i8042prt - ok 11:20:22.0933 3192 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:20:22.0951 3192 iaStorV - ok 11:20:23.0089 3192 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:20:23.0102 3192 idsvc - ok 11:20:23.0137 3192 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:20:23.0138 3192 iirsp - ok 11:20:23.0217 3192 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:20:23.0232 3192 IKEEXT - ok 11:20:23.0267 3192 Impcd (4ff8a2082d78255d2eb169f986bcc981) C:\Windows\system32\DRIVERS\Impcd.sys 11:20:23.0280 3192 Impcd - ok 11:20:23.0325 3192 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:20:23.0326 3192 intelide - ok 11:20:23.0347 3192 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:20:23.0350 3192 intelppm - ok 11:20:23.0404 3192 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:20:23.0421 3192 IPBusEnum - ok 11:20:23.0484 3192 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:20:23.0486 3192 IpFilterDriver - ok 11:20:23.0566 3192 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:20:23.0575 3192 iphlpsvc - ok 11:20:23.0615 3192 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:20:23.0621 3192 IPMIDRV - ok 11:20:23.0656 3192 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:20:23.0671 3192 IPNAT - ok 11:20:23.0815 3192 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe 11:20:23.0844 3192 iPod Service - ok 11:20:23.0873 3192 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:20:23.0874 3192 IRENUM - ok 11:20:24.0049 3192 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:20:24.0051 3192 isapnp - ok 11:20:24.0207 3192 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:20:24.0226 3192 iScsiPrt - ok 11:20:24.0258 3192 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys 11:20:24.0260 3192 itecir - ok 11:20:24.0319 3192 k57nd60a (08dd34f74d65e1c8f238565570952630) C:\Windows\system32\DRIVERS\k57nd60a.sys 11:20:24.0333 3192 k57nd60a - ok 11:20:24.0372 3192 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:20:24.0373 3192 kbdclass - ok 11:20:24.0416 3192 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:20:24.0417 3192 kbdhid - ok 11:20:24.0445 3192 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:24.0448 3192 KeyIso - ok 11:20:24.0483 3192 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 11:20:24.0485 3192 KSecDD - ok 11:20:24.0510 3192 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 11:20:24.0512 3192 KSecPkg - ok 11:20:24.0535 3192 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:20:24.0536 3192 ksthunk - ok 11:20:24.0591 3192 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:20:24.0602 3192 KtmRm - ok 11:20:24.0673 3192 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 11:20:24.0681 3192 LanmanServer - ok 11:20:24.0740 3192 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:20:24.0755 3192 LanmanWorkstation - ok 11:20:24.0787 3192 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:20:24.0788 3192 lltdio - ok 11:20:24.0838 3192 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:20:24.0853 3192 lltdsvc - ok 11:20:24.0880 3192 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:20:24.0882 3192 lmhosts - ok 11:20:24.0920 3192 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:20:24.0923 3192 LSI_FC - ok 11:20:24.0962 3192 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:20:24.0977 3192 LSI_SAS - ok 11:20:25.0007 3192 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:20:25.0009 3192 LSI_SAS2 - ok 11:20:25.0032 3192 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:20:25.0046 3192 LSI_SCSI - ok 11:20:25.0067 3192 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:20:25.0073 3192 luafv - ok 11:20:25.0215 3192 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:25.0243 3192 McMPFSvc - ok 11:20:25.0250 3192 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:25.0253 3192 mcmscsvc - ok 11:20:25.0260 3192 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:25.0264 3192 McNaiAnn - ok 11:20:25.0292 3192 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:25.0294 3192 McNASvc - ok 11:20:25.0390 3192 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\McAfee\VirusScan\mcods.exe 11:20:25.0404 3192 McODS - ok 11:20:25.0410 3192 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:25.0413 3192 McProxy - ok 11:20:25.0485 3192 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 11:20:25.0497 3192 McShield - ok 11:20:25.0532 3192 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:20:25.0535 3192 Mcx2Svc - ok 11:20:25.0557 3192 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:20:25.0558 3192 megasas - ok 11:20:25.0596 3192 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:20:25.0613 3192 MegaSR - ok 11:20:25.0646 3192 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 11:20:25.0659 3192 mfeapfk - ok 11:20:25.0693 3192 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 11:20:25.0701 3192 mfeavfk - ok 11:20:25.0724 3192 mfeavfk01 - ok 11:20:25.0765 3192 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 11:20:25.0775 3192 mfefire - ok 11:20:25.0841 3192 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 11:20:25.0857 3192 mfefirek - ok 11:20:25.0952 3192 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 11:20:25.0988 3192 mfehidk - ok 11:20:26.0043 3192 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 11:20:26.0046 3192 mfenlfk - ok 11:20:26.0080 3192 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 11:20:26.0096 3192 mferkdet - ok 11:20:26.0132 3192 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 11:20:26.0145 3192 mfevtp - ok 11:20:26.0202 3192 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 11:20:26.0217 3192 mfewfpk - ok 11:20:26.0252 3192 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:20:26.0255 3192 MMCSS - ok 11:20:26.0282 3192 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:20:26.0284 3192 Modem - ok 11:20:26.0310 3192 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:20:26.0312 3192 monitor - ok 11:20:26.0348 3192 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 11:20:26.0350 3192 mouclass - ok 11:20:26.0380 3192 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:20:26.0381 3192 mouhid - ok 11:20:26.0417 3192 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:20:26.0422 3192 mountmgr - ok 11:20:26.0457 3192 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:20:26.0470 3192 mpio - ok 11:20:26.0495 3192 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:20:26.0498 3192 mpsdrv - ok 11:20:26.0586 3192 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:20:26.0602 3192 MpsSvc - ok 11:20:26.0647 3192 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:20:26.0662 3192 MRxDAV - ok 11:20:26.0702 3192 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:20:26.0714 3192 mrxsmb - ok 11:20:26.0771 3192 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:20:26.0787 3192 mrxsmb10 - ok 11:20:26.0808 3192 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:20:26.0811 3192 mrxsmb20 - ok 11:20:26.0842 3192 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:20:26.0843 3192 msahci - ok 11:20:26.0940 3192 MSCamSvc (ab94aa7a8c00ad8d9ed6c9b8261b0c1e) C:\Program Files\Microsoft LifeCam\MSCamS64.exe 11:20:26.0950 3192 MSCamSvc - ok 11:20:26.0995 3192 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:20:27.0009 3192 msdsm - ok 11:20:27.0057 3192 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:20:27.0070 3192 MSDTC - ok 11:20:27.0100 3192 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:20:27.0102 3192 Msfs - ok 11:20:27.0113 3192 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:20:27.0114 3192 mshidkmdf - ok 11:20:27.0140 3192 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:20:27.0142 3192 msisadrv - ok 11:20:27.0181 3192 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:20:27.0194 3192 MSiSCSI - ok 11:20:27.0199 3192 msiserver - ok 11:20:27.0326 3192 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 11:20:27.0329 3192 MSK80Service - ok 11:20:27.0376 3192 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:20:27.0378 3192 MSKSSRV - ok 11:20:27.0394 3192 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:20:27.0395 3192 MSPCLOCK - ok 11:20:27.0414 3192 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:20:27.0415 3192 MSPQM - ok 11:20:27.0471 3192 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:20:27.0483 3192 MsRPC - ok 11:20:27.0524 3192 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:20:27.0526 3192 mssmbios - ok 11:20:27.0659 3192 MSSQL$SQLEXPRESS - ok 11:20:27.0716 3192 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 11:20:27.0717 3192 MSSQLServerADHelper - ok 11:20:27.0743 3192 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:20:27.0744 3192 MSTEE - ok 11:20:27.0757 3192 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:20:27.0758 3192 MTConfig - ok 11:20:27.0787 3192 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:20:27.0788 3192 Mup - ok 11:20:27.0844 3192 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:20:27.0852 3192 napagent - ok 11:20:27.0896 3192 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:20:27.0911 3192 NativeWifiP - ok 11:20:28.0029 3192 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:20:28.0038 3192 NDIS - ok 11:20:28.0050 3192 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:20:28.0051 3192 NdisCap - ok 11:20:28.0079 3192 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:20:28.0080 3192 NdisTapi - ok 11:20:28.0123 3192 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:20:28.0125 3192 Ndisuio - ok 11:20:28.0176 3192 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:20:28.0188 3192 NdisWan - ok 11:20:28.0230 3192 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:20:28.0233 3192 NDProxy - ok 11:20:28.0253 3192 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:20:28.0254 3192 NetBIOS - ok 11:20:28.0307 3192 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:20:28.0314 3192 NetBT - ok 11:20:28.0356 3192 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:28.0358 3192 Netlogon - ok 11:20:28.0402 3192 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:20:28.0407 3192 Netman - ok 11:20:28.0536 3192 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:28.0550 3192 NetMsmqActivator - ok 11:20:28.0556 3192 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:28.0558 3192 NetPipeActivator - ok 11:20:28.0612 3192 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:20:28.0628 3192 netprofm - ok 11:20:28.0633 3192 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:28.0635 3192 NetTcpActivator - ok 11:20:28.0639 3192 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 11:20:28.0641 3192 NetTcpPortSharing - ok 11:20:28.0709 3192 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:20:28.0711 3192 nfrd960 - ok 11:20:28.0775 3192 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:20:28.0790 3192 NlaSvc - ok 11:20:28.0802 3192 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:20:28.0804 3192 Npfs - ok 11:20:28.0831 3192 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:20:28.0834 3192 nsi - ok 11:20:28.0850 3192 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:20:28.0851 3192 nsiproxy - ok 11:20:28.0996 3192 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:20:29.0004 3192 Ntfs - ok 11:20:29.0114 3192 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:20:29.0115 3192 Null - ok 11:20:29.0178 3192 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:20:29.0191 3192 nvraid - ok 11:20:29.0266 3192 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:20:29.0269 3192 nvstor - ok 11:20:29.0315 3192 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:20:29.0329 3192 nv_agp - ok 11:20:29.0458 3192 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:20:29.0480 3192 odserv - ok 11:20:29.0512 3192 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:20:29.0518 3192 ohci1394 - ok 11:20:29.0601 3192 OpenVPNService (c929013e74a4335b9814e428088a508b) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe 11:20:29.0603 3192 OpenVPNService - ok 11:20:29.0645 3192 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:20:29.0659 3192 ose - ok 11:20:29.0716 3192 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:20:29.0723 3192 p2pimsvc - ok 11:20:29.0766 3192 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:20:29.0784 3192 p2psvc - ok 11:20:29.0815 3192 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:20:29.0820 3192 Parport - ok 11:20:29.0854 3192 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:20:29.0861 3192 partmgr - ok 11:20:29.0895 3192 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:20:29.0905 3192 PcaSvc - ok 11:20:30.0004 3192 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 (7317a0b550f7ac0223b7070897670476) c:\program files\dell support center\pcdsrvc_x64.pkms 11:20:30.0006 3192 PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok 11:20:30.0055 3192 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:20:30.0065 3192 pci - ok 11:20:30.0112 3192 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:20:30.0114 3192 pciide - ok 11:20:30.0156 3192 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:20:30.0164 3192 pcmcia - ok 11:20:30.0187 3192 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:20:30.0189 3192 pcw - ok 11:20:30.0248 3192 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:20:30.0275 3192 PEAUTH - ok 11:20:30.0366 3192 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:20:30.0369 3192 PerfHost - ok 11:20:30.0526 3192 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:20:30.0555 3192 pla - ok 11:20:30.0639 3192 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:20:30.0660 3192 PlugPlay - ok 11:20:30.0686 3192 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:20:30.0689 3192 PNRPAutoReg - ok 11:20:30.0726 3192 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:20:30.0731 3192 PNRPsvc - ok 11:20:30.0801 3192 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:20:30.0815 3192 PolicyAgent - ok 11:20:30.0855 3192 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:20:30.0860 3192 Power - ok 11:20:30.0925 3192 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:20:30.0940 3192 PptpMiniport - ok 11:20:30.0966 3192 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:20:30.0968 3192 Processor - ok 11:20:31.0008 3192 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 11:20:31.0018 3192 ProfSvc - ok 11:20:31.0045 3192 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:31.0047 3192 ProtectedStorage - ok 11:20:31.0084 3192 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:20:31.0087 3192 Psched - ok 11:20:31.0129 3192 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 11:20:31.0131 3192 PxHlpa64 - ok 11:20:31.0279 3192 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:20:31.0313 3192 ql2300 - ok 11:20:31.0441 3192 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:20:31.0456 3192 ql40xx - ok 11:20:31.0501 3192 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:20:31.0520 3192 QWAVE - ok 11:20:31.0535 3192 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:20:31.0537 3192 QWAVEdrv - ok 11:20:31.0556 3192 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:20:31.0557 3192 RasAcd - ok 11:20:31.0589 3192 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:20:31.0591 3192 RasAgileVpn - ok 11:20:31.0624 3192 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:20:31.0640 3192 RasAuto - ok 11:20:31.0685 3192 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:20:31.0700 3192 Rasl2tp - ok 11:20:31.0759 3192 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:20:31.0771 3192 RasMan - ok 11:20:31.0801 3192 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:20:31.0806 3192 RasPppoe - ok 11:20:31.0820 3192 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:20:31.0823 3192 RasSstp - ok 11:20:31.0884 3192 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:20:31.0899 3192 rdbss - ok 11:20:31.0916 3192 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:20:31.0917 3192 rdpbus - ok 11:20:31.0937 3192 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:20:31.0940 3192 RDPCDD - ok 11:20:31.0957 3192 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:20:31.0959 3192 RDPENCDD - ok 11:20:31.0980 3192 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:20:31.0981 3192 RDPREFMP - ok 11:20:32.0027 3192 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 11:20:32.0035 3192 RDPWD - ok 11:20:32.0116 3192 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:20:32.0124 3192 rdyboost - ok 11:20:32.0163 3192 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:20:32.0179 3192 RemoteAccess - ok 11:20:32.0239 3192 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:20:32.0243 3192 RemoteRegistry - ok 11:20:32.0288 3192 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 11:20:32.0301 3192 RFCOMM - ok 11:20:32.0336 3192 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys 11:20:32.0338 3192 rimspci - ok 11:20:32.0376 3192 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys 11:20:32.0378 3192 RimUsb - ok 11:20:32.0404 3192 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys 11:20:32.0410 3192 risdpcie - ok 11:20:32.0424 3192 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys 11:20:32.0426 3192 rixdpcie - ok 11:20:32.0631 3192 RoxMediaDB10 (05fc44d32a144925eae45570029fd6e1) c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 11:20:32.0673 3192 RoxMediaDB10 - ok 11:20:32.0702 3192 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:20:32.0705 3192 RpcEptMapper - ok 11:20:32.0735 3192 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:20:32.0737 3192 RpcLocator - ok 11:20:32.0813 3192 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:20:32.0820 3192 RpcSs - ok 11:20:32.0893 3192 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:20:32.0899 3192 rspndr - ok 11:20:32.0909 3192 RxFilter - ok 11:20:32.0934 3192 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:32.0936 3192 SamSs - ok 11:20:32.0982 3192 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:20:32.0987 3192 sbp2port - ok 11:20:33.0023 3192 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:20:33.0034 3192 SCardSvr - ok 11:20:33.0071 3192 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:20:33.0073 3192 scfilter - ok 11:20:33.0189 3192 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:20:33.0200 3192 Schedule - ok 11:20:33.0239 3192 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:20:33.0241 3192 SCPolicySvc - ok 11:20:33.0285 3192 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:20:33.0298 3192 SDRSVC - ok 11:20:33.0400 3192 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 11:20:33.0403 3192 SeaPort - ok 11:20:33.0477 3192 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:20:33.0479 3192 secdrv - ok 11:20:33.0512 3192 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:20:33.0515 3192 seclogon - ok 11:20:33.0562 3192 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 11:20:33.0565 3192 SENS - ok 11:20:33.0579 3192 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:20:33.0583 3192 SensrSvc - ok 11:20:33.0599 3192 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:20:33.0600 3192 Serenum - ok 11:20:33.0627 3192 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:20:33.0629 3192 Serial - ok 11:20:33.0668 3192 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:20:33.0670 3192 sermouse - ok 11:20:33.0712 3192 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:20:33.0729 3192 SessionEnv - ok 11:20:33.0784 3192 SessionLauncher - ok 11:20:33.0816 3192 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:20:33.0818 3192 sffdisk - ok 11:20:33.0825 3192 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:20:33.0827 3192 sffp_mmc - ok 11:20:33.0834 3192 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:20:33.0835 3192 sffp_sd - ok 11:20:33.0866 3192 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:20:33.0868 3192 sfloppy - ok 11:20:34.0042 3192 SftService (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE 11:20:34.0058 3192 SftService - ok 11:20:34.0203 3192 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:20:34.0215 3192 SharedAccess - ok 11:20:34.0529 3192 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:20:34.0535 3192 ShellHWDetection - ok 11:20:34.0590 3192 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:20:34.0592 3192 SiSRaid2 - ok 11:20:34.0614 3192 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:20:34.0620 3192 SiSRaid4 - ok 11:20:34.0965 3192 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 11:20:34.0980 3192 Skype C2C Service - ok 11:20:35.0081 3192 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe 11:20:35.0094 3192 SkypeUpdate - ok 11:20:35.0249 3192 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:20:35.0255 3192 Smb - ok 11:20:35.0305 3192 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:20:35.0308 3192 SNMPTRAP - ok 11:20:35.0324 3192 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:20:35.0326 3192 spldr - ok 11:20:35.0397 3192 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:20:35.0405 3192 Spooler - ok 11:20:35.0729 3192 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:20:35.0789 3192 sppsvc - ok 11:20:35.0898 3192 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:20:35.0906 3192 sppuinotify - ok 11:20:36.0017 3192 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 11:20:36.0020 3192 SQLBrowser - ok 11:20:36.0112 3192 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 11:20:36.0148 3192 SQLWriter - ok 11:20:36.0232 3192 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:20:36.0239 3192 srv - ok 11:20:36.0288 3192 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:20:36.0296 3192 srv2 - ok 11:20:36.0321 3192 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:20:36.0332 3192 srvnet - ok 11:20:36.0381 3192 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:20:36.0385 3192 SSDPSRV - ok 11:20:36.0405 3192 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:20:36.0412 3192 SstpSvc - ok 11:20:36.0532 3192 STacSV (444109453a2b87e6c16bcda5953e81a9) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe 11:20:36.0540 3192 STacSV - ok 11:20:36.0560 3192 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:20:36.0562 3192 stexstor - ok 11:20:36.0628 3192 STHDA (02e784fa49032f84964db90a3ed81890) C:\Windows\system32\DRIVERS\stwrt64.sys 11:20:36.0642 3192 STHDA - ok 11:20:36.0719 3192 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:20:36.0738 3192 stisvc - ok 11:20:36.0833 3192 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 11:20:36.0836 3192 stllssvr - ok 11:20:36.0863 3192 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:20:36.0864 3192 swenum - ok 11:20:36.0930 3192 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:20:36.0945 3192 swprv - ok 11:20:37.0012 3192 SynTP (639b57dc871be4b86283027faf1f4e30) C:\Windows\system32\DRIVERS\SynTP.sys 11:20:37.0027 3192 SynTP - ok 11:20:37.0199 3192 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:20:37.0232 3192 SysMain - ok 11:20:37.0362 3192 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:20:37.0378 3192 TabletInputService - ok 11:20:37.0452 3192 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys 11:20:37.0454 3192 tap0901 - ok 11:20:37.0509 3192 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:20:37.0515 3192 TapiSrv - ok 11:20:37.0537 3192 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:20:37.0541 3192 TBS - ok 11:20:37.0724 3192 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:20:37.0735 3192 Tcpip - ok 11:20:37.0994 3192 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:20:38.0005 3192 TCPIP6 - ok 11:20:38.0099 3192 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:20:38.0101 3192 tcpipreg - ok 11:20:38.0129 3192 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:20:38.0130 3192 TDPIPE - ok 11:20:38.0167 3192 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:20:38.0169 3192 TDTCP - ok 11:20:38.0218 3192 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:20:38.0220 3192 tdx - ok 11:20:38.0259 3192 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:20:38.0261 3192 TermDD - ok 11:20:38.0340 3192 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:20:38.0349 3192 TermService - ok 11:20:38.0377 3192 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:20:38.0381 3192 Themes - ok 11:20:38.0407 3192 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:20:38.0409 3192 THREADORDER - ok 11:20:38.0438 3192 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:20:38.0454 3192 TrkWks - ok 11:20:38.0516 3192 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:20:38.0526 3192 TrustedInstaller - ok 11:20:38.0563 3192 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:20:38.0565 3192 tssecsrv - ok 11:20:38.0619 3192 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:20:38.0621 3192 TsUsbFlt - ok 11:20:38.0680 3192 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:20:38.0695 3192 tunnel - ok 11:20:38.0723 3192 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:20:38.0725 3192 uagp35 - ok 11:20:38.0777 3192 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:20:38.0790 3192 udfs - ok 11:20:38.0828 3192 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:20:38.0832 3192 UI0Detect - ok 11:20:38.0886 3192 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:20:38.0888 3192 uliagpkx - ok 11:20:38.0925 3192 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 11:20:38.0927 3192 umbus - ok 11:20:38.0973 3192 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:20:38.0974 3192 UmPass - ok 11:20:39.0012 3192 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:20:39.0028 3192 upnphost - ok 11:20:39.0053 3192 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 11:20:39.0055 3192 USBAAPL64 - ok 11:20:39.0114 3192 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 11:20:39.0130 3192 usbaudio - ok 11:20:39.0168 3192 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:20:39.0173 3192 usbccgp - ok 11:20:39.0214 3192 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:20:39.0219 3192 usbcir - ok 11:20:39.0241 3192 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 11:20:39.0243 3192 usbehci - ok 11:20:39.0282 3192 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:20:39.0288 3192 usbhub - ok 11:20:39.0303 3192 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:20:39.0305 3192 usbohci - ok 11:20:39.0350 3192 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:20:39.0352 3192 usbprint - ok 11:20:39.0378 3192 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 11:20:39.0380 3192 usbscan - ok 11:20:39.0396 3192 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:20:39.0401 3192 USBSTOR - ok 11:20:39.0420 3192 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:20:39.0421 3192 usbuhci - ok 11:20:39.0464 3192 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 11:20:39.0475 3192 usbvideo - ok 11:20:39.0506 3192 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:20:39.0510 3192 UxSms - ok 11:20:39.0556 3192 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:20:39.0558 3192 VaultSvc - ok 11:20:39.0589 3192 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:20:39.0590 3192 vdrvroot - ok 11:20:39.0661 3192 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:20:39.0683 3192 vds - ok 11:20:39.0723 3192 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:20:39.0725 3192 vga - ok 11:20:39.0731 3192 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:20:39.0733 3192 VgaSave - ok 11:20:39.0780 3192 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:20:39.0789 3192 vhdmp - ok 11:20:39.0806 3192 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:20:39.0808 3192 viaide - ok 11:20:39.0844 3192 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:20:39.0847 3192 volmgr - ok 11:20:39.0905 3192 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:20:39.0917 3192 volmgrx - ok 11:20:39.0958 3192 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:20:39.0982 3192 volsnap - ok 11:20:40.0017 3192 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:20:40.0030 3192 vsmraid - ok 11:20:40.0182 3192 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:20:40.0208 3192 VSS - ok 11:20:40.0321 3192 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:20:40.0323 3192 vwifibus - ok 11:20:40.0353 3192 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:20:40.0355 3192 vwififlt - ok 11:20:40.0378 3192 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 11:20:40.0379 3192 vwifimp - ok 11:20:40.0550 3192 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\Windows\system32\DRIVERS\VX3000.sys 11:20:40.0608 3192 VX3000 - ok 11:20:40.0744 3192 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:20:40.0755 3192 W32Time - ok 11:20:40.0809 3192 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:20:40.0811 3192 WacomPen - ok 11:20:40.0866 3192 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:20:40.0884 3192 WANARP - ok 11:20:40.0893 3192 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:20:40.0894 3192 Wanarpv6 - ok 11:20:41.0059 3192 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:20:41.0087 3192 WatAdminSvc - ok 11:20:41.0238 3192 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:20:41.0274 3192 wbengine - ok 11:20:41.0392 3192 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:20:41.0402 3192 WbioSrvc - ok 11:20:41.0456 3192 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:20:41.0467 3192 wcncsvc - ok 11:20:41.0485 3192 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:20:41.0489 3192 WcsPlugInService - ok 11:20:41.0532 3192 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:20:41.0533 3192 Wd - ok 11:20:41.0594 3192 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:20:41.0610 3192 Wdf01000 - ok 11:20:41.0627 3192 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:20:41.0644 3192 WdiServiceHost - ok 11:20:41.0649 3192 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:20:41.0653 3192 WdiSystemHost - ok 11:20:41.0702 3192 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:20:41.0720 3192 WebClient - ok 11:20:41.0763 3192 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:20:41.0782 3192 Wecsvc - ok 11:20:41.0805 3192 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:20:41.0822 3192 wercplsupport - ok 11:20:41.0848 3192 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:20:41.0854 3192 WerSvc - ok 11:20:41.0910 3192 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:20:41.0912 3192 WfpLwf - ok 11:20:41.0955 3192 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 11:20:41.0965 3192 WimFltr - ok 11:20:42.0001 3192 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:20:42.0003 3192 WIMMount - ok 11:20:42.0033 3192 WinDefend - ok 11:20:42.0060 3192 WinHttpAutoProxySvc - ok 11:20:42.0141 3192 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:20:42.0159 3192 Winmgmt - ok 11:20:42.0362 3192 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:20:42.0409 3192 WinRM - ok 11:20:42.0584 3192 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 11:20:42.0586 3192 WinUsb - ok 11:20:42.0702 3192 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:20:42.0725 3192 Wlansvc - ok 11:20:43.0003 3192 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:20:43.0035 3192 wlidsvc - ok 11:20:43.0079 3192 wltrysvc (13b0a570e1ae451c92da550085d72cf3) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 11:20:43.0081 3192 wltrysvc - ok 11:20:43.0236 3192 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:20:43.0238 3192 WmiAcpi - ok 11:20:43.0295 3192 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:20:43.0305 3192 wmiApSrv - ok 11:20:43.0352 3192 WMPNetworkSvc - ok 11:20:43.0386 3192 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:20:43.0390 3192 WPCSvc - ok 11:20:43.0430 3192 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:20:43.0445 3192 WPDBusEnum - ok 11:20:43.0479 3192 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:20:43.0481 3192 ws2ifsl - ok 11:20:43.0506 3192 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 11:20:43.0522 3192 wscsvc - ok 11:20:43.0528 3192 WSearch - ok 11:20:43.0748 3192 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 11:20:43.0781 3192 wuauserv - ok 11:20:43.0926 3192 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:20:43.0942 3192 WudfPf - ok 11:20:43.0987 3192 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:20:44.0022 3192 WUDFRd - ok 11:20:44.0071 3192 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:20:44.0088 3192 wudfsvc - ok 11:20:44.0137 3192 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:20:44.0156 3192 WwanSvc - ok 11:20:44.0202 3192 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 11:20:44.0533 3192 \Device\Harddisk0\DR0 - ok 11:20:44.0537 3192 Boot (0x1200) (f80ba36281b72ae08c1e05f0b21ba570) \Device\Harddisk0\DR0\Partition0 11:20:44.0540 3192 \Device\Harddisk0\DR0\Partition0 - ok 11:20:44.0554 3192 Boot (0x1200) (bf09d52bc2b2840ee708124250ef6323) \Device\Harddisk0\DR0\Partition1 11:20:44.0556 3192 \Device\Harddisk0\DR0\Partition1 - ok 11:20:44.0557 3192 ============================================================ 11:20:44.0557 3192 Scan finished 11:20:44.0557 3192 ============================================================ 11:20:44.0570 6292 Detected object count: 0 11:20:44.0570 6292 Actual detected object count: 0 11:21:04.0763 5004 Deinitialize success
  11. ComboFix 12-08-10.02 - Seb 14/08/2012 11:09:04.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4021.2387 [GMT 8:00] Running from: c:\users\Seb\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe c:\windows\SysWow64\DEBUG.log . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 03:17 . 2012-08-14 03:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-10 20:08 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{991F70E0-FF6B-4E7A-B289-1B8CCCB0DB07}\mpengine.dll 2012-08-10 03:51 . 2012-08-14 03:16 -------- d-----w- c:\users\Seb\AppData\Local\fxjagetq 2012-08-10 03:51 . 2012-08-10 03:51 94120 --s---w- c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nebmqedh.exe 2012-07-26 04:41 . 2012-07-26 04:41 -------- dc----w- c:\program files (x86)\BBC iPlayer Desktop . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 00:31 . 2012-05-18 07:22 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-04 00:31 . 2011-05-21 00:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 19:02 . 2010-03-22 11:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 05:46 . 2012-06-19 11:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-27 02:42 . 2012-06-27 02:43 4446520 ----a-w- c:\windows\uninst.exe 2012-06-22 06:49 . 2012-06-22 06:49 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-06-20 04:14 . 2010-04-14 05:22 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-06-20 03:48 . 2010-05-19 16:48 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-06-19 05:20 . 2010-05-02 22:04 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-06-19 04:39 . 2010-05-20 22:07 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-12 03:08 . 2012-07-11 19:07 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 04:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 04:53 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 04:52 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 04:47 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 04:53 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 04:52 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 04:50 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-05 03:32 . 2010-04-14 05:13 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-02 22:19 . 2012-06-22 02:35 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 02:35 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 02:35 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 02:35 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 02:35 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 02:35 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 02:35 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 12:49 . 2012-07-11 19:01 17807360 ----a-w- c:\windows\system32\mshtml.dll 2012-06-02 12:17 . 2012-07-11 19:01 10924032 ----a-w- c:\windows\system32\ieframe.dll 2012-06-02 12:12 . 2012-07-11 19:01 2311680 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 12:05 . 2012-07-11 19:01 1346048 ----a-w- c:\windows\system32\urlmon.dll 2012-06-02 12:05 . 2012-07-11 19:01 1392128 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 12:04 . 2012-07-11 19:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 12:04 . 2012-07-11 19:01 237056 ----a-w- c:\windows\system32\url.dll 2012-06-02 12:03 . 2012-07-11 19:01 85504 ----a-w- c:\windows\system32\jsproxy.dll 2012-06-02 12:01 . 2012-07-11 19:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 12:00 . 2012-07-11 19:01 818688 ----a-w- c:\windows\system32\jscript.dll 2012-06-02 11:59 . 2012-07-11 19:01 2144768 ----a-w- c:\windows\system32\iertutil.dll 2012-06-02 11:57 . 2012-07-11 19:01 96768 ----a-w- c:\windows\system32\mshtmled.dll 2012-06-02 11:57 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 11:54 . 2012-07-11 19:01 248320 ----a-w- c:\windows\system32\ieui.dll 2012-06-02 08:33 . 2012-07-11 19:01 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-06-02 08:25 . 2012-07-11 19:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll 2012-06-02 08:25 . 2012-07-11 19:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-06-02 08:20 . 2012-07-11 19:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-06-02 08:16 . 2012-07-11 19:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-06-02 07:19 . 2012-06-22 02:34 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 07:15 . 2012-06-22 02:34 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:50 . 2012-07-11 04:52 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 04:52 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:48 . 2012-07-11 04:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:45 . 2012-07-11 04:52 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 04:52 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 04:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 04:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 04:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 04:50 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 04:25 . 2011-05-15 02:15 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-29 18:04 . 2010-05-01 21:43 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-14_01.21.53 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-03 03:13 . 2012-08-14 03:04 84498 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 03:04 34030 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-03-11 06:50 . 2012-08-14 03:04 20380 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1064479489-466832259-691007306-1000_UserData.bin + 2010-03-10 18:05 . 2012-08-14 03:07 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-03-10 18:05 . 2012-08-14 03:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-03-10 18:05 . 2012-08-13 15:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-13 15:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-14 03:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 03:01 . 2012-08-14 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-08-14 03:01 . 2012-08-14 03:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-08-14 01:07 . 2012-08-14 01:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-14 01:04 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 02:43 311200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-07-07 00:14 . 2012-08-14 02:43 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat - 2011-07-07 00:14 . 2012-08-14 01:04 8166628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1064479489-466832259-691007306-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}] 2011-01-17 08:54 175912 -c--a-w- c:\program files (x86)\ConduitEngine\prxConduitEngine.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{656461ef-40f6-4115-9ff1-bced9812ccbb}] 2011-05-09 09:49 176936 -c--a-w- c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-01-17 08:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 14:44 1400712 -c--a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912] "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912] "{656461ef-40f6-4115-9ff1-bced9812ccbb}"= "c:\program files (x86)\BitTorrentBar2\prxtbBitT.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}] . [HKEY_CLASSES_ROOT\clsid\{656461ef-40f6-4115-9ff1-bced9812ccbb}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-15 6276408] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "Facebook Update"="c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-05-12 6380400] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-03 17417392] "NebMqedh"="c:\users\Seb\AppData\Local\fxjagetq\nebmqedh.exe" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "openvpn-gui"="c:\program files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe" [2010-07-01 300032] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "ExpressFiles"="c:\program files (x86)\ExpressFiles\ExpressFiles.exe" [2012-06-22 476824] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776] "FAStartup"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-08 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . c:\users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] Facebook Messenger.lnk - c:\users\Seb\AppData\Local\Facebook\Messenger\2.1.4590.0\FacebookMessenger.exe [2012-7-26 244656] nebmqedh.exe [2012-8-10 94120] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-18 1080096] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess] 2011-04-23 14:17 147640 -c--a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-02-22 100912] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-02-22 289664] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 75936] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-18 202752] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-03-20 162192] S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416] S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-01 80896] S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-04 55808] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-02-22 65264] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040] S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-23 317480] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-02-22 487296] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-18 00:31] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-16 01:52] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 02:45] . 2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000Core.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1064479489-466832259-691007306-1000UA.job - c:\users\Seb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:17] . 2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-08-14 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416] "Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960] "VX3000"="c:\windows\vVX3000.exe" [2010-03-12 762736] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.bbc.co.uk/ mStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: internet Trusted Zone: mcafee.com TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 DPF: {20BBA18F-5BC8-47B5-8FC9-5DFCA8E56A4B} - hxxp://mpi.dacom.net/XMPI/js/LGUplus_XMPI_20110503.cab DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} - hxxp://mpi.dacom.net/XPayMPI/XPayMPI.cab DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA64.cab . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{656461EF-40F6-4115-9FF1-BCED9812CCBB} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1064479489-466832259-691007306-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-14 11:19:50 ComboFix-quarantined-files.txt 2012-08-14 03:19 ComboFix2.txt 2012-08-14 02:57 ComboFix3.txt 2012-08-14 02:21 ComboFix4.txt 2012-08-14 01:24 . Pre-Run: 16,768,778,240 bytes free Post-Run: 16,610,557,952 bytes free . - - End Of File - - 8E5B3792776335B836C1D041F2B52E4F
  12. Thank you very much for this. I have McAffee on my computer but it appears that the virus is stopping me from accessing it to close it down. Whenever I try to run ComboIx, it ceases after a matter of seconds. Do you have any advice? Thanks.
  13. Hi, I have something called hijack.userinit which is being picked up by my Malwarebytes software. Each time I run the scan this is deleted but it then appears again. I can only run the scan via the task manager and also don't seem t be able to access any anti-virus type websites - including this one. I am writing this via my IPad and keeping my laptop offline for the time being. Many thanks in advance for your assistance.
  14. Hi, Malwarebytes software has picked up something called hijack.userinit and deletes it. However when I start my computer again it is still there. I have to use the task manager to run Malwarebytes software each time and don't seem able to download anything from the Internet. Does anyone know how I can remove this fully from my laptop? Many thanks in advance for any assistance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.