Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Level Quality Watcher Infection [Solved]

Level Quality Watcher

  • This topic is locked This topic is locked
33 replies to this topic

#1 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 21 December 2013 - 10:50 AM

What the Tech:

 

I have a laptop running XP Pro and have been infected with the Level Quality Watcher virus.  It shows up in the list of programs when I run "add or remove programs" from the control panel but it does not have a "remove" or "unistall" button associated with it.

 

Also, in trying to find something to remove it, I ran a "free" cleaner (SpyHunter4 i think) but I did let it fix anything because they wanted money after the scan.  If found 15 infections (multiple instances) of the following threats (or at least they claim they are threats):

  1. PUP.Level Quality Watcher
  2. findWide.com
  3. Atlas DMT
  4. Doubleclick
  5. Question Market

Any help in removing Level Quality Watcher and identifying and removing other virus would be much appreciated.

 

Thanks in advance for your assistance.

 

Vdicaprio

 

 


    Advertisements

Register to Remove


#2 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 22 December 2013 - 01:59 PM

Hi and Welcome!!   

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.


Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt

Attach.txt
----------
 
weVCzW0.jpg Please download TDSSKiller

  • Double click TDSSKiller.exe
  • Press Start Scan but do nothing else as we are just looking for what is there.
  • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
  • Attach the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------
 
81mYIKe.jpg  AdwCleaner

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

----------


Posted Image
 
 

#3 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 23 December 2013 - 08:10 AM

Jeff

 

Thanks for taking the time to help.  One thing I forgot to mention is that upon boot up the new hardware wizard runs asking to find new hardware.  I just cancel it and the machine boots up.  It also takes a long time to boot.

 

All of the logs you requested are below:

 

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Jeff at 8:52:48 on 2013-12-23
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2348 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DKabcoms.exe
C:\Program Files\DOS2USB\elSVC.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn8\yt.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - 
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - 
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://www.ipinviewer.com/binInstall/IVSLite.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1296769982640
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP9-15980/event/ieatgpc.cab
TCP: NameServer = 192.168.254.254
TCP: Interfaces\{1335B6E7-E3A1-4A35-B017-7332703EB27C} : DHCPNameServer = 192.168.254.254
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - 
Notify: igfxcui - igfxdev.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 214696]
R2 dkab_device;dkab_device;c:\windows\system32\dkabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R2 elAPIsvc;elAPI - Service Server;c:\program files\dos2usb\elsvc.exe [2010-10-14 45056]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-9-4 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-9-4 43480]
.
=============== File Associations ===============
.
FileExt: .scr: DWGTrueViewScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-12-23 13:40:14 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ee667856-8577-4678-ae0a-5bbbfe2190a0}\mpengine.dll
2013-12-21 16:55:10 -------- d-----w- c:\documents and settings\jeff\local settings\application data\PDF Writer
2013-12-21 15:29:58 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-12-20 22:59:56 -------- d-----w- c:\program files\Enigma Software Group
2013-12-20 22:59:19 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-20 22:59:15 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2013-12-20 16:44:18 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-12 13:50:35 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2013-11-26 20:51:33 -------- d-----w- C:\temp
.
==================== Find3M  ====================
.
2013-12-20 22:38:51 60 ----a-w- c:\windows\wpd99.drv
2013-12-11 16:22:34 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 16:22:34 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-08 12:45:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-08 12:35:40 147456 ----a-w- c:\windows\system32\bzpdfc.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 14:53:06 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH:  8:53:25.53 ===============
 
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/9/2008 8:11:03 PM
System Uptime: 12/23/2013 8:27:14 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 0M277C
Processor: Intel® Core™2 Duo CPU     T5870  @ 2.00GHz | U2E1 | 1995/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 139 GiB total, 111.148 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP469: 11/6/2013 9:20:38 AM - System Checkpoint
RP470: 11/6/2013 9:20:49 AM - OTL Restore Point - 11/6/2013 9:20:45 AM
RP471: 11/6/2013 10:14:21 AM - Installed WOT for Internet Explorer
RP472: 11/6/2013 10:30:55 AM - Removed WOT for Internet Explorer
RP473: 11/7/2013 7:31:45 AM - Software Distribution Service 3.0
RP474: 11/8/2013 7:39:38 AM - Removed HiJackThis
RP475: 11/8/2013 7:46:08 AM - Software Distribution Service 3.0
RP476: 11/8/2013 11:36:49 AM - Software Distribution Service 3.0
RP477: 11/11/2013 8:09:07 AM - Software Distribution Service 3.0
RP478: 11/12/2013 8:10:35 AM - System Checkpoint
RP479: 11/13/2013 8:21:04 AM - Software Distribution Service 3.0
RP480: 11/14/2013 8:39:20 AM - System Checkpoint
RP481: 11/14/2013 12:00:14 PM - Software Distribution Service 3.0
RP482: 11/14/2013 12:31:43 PM - Software Distribution Service 3.0
RP483: 11/15/2013 11:47:54 AM - Software Distribution Service 3.0
RP484: 11/18/2013 8:06:25 AM - Software Distribution Service 3.0
RP485: 11/19/2013 12:00:14 PM - Software Distribution Service 3.0
RP486: 11/19/2013 12:11:32 PM - Software Distribution Service 3.0
RP487: 11/20/2013 1:12:31 PM - System Checkpoint
RP488: 11/21/2013 7:42:31 AM - Software Distribution Service 3.0
RP489: 11/22/2013 8:07:49 AM - Software Distribution Service 3.0
RP490: 11/22/2013 12:08:48 PM - Software Distribution Service 3.0
RP491: 11/25/2013 8:09:04 AM - Software Distribution Service 3.0
RP492: 11/26/2013 11:09:55 AM - System Checkpoint
RP493: 11/27/2013 8:07:42 AM - Software Distribution Service 3.0
RP494: 12/2/2013 8:09:50 AM - Software Distribution Service 3.0
RP495: 12/3/2013 12:02:29 PM - System Checkpoint
RP496: 12/4/2013 8:09:28 AM - Software Distribution Service 3.0
RP497: 12/5/2013 8:42:30 AM - Software Distribution Service 3.0
RP498: 12/6/2013 10:22:25 AM - System Checkpoint
RP499: 12/6/2013 12:01:38 PM - Software Distribution Service 3.0
RP500: 12/9/2013 9:28:53 AM - Software Distribution Service 3.0
RP501: 12/10/2013 12:03:44 PM - System Checkpoint
RP502: 12/11/2013 9:00:55 AM - Software Distribution Service 3.0
RP503: 12/12/2013 11:58:40 AM - Software Distribution Service 3.0
RP504: 12/12/2013 5:07:18 PM - Software Distribution Service 3.0
RP505: 12/13/2013 12:00:14 PM - Software Distribution Service 3.0
RP506: 12/13/2013 12:08:58 PM - Software Distribution Service 3.0
RP507: 12/16/2013 8:11:27 AM - Software Distribution Service 3.0
RP508: 12/17/2013 11:37:00 AM - System Checkpoint
RP509: 12/18/2013 8:07:54 AM - Software Distribution Service 3.0
RP510: 12/19/2013 11:44:47 AM - System Checkpoint
RP511: 12/20/2013 8:08:31 AM - Software Distribution Service 3.0
RP512: 12/20/2013 11:44:17 AM - Software Distribution Service 3.0
RP513: 12/20/2013 5:41:43 PM - Removed QuickSet
RP514: 12/20/2013 5:47:48 PM - Removed ScorpionSaver
RP515: 12/20/2013 5:59:56 PM - Installed SpyHunter
RP516: 12/20/2013 6:15:40 PM - Removed SpyHunter
RP517: 12/23/2013 8:40:12 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Software Update
AudibleManager
Autodesk Design Review 2010
Autodesk Revit Building 8.1
BLCC5
Browser Address Error Redirector
Bullzip PDF Printer 10.1.0.1871
Carbonite
Chimney Sizer 4.1
Cisco WebEx Meetings
Compatibility Pack for the 2007 Office system
Dell Automated PC TuneUp
Dell DataSafe Online
Dell Laser MFP 1600n Software Uninstall
Dell Network Assistant
Dell Printer Software Uninstall
Dell Support Center
Dell System Restore
Dell Touchpad
Dell Wireless WLAN Card Utility
DWG TrueView 2010
Exhaust Sizing Program
FastBidX Plugin (remove only)
Google Chrome
Google Earth
Google Update Helper
GoToMeeting 4.8.0.723
Graph 4.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hurst CAD Library 3.1
Intel® Graphics Media Accelerator Driver
IPIN Viewing System Professional
Kyocera Product Library
Kyocera TWAIN Driver
Malwarebytes Anti-Malware version 1.75.0.1300
Metal-Fab Pipe Sizing Program
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Security Client
Microsoft Security Essentials
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
PowerDVD
QuickTime
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SecureQuote
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB2803821)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpywareBlaster 4.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Presentation Foundation
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/19/2013 7:59:28 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the CarboniteService service to connect.
12/19/2013 7:59:28 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
12/19/2013 7:58:56 AM, error: Service Control Manager [7000]  - The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:  The system cannot find the file specified.
12/19/2013 7:58:56 AM, error: Service Control Manager [7000]  - The CarboniteService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/18/2013 1:41:00 PM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942403
.
==== End Of File ===========================
 
TDSSKILLER
08:56:58.0046 0x0594  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
08:57:03.0390 0x0594  ============================================================
08:57:03.0390 0x0594  Current date / time: 2013/12/23 08:57:03.0390
08:57:03.0390 0x0594  SystemInfo:
08:57:03.0390 0x0594  
08:57:03.0390 0x0594  OS Version: 5.1.2600 ServicePack: 3.0
08:57:03.0390 0x0594  Product type: Workstation
08:57:03.0390 0x0594  ComputerName: JEFF
08:57:03.0390 0x0594  UserName: Jeff
08:57:03.0390 0x0594  Windows directory: C:\WINDOWS
08:57:03.0390 0x0594  System windows directory: C:\WINDOWS
08:57:03.0390 0x0594  Processor architecture: Intel x86
08:57:03.0390 0x0594  Number of processors: 2
08:57:03.0390 0x0594  Page size: 0x1000
08:57:03.0390 0x0594  Boot type: Normal boot
08:57:03.0390 0x0594  ============================================================
08:57:04.0046 0x0594  KLMD registered as C:\WINDOWS\system32\drivers\57578267.sys
08:57:04.0203 0x0594  System UUID: {B2B4B3D0-A4F7-4734-8B41-7FB195915E77}
08:57:04.0859 0x0594  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:57:04.0859 0x0594  ============================================================
08:57:04.0859 0x0594  \Device\Harddisk0\DR0:
08:57:04.0859 0x0594  MBR partitions:
08:57:04.0859 0x0594  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1167DCE8
08:57:04.0859 0x0594  ============================================================
08:57:04.0890 0x0594  C: <-> \Device\Harddisk0\DR0\Partition1
08:57:04.0890 0x0594  ============================================================
08:57:04.0890 0x0594  Initialize success
08:57:04.0890 0x0594  ============================================================
08:57:09.0250 0x00b8  ============================================================
08:57:09.0250 0x00b8  Scan started
08:57:09.0250 0x00b8  Mode: Manual; 
08:57:09.0250 0x00b8  ============================================================
08:57:09.0250 0x00b8  KSN ping started
08:57:11.0765 0x00b8  KSN ping finished: true
08:57:12.0828 0x00b8  ================ Scan system memory ========================
08:57:12.0828 0x00b8  System memory - ok
08:57:12.0828 0x00b8  ================ Scan services =============================
08:57:12.0953 0x00b8  Abiosdsk - ok
08:57:12.0984 0x00b8  [ 6ABB91494FE6C59089B9336452AB2EA3, FA28396820E44F991891042E051A4414485B54D456F252E03E3FFE1B4B4CF843 ] abp480n5        C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
08:57:12.0984 0x00b8  abp480n5 - ok
08:57:13.0140 0x00b8  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:57:13.0156 0x00b8  ACPI - ok
08:57:13.0171 0x00b8  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
08:57:13.0171 0x00b8  ACPIEC - ok
08:57:13.0234 0x00b8  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:57:13.0234 0x00b8  AdobeFlashPlayerUpdateSvc - ok
08:57:13.0281 0x00b8  [ 9A11864873DA202C996558B2106B0BBC, 4C68F1DBD1541291DD0FAB78DB42B25FA051CD9F55ED869173E3219CD31500C4 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
08:57:13.0281 0x00b8  adpu160m - ok
08:57:13.0312 0x00b8  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
08:57:13.0328 0x00b8  aec - ok
08:57:13.0359 0x00b8  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
08:57:13.0359 0x00b8  AFD - ok
08:57:13.0390 0x00b8  [ 08FD04AA961BDC77FB983F328334E3D7, A784EC8A9EDB579262366B5A9AB177DB7BEC0A421BDE85431D0AD4959D5AF5E7 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
08:57:13.0390 0x00b8  agp440 - ok
08:57:13.0390 0x00b8  [ 03A7E0922ACFE1B07D5DB2EEB0773063, 93EEA872A5642C95FF19C81F8EFFB9B52742A14DBF138784F0F713AD18C413ED ] agpCPQ          C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
08:57:13.0406 0x00b8  agpCPQ - ok
08:57:13.0406 0x00b8  [ C23EA9B5F46C7F7910DB3EAB648FF013, 92C84E9AF278A3B55D56C4F8E6C10E3EF1F7B336A44A018AED6DC51A46671F0B ] Aha154x         C:\WINDOWS\system32\DRIVERS\aha154x.sys
08:57:13.0406 0x00b8  Aha154x - ok
08:57:13.0421 0x00b8  [ 19DD0FB48B0C18892F70E2E7D61A1529, 95BA1568E8E08314508CA0E1F95555891E70399AEC312C793B46A841F56FFDCF ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
08:57:13.0421 0x00b8  aic78u2 - ok
08:57:13.0437 0x00b8  [ B7FE594A7468AA0132DEB03FB8E34326, BF0DC2B8C474DB151589BA9968264413521DDD9E7316B752B2FA40C24200FBE0 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
08:57:13.0437 0x00b8  aic78xx - ok
08:57:13.0484 0x00b8  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
08:57:13.0484 0x00b8  Alerter - ok
08:57:13.0515 0x00b8  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
08:57:13.0515 0x00b8  ALG - ok
08:57:13.0531 0x00b8  [ 1140AB9938809700B46BB88E46D72A96, 369379ECC5941ACE984A7F31EAABB66A2E693EDBADA639B86D26FD681D45608E ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
08:57:13.0531 0x00b8  AliIde - ok
08:57:13.0531 0x00b8  [ CB08AED0DE2DD889A8A820CD8082D83C, B1A9D493390AEDF6EFF8BCAA3B33EC31758452AB497C34C0728CDDA1D8DCBF2A ] alim1541        C:\WINDOWS\system32\DRIVERS\alim1541.sys
08:57:13.0531 0x00b8  alim1541 - ok
08:57:13.0546 0x00b8  [ 95B4FB835E28AA1336CEEB07FD5B9398, 36CD3B14EF78B01FB653B78187FAA63C4DD5F4137AC3B91D81256A350EEDCBC1 ] amdagp          C:\WINDOWS\system32\DRIVERS\amdagp.sys
08:57:13.0546 0x00b8  amdagp - ok
08:57:13.0562 0x00b8  [ 79F5ADD8D24BD6893F2903A3E2F3FAD6, 9B179F0B6A559639D3AE3975CEBF2718294BE5743517BEE06586F0D258164C81 ] amsint          C:\WINDOWS\system32\DRIVERS\amsint.sys
08:57:13.0562 0x00b8  amsint - ok
08:57:13.0625 0x00b8  [ 350F19EB5FE4EC37A2414DF56CDE1AA8, AC78C39D08D7DFEC19AF3FEF40C0EB8290897CABFF1DE40A399026E37426C735 ] ApfiltrService  C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
08:57:13.0625 0x00b8  ApfiltrService - ok
08:57:13.0656 0x00b8  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
08:57:13.0656 0x00b8  AppMgmt - ok
08:57:13.0687 0x00b8  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:57:13.0687 0x00b8  Arp1394 - ok
08:57:13.0703 0x00b8  [ 62D318E9A0C8FC9B780008E724283707, 1A69806AB2BDECCEB5EB23A80700B3F98983D5D67F78839CBF269087FA460757 ] asc             C:\WINDOWS\system32\DRIVERS\asc.sys
08:57:13.0703 0x00b8  asc - ok
08:57:13.0750 0x00b8  [ 69EB0CC7714B32896CCBFD5EDCBEA447, 1CB506B5F71F84EFD26961010681D0A79AA7B266573378E3D2755125DF5D6BB6 ] asc3350p        C:\WINDOWS\system32\DRIVERS\asc3350p.sys
08:57:13.0750 0x00b8  asc3350p - ok
08:57:13.0781 0x00b8  [ 5D8DE112AA0254B907861E9E9C31D597, 557C93E82A71131D226267151C84B197503831A16263DDFE040E996B605CA9E8 ] asc3550         C:\WINDOWS\system32\DRIVERS\asc3550.sys
08:57:13.0781 0x00b8  asc3550 - ok
08:57:13.0859 0x00b8  [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:57:13.0859 0x00b8  aspnet_state - ok
08:57:13.0875 0x00b8  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:57:13.0875 0x00b8  AsyncMac - ok
08:57:13.0906 0x00b8  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
08:57:13.0906 0x00b8  atapi - ok
08:57:13.0921 0x00b8  Atdisk - ok
08:57:13.0921 0x00b8  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:57:13.0921 0x00b8  Atmarpc - ok
08:57:13.0968 0x00b8  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
08:57:13.0968 0x00b8  AudioSrv - ok
08:57:14.0000 0x00b8  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
08:57:14.0000 0x00b8  audstub - ok
08:57:14.0078 0x00b8  [ B93267009FA22800A0BAD63E09BC4761, AD6D403C6C2F84555D93DC64D48A6D02ED682B550548486ABB6A08F3B1F24214 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
08:57:14.0125 0x00b8  Autodesk Licensing Service - ok
08:57:14.0203 0x00b8  [ 9208C78BD9283F79A30252AD954C77A2, B3632642D1780109A2AE42D35CF45E52C6A4422A30673107464B3969CC6225B7 ] BCM43XX         C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
08:57:14.0265 0x00b8  BCM43XX - ok
08:57:14.0281 0x00b8  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
08:57:14.0281 0x00b8  Beep - ok
08:57:14.0328 0x00b8  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
08:57:14.0359 0x00b8  BITS - ok
08:57:14.0390 0x00b8  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
08:57:14.0390 0x00b8  Browser - ok
08:57:14.0609 0x00b8  [ EB9FA4E1EAB23D8CC0753CFED4FFDDC3, F11BCAE20534FDD606CD7A28E09A940A6FFAF6B11290469D88D9CB897A51F896 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
08:57:14.0828 0x00b8  CarboniteService - ok
08:57:14.0859 0x00b8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf           C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
08:57:14.0859 0x00b8  cbidf - ok
08:57:14.0875 0x00b8  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
08:57:14.0875 0x00b8  cbidf2k - ok
08:57:14.0875 0x00b8  [ F3EC03299634490E97BBCE94CD2954C7, CDC85ADA27E0D501581CE6F28D7E1941E90411FA8E8F2C43A68BAA8CB78E85DD ] cd20xrnt        C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
08:57:14.0875 0x00b8  cd20xrnt - ok
08:57:14.0906 0x00b8  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
08:57:14.0906 0x00b8  Cdaudio - ok
08:57:14.0906 0x00b8  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
08:57:14.0921 0x00b8  Cdfs - ok
08:57:14.0921 0x00b8  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:57:14.0937 0x00b8  Cdrom - ok
08:57:14.0937 0x00b8  Changer - ok
08:57:14.0968 0x00b8  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
08:57:15.0000 0x00b8  CiSvc - ok
08:57:15.0015 0x00b8  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
08:57:15.0015 0x00b8  ClipSrv - ok
08:57:15.0046 0x00b8  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:57:15.0046 0x00b8  clr_optimization_v2.0.50727_32 - ok
08:57:15.0078 0x00b8  [ 0F6C187D38D98F8DF904589A5F94D411, DB987093446216CEE913AC27503BF7E23E5A62DF169B355730285DAB64F6ED28 ] CmBatt          C:\WINDOWS\system32\DRIVERS\CmBatt.sys
08:57:15.0078 0x00b8  CmBatt - ok
08:57:15.0109 0x00b8  [ E5DCB56C533014ECBC556A8357C929D5, B2915C0C07EDBA59C5D02680804C4C2DE099D73DE0D0DD0CDA748F34F11057E0 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
08:57:15.0109 0x00b8  CmdIde - ok
08:57:15.0125 0x00b8  [ 6E4C9F21F0FAE8940661144F41B13203, 731202A0DD021FCF9287FEA631212603AAAC23F9E7F76B2882F913B18A971F1C ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
08:57:15.0125 0x00b8  Compbatt - ok
08:57:15.0140 0x00b8  COMSysApp - ok
08:57:15.0171 0x00b8  [ 3EE529119EED34CD212A215E8C40D4B6, A6B71F3D4EE7358CA85F010E6271A6B72226D25DF30ED331DA830639ED3E9903 ] Cpqarray        C:\WINDOWS\system32\DRIVERS\cpqarray.sys
08:57:15.0187 0x00b8  Cpqarray - ok
08:57:15.0203 0x00b8  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
08:57:15.0203 0x00b8  CryptSvc - ok
08:57:15.0250 0x00b8  [ E550E7418984B65A78299D248F0A7F36, 52F6BD1027E91F9A90AFAB82C7F2A0314B7E55262F5293D5F9F8F12135EDD88C ] dac2w2k         C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
08:57:15.0265 0x00b8  dac2w2k - ok
08:57:15.0265 0x00b8  [ 683789CAA3864EB46125AE86FF677D34, B725D026E069AD253192E21245260CBA44EF3C72781616A2CAD0BF0E2D86D510 ] dac960nt        C:\WINDOWS\system32\DRIVERS\dac960nt.sys
08:57:15.0265 0x00b8  dac960nt - ok
08:57:15.0312 0x00b8  [ DFEABB7CFFFADEA4A912AB95BDC3177A, 9A93956CF826F419ACB2B3CA8809917E345ACFD43B102EAB18DB46F49859D1C7 ] datunidr        C:\WINDOWS\system32\DRIVERS\datunidr.sys
08:57:15.0312 0x00b8  datunidr - ok
08:57:15.0359 0x00b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
08:57:15.0375 0x00b8  DcomLaunch - ok
08:57:15.0421 0x00b8  [ EF501A60C5DE659C02EF1FA8EE8B3998, EC592E156FFB215635D7A3B2A17AF3BDCBFCBE5B2CDC3229107EF4BB38D48364 ] DellAMBrokerService C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
08:57:15.0437 0x00b8  DellAMBrokerService - ok
08:57:15.0468 0x00b8  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
08:57:15.0468 0x00b8  Dhcp - ok
08:57:15.0515 0x00b8  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
08:57:15.0515 0x00b8  Disk - ok
08:57:15.0515 0x00b8  dkab_device - ok
08:57:15.0546 0x00b8  [ A0500678A33802D8954153839301D539, C0EC7164985DD805A08EC13D30E2596017AF76C97BD912A635AEEF1762D49564 ] DLABMFSM        C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
08:57:15.0546 0x00b8  DLABMFSM - ok
08:57:15.0562 0x00b8  [ B8D2F68CAC54D46281399F9092644794, A5CEA410D0EEB6A3E1FC003DEFB2E5DAE8761CCC280B741306E3D7AA5D57EDF3 ] DLABOIOM        C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
08:57:15.0578 0x00b8  DLABOIOM - ok
08:57:15.0578 0x00b8  [ 0EE93AB799D1CB4EC90B36F3612FE907, 8BEAC6C686429F67D9147E8D1E675F9E993650F8037DE6D9A9829784E8116C6F ] DLACDBHM        C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
08:57:15.0578 0x00b8  DLACDBHM - ok
08:57:15.0578 0x00b8  [ 87413B94AE1FABC117C4E8AE6725134E, 8B34AE7CB31DA7F215B5F94D74EBD7CDBB1B239763417BD1A43B2F21830074E0 ] DLADResM        C:\WINDOWS\system32\Drivers\DLADResM.SYS
08:57:15.0578 0x00b8  DLADResM - ok
08:57:15.0593 0x00b8  [ 766A148235BE1C0039C974446E4C0EDC, C9823A75083BE88B5F35D09B0F188856F6FBE37098787E61F780D1950E1B8C63 ] DLAIFS_M        C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
08:57:15.0593 0x00b8  DLAIFS_M - ok
08:57:15.0609 0x00b8  [ 38267CCA177354F1C64450A43A4F7627, DEC627B16BB13273ADD6F629CD99BB138081C276AD539206BBA8723092E7FEE0 ] DLAOPIOM        C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
08:57:15.0609 0x00b8  DLAOPIOM - ok
08:57:15.0625 0x00b8  [ FD363369FD313B46B5AEAB1A688B52E9, 67E8F268727555F2FA9EACE32131A924DC164ADAED320AF5999B5647701EC0E7 ] DLAPoolM        C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
08:57:15.0625 0x00b8  DLAPoolM - ok
08:57:15.0625 0x00b8  [ 336AE18F0912EF4FBE5518849E004D74, 652F47AF0401B8EE8303B3D3113B87C18313EFA0F4F20793A140411CD6984F22 ] DLARTL_M        C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
08:57:15.0625 0x00b8  DLARTL_M - ok
08:57:15.0640 0x00b8  [ FD85F682C1CC2A7CA878C7A448E6D87E, FF63F13DD5203B262A7CC442CD8CC9E7611BB246DC5E79676379742B88E1B0DD ] DLAUDFAM        C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
08:57:15.0640 0x00b8  DLAUDFAM - ok
08:57:15.0640 0x00b8  [ AF389CE587B6BF5BBDCD6F6ABE5EABC0, 58D4A7886FD114E65D5B2E80F451160A5092FF91A81CED314F959E51A8F98BFE ] DLAUDF_M        C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
08:57:15.0640 0x00b8  DLAUDF_M - ok
08:57:15.0640 0x00b8  dmadmin - ok
08:57:15.0718 0x00b8  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
08:57:15.0750 0x00b8  dmboot - ok
08:57:15.0765 0x00b8  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
08:57:15.0781 0x00b8  dmio - ok
08:57:15.0796 0x00b8  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
08:57:15.0796 0x00b8  dmload - ok
08:57:15.0828 0x00b8  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
08:57:15.0828 0x00b8  dmserver - ok
08:57:15.0859 0x00b8  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
08:57:15.0859 0x00b8  DMusic - ok
08:57:15.0890 0x00b8  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
08:57:15.0890 0x00b8  Dnscache - ok
08:57:15.0921 0x00b8  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
08:57:15.0921 0x00b8  Dot3svc - ok
08:57:15.0937 0x00b8  [ 40F3B93B4E5B0126F2F5C0A7A5E22660, 8AFFF28903037F5E36BB5352F2B236A217558FCC0146B23C787606C3F21243DB ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
08:57:15.0937 0x00b8  dpti2o - ok
08:57:15.0953 0x00b8  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
08:57:15.0953 0x00b8  drmkaud - ok
08:57:15.0968 0x00b8  [ 5D3B71BB2BB0009D65D290E2EF374BD3, 8D3A6164654975CEB85306A9FA24C554BD8BDF786CB8AC670D2E1314C567EF0A ] DRVMCDB         C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
08:57:15.0984 0x00b8  DRVMCDB - ok
08:57:16.0000 0x00b8  [ C591BA9F96F40A1FD6494DAFDCD17185, 645BAACFF58131674559959B594FC7DB2400F1009FC0338C4AD54CB41B0B384C ] DRVNDDM         C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
08:57:16.0015 0x00b8  DRVNDDM - ok
08:57:16.0031 0x00b8  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
08:57:16.0046 0x00b8  EapHost - ok
08:57:16.0109 0x00b8  [ 7D3CD999C0A7D25BE48BB4C354181815, 7CFC747D4EF3371A97F13E7E2DE8FAB967AEBAF1ADF0301A2B60936EE3E75005 ] elAPIsvc        C:\Program Files\DOS2USB\elSVC.exe
08:57:16.0109 0x00b8  elAPIsvc - ok
08:57:16.0140 0x00b8  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
08:57:16.0140 0x00b8  ERSvc - ok
08:57:16.0187 0x00b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
08:57:16.0187 0x00b8  Eventlog - ok
08:57:16.0234 0x00b8  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
08:57:16.0250 0x00b8  EventSystem - ok
08:57:16.0296 0x00b8  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
08:57:16.0296 0x00b8  Fastfat - ok
08:57:16.0328 0x00b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:57:16.0343 0x00b8  FastUserSwitchingCompatibility - ok
08:57:16.0375 0x00b8  [ E97D6A8684466DF94FF3BC24FB787A07, 89E5A6889E3C5AB9AD3E80FFC16DD608278F3ADC282048B40B60196336A5CBEB ] Fax             C:\WINDOWS\system32\fxssvc.exe
08:57:16.0390 0x00b8  Fax - ok
08:57:16.0406 0x00b8  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\drivers\Fdc.sys
08:57:16.0406 0x00b8  Fdc - ok
08:57:16.0421 0x00b8  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
08:57:16.0421 0x00b8  Fips - ok
08:57:16.0437 0x00b8  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
08:57:16.0437 0x00b8  Flpydisk - ok
08:57:16.0468 0x00b8  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:57:16.0468 0x00b8  FltMgr - ok
08:57:16.0546 0x00b8  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:57:16.0546 0x00b8  FontCache3.0.0.0 - ok
08:57:16.0562 0x00b8  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:57:16.0562 0x00b8  Fs_Rec - ok
08:57:16.0578 0x00b8  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:57:16.0593 0x00b8  Ftdisk - ok
08:57:16.0609 0x00b8  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:57:16.0609 0x00b8  Gpc - ok
08:57:16.0671 0x00b8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
08:57:16.0687 0x00b8  gupdate - ok
08:57:16.0687 0x00b8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
08:57:16.0687 0x00b8  gupdatem - ok
08:57:16.0703 0x00b8  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:57:16.0703 0x00b8  HDAudBus - ok
08:57:16.0781 0x00b8  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:57:16.0781 0x00b8  helpsvc - ok
08:57:16.0796 0x00b8  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
08:57:16.0796 0x00b8  HidServ - ok
08:57:16.0828 0x00b8  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:57:16.0828 0x00b8  hidusb - ok
08:57:16.0843 0x00b8  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
08:57:16.0859 0x00b8  hkmsvc - ok
08:57:16.0906 0x00b8  [ 80D465483CECC76B6D1EE05C8FB6BD3F, 5BAD2983E8876170B511A49A17C0612142829EE0BE978C98CC2DC21157045EBC ] hnmsvc          C:\Program Files\Dell Network Assistant\hnm_svc.exe
08:57:16.0906 0x00b8  hnmsvc - ok
08:57:16.0921 0x00b8  [ B028377DEA0546A5FCFBA928A8AEFAE0, FD7B34A6036AD443014B16394A5F051A298CEE4276D50525FB9F15A0D2684C8B ] hpn             C:\WINDOWS\system32\DRIVERS\hpn.sys
08:57:16.0921 0x00b8  hpn - ok
08:57:16.0953 0x00b8  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
08:57:16.0968 0x00b8  HTTP - ok
08:57:16.0984 0x00b8  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
08:57:16.0984 0x00b8  HTTPFilter - ok
08:57:17.0000 0x00b8  [ 9368670BD426EBEA5E8B18A62416EC28, 0ED865F8FB79F0B6309521925280E8640DB5CA6F75377434830536899734B6EE ] i2omgmt         C:\WINDOWS\system32\drivers\i2omgmt.sys
08:57:17.0000 0x00b8  i2omgmt - ok
08:57:17.0031 0x00b8  [ F10863BF1CCC290BABD1A09188AE49E0, BC038EAE6C8A76D56A5AD27035DC0369D6E766711E9FAA7467144370851F1615 ] i2omp           C:\WINDOWS\system32\DRIVERS\i2omp.sys
08:57:17.0031 0x00b8  i2omp - ok
08:57:17.0062 0x00b8  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:57:17.0062 0x00b8  i8042prt - ok
08:57:17.0312 0x00b8  [ BFFA387180121DF1E4646C4CED3E16CA, D94C94DB7F90FAB681E28F81C346CED009F1E6104F5BB1F3EB2F467A34D0221E ] ialm            C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:57:17.0531 0x00b8  ialm - ok
08:57:17.0578 0x00b8  [ 2358C53F30CB9DCD1D3843C4E2F299B2, C3E5F2D60133B10DEA52AF11E192DFDC4160611F5F0A86ED66138DB91532CA4A ] iaStor          C:\WINDOWS\system32\drivers\iaStor.sys
08:57:17.0593 0x00b8  iaStor - ok
08:57:17.0687 0x00b8  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:57:17.0734 0x00b8  idsvc - ok
08:57:17.0750 0x00b8  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
08:57:17.0750 0x00b8  Imapi - ok
08:57:17.0796 0x00b8  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
08:57:17.0796 0x00b8  ImapiService - ok
08:57:17.0812 0x00b8  [ 4A40E045FAEE58631FD8D91AFC620719, 7A2FD81BD483821B3DA01B1CD7215423EDD719CBE3862C0342FF7D21A17AF437 ] ini910u         C:\WINDOWS\system32\DRIVERS\ini910u.sys
08:57:17.0812 0x00b8  ini910u - ok
08:57:18.0031 0x00b8  [ 613A2B00DA1D4A80DE1EC8CFB52C0D89, 604C591666569F38B82845448A6893CA06EBE0AC58F810DC6A1E3455C33831E1 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:57:18.0218 0x00b8  IntcAzAudAddService - ok
08:57:18.0250 0x00b8  [ B5466A9250342A7AA0CD1FBA13420678, 87E735C4E8924A883AB692D387A83BCBFAE6E165688336AE7AB488F7CA8D339E ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
08:57:18.0250 0x00b8  IntelIde - ok
08:57:18.0265 0x00b8  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:57:18.0265 0x00b8  intelppm - ok
08:57:18.0281 0x00b8  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:57:18.0296 0x00b8  Ip6Fw - ok
08:57:18.0312 0x00b8  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:57:18.0312 0x00b8  IpFilterDriver - ok
08:57:18.0312 0x00b8  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:57:18.0328 0x00b8  IpInIp - ok
08:57:18.0343 0x00b8  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:57:18.0343 0x00b8  IpNat - ok
08:57:18.0359 0x00b8  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:57:18.0375 0x00b8  IPSec - ok
08:57:18.0375 0x00b8  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
08:57:18.0375 0x00b8  IRENUM - ok
08:57:18.0406 0x00b8  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:57:18.0406 0x00b8  isapnp - ok
08:57:18.0500 0x00b8  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
08:57:18.0515 0x00b8  JavaQuickStarterService - ok
08:57:18.0531 0x00b8  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:57:18.0531 0x00b8  Kbdclass - ok
08:57:18.0546 0x00b8  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:57:18.0546 0x00b8  kbdhid - ok
08:57:18.0562 0x00b8  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
08:57:18.0562 0x00b8  kmixer - ok
08:57:18.0593 0x00b8  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
08:57:18.0593 0x00b8  KSecDD - ok
08:57:18.0625 0x00b8  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] LanmanServer    C:\WINDOWS\System32\srvsvc.dll
08:57:18.0625 0x00b8  LanmanServer - ok
08:57:18.0656 0x00b8  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:57:18.0671 0x00b8  lanmanworkstation - ok
08:57:18.0671 0x00b8  lbrtfdc - ok
08:57:18.0703 0x00b8  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
08:57:18.0703 0x00b8  LmHosts - ok
08:57:18.0734 0x00b8  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
08:57:18.0734 0x00b8  Messenger - ok
08:57:18.0765 0x00b8  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
08:57:18.0765 0x00b8  mnmdd - ok
08:57:18.0781 0x00b8  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
08:57:18.0781 0x00b8  mnmsrvc - ok
08:57:18.0781 0x00b8  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
08:57:18.0781 0x00b8  Modem - ok
08:57:18.0796 0x00b8  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:57:18.0796 0x00b8  Mouclass - ok
08:57:18.0796 0x00b8  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:57:18.0796 0x00b8  mouhid - ok
08:57:18.0812 0x00b8  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
08:57:18.0812 0x00b8  MountMgr - ok
08:57:18.0875 0x00b8  [ E77DC03DD3C8E5A388BF9EED2A28F3D1, ED0DAA975D1EC35CE036F02596218E15CC6A054167628D12A0A5AD91B841F422 ] MpFilter        C:\WINDOWS\system32\DRIVERS\MpFilter.sys
08:57:18.0890 0x00b8  MpFilter - ok
08:57:18.0906 0x00b8  [ 3F4BB95E5A44F3BE34824E8E7CAF0737, 9A4F9E63AA55B779AF3563C66C8E40D9C42FF3BB5F533F70905ADC7A44EA7DAD ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
08:57:18.0906 0x00b8  mraid35x - ok
08:57:18.0921 0x00b8  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:57:18.0937 0x00b8  MRxDAV - ok
08:57:18.0984 0x00b8  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:57:19.0000 0x00b8  MRxSmb - ok
08:57:19.0015 0x00b8  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
08:57:19.0015 0x00b8  MSDTC - ok
08:57:19.0031 0x00b8  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
08:57:19.0031 0x00b8  Msfs - ok
08:57:19.0031 0x00b8  MSIServer - ok
08:57:19.0062 0x00b8  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:57:19.0062 0x00b8  MSKSSRV - ok
08:57:19.0156 0x00b8  [ B0F49DA36F30922F5DDC3B623B778FCE, EE025AEFA4A2095AFEABFB3A49639DA77D78068A3F5EEDA6C15D34853AFD5609 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
08:57:19.0203 0x00b8  MsMpSvc - ok
08:57:19.0218 0x00b8  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:57:19.0218 0x00b8  MSPCLOCK - ok
08:57:19.0218 0x00b8  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
08:57:19.0218 0x00b8  MSPQM - ok
08:57:19.0234 0x00b8  [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:57:19.0234 0x00b8  mssmbios - ok
08:57:19.0281 0x00b8  [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
08:57:19.0281 0x00b8  Mup - ok
08:57:19.0328 0x00b8  [ 0102140028FAD045756796E1C685D695, 5335B8278418CA200E2772124F0602C3E15A5CAF2D5CC59F6785DFAABF339B09 ] napagent        C:\WINDOWS\System32\qagentrt.dll
08:57:19.0328 0x00b8  napagent - ok
08:57:19.0375 0x00b8  [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
08:57:19.0375 0x00b8  NDIS - ok
08:57:19.0421 0x00b8  [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:57:19.0421 0x00b8  NdisTapi - ok
08:57:19.0437 0x00b8  [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:57:19.0437 0x00b8  Ndisuio - ok
08:57:19.0437 0x00b8  [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:57:19.0453 0x00b8  NdisWan - ok
08:57:19.0468 0x00b8  [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
08:57:19.0468 0x00b8  NDProxy - ok
08:57:19.0484 0x00b8  [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
08:57:19.0484 0x00b8  NetBIOS - ok
08:57:19.0500 0x00b8  [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
08:57:19.0500 0x00b8  NetBT - ok
08:57:19.0546 0x00b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDE          C:\WINDOWS\system32\netdde.exe
08:57:19.0562 0x00b8  NetDDE - ok
08:57:19.0578 0x00b8  [ B857BA82860D7FF85AE29B095645563B, 86FF0E4CDD9C394E8BABD93A4D57E73FF9A779261717DEC6E9CDE99F1C6B0F4C ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
08:57:19.0578 0x00b8  NetDDEdsdm - ok
08:57:19.0593 0x00b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] Netlogon        C:\WINDOWS\system32\lsass.exe
08:57:19.0609 0x00b8  Netlogon - ok
08:57:19.0625 0x00b8  [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE, 4E0A67B3CC897E80D4B342FFE8B7B4CC4F6CA2EF2D34C136027A098B2E1C6166 ] Netman          C:\WINDOWS\System32\netman.dll
08:57:19.0625 0x00b8  Netman - ok
08:57:19.0656 0x00b8  [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:57:19.0671 0x00b8  NetTcpPortSharing - ok
08:57:19.0703 0x00b8  [ E9E47CFB2D461FA0FC75B7A74C6383EA, 544136F5BFD4DC23D45E90F12FA48B82FD9EAEA9EAF3E0F5F0BD27E23D672C3E ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:57:19.0703 0x00b8  NIC1394 - ok
08:57:19.0734 0x00b8  [ 943337D786A56729263071623BBB9DE5, B631B47C869FE4ACF46E4AA272435D9A9CA536E3349E3FFBB8602636FEE7AFD4 ] Nla             C:\WINDOWS\System32\mswsock.dll
08:57:19.0750 0x00b8  Nla - ok
08:57:19.0765 0x00b8  [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
08:57:19.0765 0x00b8  Npfs - ok
08:57:19.0812 0x00b8  [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
08:57:19.0843 0x00b8  Ntfs - ok
08:57:19.0859 0x00b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
08:57:19.0859 0x00b8  NtLmSsp - ok
08:57:19.0937 0x00b8  [ 156F64A3345BD23C600655FB4D10BC08, 9611BE411586E068D9297D77102DB3BE48AA67F1BAD6F61A84F83FC3043FA9CD ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
08:57:19.0968 0x00b8  NtmsSvc - ok
08:57:20.0000 0x00b8  [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null            C:\WINDOWS\system32\drivers\Null.sys
08:57:20.0000 0x00b8  Null - ok
08:57:20.0015 0x00b8  [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt        C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:57:20.0015 0x00b8  NwlnkFlt - ok
08:57:20.0015 0x00b8  [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd        C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:57:20.0015 0x00b8  NwlnkFwd - ok
08:57:20.0046 0x00b8  [ D51942F12090FC947CA8AA01736DADE2, 78B86F1F3078B78C04852954E8456A748925E3681484C3A1CC513978DBF17050 ] O2MDRDR         C:\WINDOWS\system32\DRIVERS\o2media.sys
08:57:20.0046 0x00b8  O2MDRDR - ok
08:57:20.0062 0x00b8  [ 602266E7D014D66ED1FC3F062CBCBCB6, 83A6A28D0E8054768F22A8535DF2597F06E7BB3A7FE30BD8523B689F60E12378 ] O2SDRDR         C:\WINDOWS\system32\DRIVERS\o2sd.sys
08:57:20.0062 0x00b8  O2SDRDR - ok
08:57:20.0093 0x00b8  [ CA33832DF41AFB202EE7AEB05145922F, 9DD0089C2E13C7F81214C3B5A4A61276292052F9BBFEA7FCD0F6AA27815D5F95 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:57:20.0109 0x00b8  ohci1394 - ok
08:57:20.0140 0x00b8  [ 8F856DAE19383BD69DB444004D5D4F50, 28F8367E1A54F4FB0BC17F7D9F27A5924573593A206DCC331B592A9E51269F18 ] Packet          C:\WINDOWS\system32\DRIVERS\packet.sys
08:57:20.0140 0x00b8  Packet - ok
08:57:20.0140 0x00b8  [ 5575FAF8F97CE5E713D108C2A58D7C7C, 96D4595D19A78CCBE8B325A08780AC077AE5CC99642ACD72FB47AEAE8D344D3B ] Parport         C:\WINDOWS\system32\drivers\Parport.sys
08:57:20.0140 0x00b8  Parport - ok
08:57:20.0171 0x00b8  [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
08:57:20.0171 0x00b8  PartMgr - ok
08:57:20.0171 0x00b8  [ 70E98B3FD8E963A6A46A2E6247E0BEA1, 6771313EC41B3B5BFD398F60706E40BE71617046880CC352DD110B001AFC22A1 ] ParVdm          C:\WINDOWS\system32\drivers\ParVdm.sys
08:57:20.0171 0x00b8  ParVdm - ok
08:57:20.0187 0x00b8  [ A219903CCF74233761D92BEF471A07B1, D4E6C360A1D2FCA4D17C991B834D68BF20F5111DD06B1FAB8B22984804CEC269 ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
08:57:20.0187 0x00b8  PCI - ok
08:57:20.0203 0x00b8  PCIDump - ok
08:57:20.0218 0x00b8  [ CCF5F451BB1A5A2A522A76E670000FF0, D63F7E5A39653EC9CCE94B7D84B2D3EBD4F54533BD65701020198724042C9257 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
08:57:20.0218 0x00b8  PCIIde - ok
08:57:20.0218 0x00b8  [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1, 0BA3DB21DC7C641C181E2635B5C9B73965FDCDCD3EBBBE48FCFEC1C8C987F617 ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
08:57:20.0218 0x00b8  Pcmcia - ok
08:57:20.0234 0x00b8  PDCOMP - ok
08:57:20.0234 0x00b8  PDFRAME - ok
08:57:20.0250 0x00b8  PDRELI - ok
08:57:20.0250 0x00b8  PDRFRAME - ok
08:57:20.0281 0x00b8  [ 6C14B9C19BA84F73D3A86DBA11133101, 2CFB7E027E43C1B3890985DFD7987B23E4E3CC003E3FD2583E4A8AC1F8A13B26 ] perc2           C:\WINDOWS\system32\DRIVERS\perc2.sys
08:57:20.0281 0x00b8  perc2 - ok
08:57:20.0281 0x00b8  [ F50F7C27F131AFE7BEBA13E14A3B9416, C0498EA65B908C07A734324ED70DB27F434FAAA815DD02F1BC429A3AB6C663D5 ] perc2hib        C:\WINDOWS\system32\DRIVERS\perc2hib.sys
08:57:20.0281 0x00b8  perc2hib - ok
08:57:20.0312 0x00b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] PlugPlay        C:\WINDOWS\system32\services.exe
08:57:20.0312 0x00b8  PlugPlay - ok
08:57:20.0328 0x00b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
08:57:20.0328 0x00b8  PolicyAgent - ok
08:57:20.0359 0x00b8  [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:57:20.0359 0x00b8  PptpMiniport - ok
08:57:20.0375 0x00b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:57:20.0375 0x00b8  ProtectedStorage - ok
08:57:20.0390 0x00b8  [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
08:57:20.0390 0x00b8  PSched - ok
08:57:20.0406 0x00b8  [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:57:20.0406 0x00b8  Ptilink - ok
08:57:20.0453 0x00b8  [ 413F2D5F9D802688242C23B38F767ECB, 6D5B6B8FC6E8E45555C444D3E881D3E44DE4C6F2602ADBB4D0E8E9F834089827 ] PTproct         C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
08:57:20.0453 0x00b8  PTproct - ok
08:57:20.0484 0x00b8  [ 49452BFCEC22F36A7A9B9C2181BC3042, C01A2005E9897B142FF9BC6155770F70C19725C425E48D14239195E81E2E42D0 ] PxHelp20        C:\WINDOWS\system32\Drivers\PxHelp20.sys
08:57:20.0484 0x00b8  PxHelp20 - ok
08:57:20.0500 0x00b8  [ 0A63FB54039EB5662433CABA3B26DBA7, A1FB923EB2D08D89D24E8AD7042BBED7CB1DBDA9A5B77BDD188E9913BADAB0EF ] ql1080          C:\WINDOWS\system32\DRIVERS\ql1080.sys
08:57:20.0515 0x00b8  ql1080 - ok
08:57:20.0531 0x00b8  [ 6503449E1D43A0FF0201AD5CB1B8C706, F1EFC2DE5998615CB182D7984366631FE956AE1ECA9AC777F26FCA2E6F2E05A6 ] Ql10wnt         C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
08:57:20.0531 0x00b8  Ql10wnt - ok
08:57:20.0546 0x00b8  [ 156ED0EF20C15114CA097A34A30D8A01, 7490B90D4C88B7A9BADB9473D4033535F054C797ABF6D542CB859DA5C9B2586A ] ql12160         C:\WINDOWS\system32\DRIVERS\ql12160.sys
08:57:20.0546 0x00b8  ql12160 - ok
08:57:20.0546 0x00b8  [ 70F016BEBDE6D29E864C1230A07CC5E6, 895BC2C888F6566086FC1399F499A401D447E57333BC9F9C6DBAFE0F117603D6 ] ql1240          C:\WINDOWS\system32\DRIVERS\ql1240.sys
08:57:20.0562 0x00b8  ql1240 - ok
08:57:20.0578 0x00b8  [ 907F0AEEA6BC451011611E732BD31FCF, F9E7023BD1042963110D0A613054D094437868B20779F23C316A38E4781A6152 ] ql1280          C:\WINDOWS\system32\DRIVERS\ql1280.sys
08:57:20.0578 0x00b8  ql1280 - ok
08:57:20.0609 0x00b8  [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:57:20.0609 0x00b8  RasAcd - ok
08:57:20.0640 0x00b8  [ AD188BE7BDF94E8DF4CA0A55C00A5073, C7D76CB579FAEBCCC2873499441BACDD6BD6668ACF5ED7F31862656E96E2B20C ] RasAuto         C:\WINDOWS\System32\rasauto.dll
08:57:20.0640 0x00b8  RasAuto - ok
08:57:20.0671 0x00b8  [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:57:20.0671 0x00b8  Rasl2tp - ok
08:57:20.0687 0x00b8  [ 76A9A3CBEADD68CC57CDA5E1D7448235, 4AFD048C5D2306AB8DE46F3AA60AC0213333DDA3B09A9E91F7585DB6EB978EC8 ] RasMan          C:\WINDOWS\System32\rasmans.dll
08:57:20.0703 0x00b8  RasMan - ok
08:57:20.0703 0x00b8  [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:57:20.0718 0x00b8  RasPppoe - ok
08:57:20.0718 0x00b8  [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
08:57:20.0718 0x00b8  Raspti - ok
08:57:20.0765 0x00b8  [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:57:20.0765 0x00b8  Rdbss - ok
08:57:20.0765 0x00b8  [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:57:20.0765 0x00b8  RDPCDD - ok
08:57:20.0796 0x00b8  [ 15CABD0F7C00C47C70124907916AF3F1, 66B5C978B7FB6359AD8BAC9F568FE9D469E358FEAB07B1F129BA9E85F1DF723E ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:57:20.0796 0x00b8  rdpdr - ok
08:57:20.0828 0x00b8  [ 43AF5212BD8FB5BA6EED9754358BD8F7, AF330F61CECA4AFA359CEABC5EB3227E6B56A9A2DCE50701381D665122D7356D ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
08:57:20.0843 0x00b8  RDPWD - ok
08:57:20.0859 0x00b8  [ 3C37BF86641BDA977C3BF8A840F3B7FA, AB9A6E54DBA3F4561CD4837372BECCE0D73943D02E3288F944333039375AC08C ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
08:57:20.0859 0x00b8  RDSessMgr - ok
08:57:20.0890 0x00b8  [ F828DD7E1419B6653894A8F97A0094C5, E6150E1F598BA4CFEDB8FF075BC0D576518C331B864388F1CAE8812EFF106ECF ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
08:57:20.0890 0x00b8  redbook - ok
08:57:20.0937 0x00b8  [ 7E699FF5F59B5D9DE5390E3C34C67CF5, 3FCF0442D80AB181FED4303E570378736AA1F8718C0B8B70F689A1E45200FFE4 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
08:57:20.0953 0x00b8  RemoteAccess - ok
08:57:20.0968 0x00b8  [ 5B19B557B0C188210A56A6B699D90B8F, 0FA880B81AE615206FD1738B83428AAA491D54B24168339DE6E87FDE8C6C14B0 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
08:57:20.0968 0x00b8  RemoteRegistry - ok
08:57:21.0000 0x00b8  [ AAED593F84AFA419BBAE8572AF87CF6A, CC0FFC5A69394C8830DC66320DA01A820BBF41AD7E57D0FC343561DC5EF9A360 ] RpcLocator      C:\WINDOWS\system32\locator.exe
08:57:21.0015 0x00b8  RpcLocator - ok
08:57:21.0031 0x00b8  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] RpcSs           C:\WINDOWS\System32\rpcss.dll
08:57:21.0046 0x00b8  RpcSs - ok
08:57:21.0062 0x00b8  [ 471B3F9741D762ABE75E9DEEA4787E47, D9ADE42965EC22AEB4B2AD21D429C3C8232A60AA9853DEFDA7AED86A13FE8623 ] RSVP            C:\WINDOWS\system32\rsvp.exe
08:57:21.0078 0x00b8  RSVP - ok
08:57:21.0109 0x00b8  [ 89619EF503F949FAE09252A8B883EE11, D410C0BE5E930CABE5523FBE071814500AE9C7B29054DFE98B14904A4A221423 ] RTLE8023xp      C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
08:57:21.0125 0x00b8  RTLE8023xp - ok
08:57:21.0140 0x00b8  [ BF2466B3E18E970D8A976FB95FC1CA85, F7794B5D12DC5D820A162850F4388E2AA80426AD07CB221799CF941C682AB501 ] SamSs           C:\WINDOWS\system32\lsass.exe
08:57:21.0140 0x00b8  SamSs - ok
08:57:21.0156 0x00b8  [ 86D007E7A654B9A71D1D7D856B104353, 7B1DE53D637A5FC9619D5D07C48927AFEC89D959207F6F2E2F45DD054EEA04C7 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
08:57:21.0171 0x00b8  SCardSvr - ok
08:57:21.0187 0x00b8  [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA, 0B582F47BD70732BAC48B8B86E5D06CE7F299A20E8177F3F2E6F28217C3FB605 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
08:57:21.0203 0x00b8  Schedule - ok
08:57:21.0218 0x00b8  [ 8D04819A3CE51B9EB47E5689B44D43C4, B0588AF967A7611F05BC8A8AD0C945DBB7BF995D7DA5C28FD0D007E33BF1F502 ] sdbus           C:\WINDOWS\system32\DRIVERS\sdbus.sys
08:57:21.0234 0x00b8  sdbus - ok
08:57:21.0234 0x00b8  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:57:21.0234 0x00b8  Secdrv - ok
08:57:21.0250 0x00b8  [ CBE612E2BB6A10E3563336191EDA1250, C331797DC3569F0E715766561DE2562F60B924378842246C35D2B1CF867E9D96 ] seclogon        C:\WINDOWS\System32\seclogon.dll
08:57:21.0265 0x00b8  seclogon - ok
08:57:21.0265 0x00b8  [ 7FDD5D0684ECA8C1F68B4D99D124DCD0, 7105B026F966A992430F86C3698ABE15EC73E4772F1A3E362E29FD5247A5DCA6 ] SENS            C:\WINDOWS\system32\sens.dll
08:57:21.0281 0x00b8  SENS - ok
08:57:21.0312 0x00b8  [ CCA207A8896D4C6A0C9CE29A4AE411A7, 5999B39242283CD803319AADCA171CCCC6E2A40FB2FAFA51B1D29F3FF2DD8D6C ] Serial          C:\WINDOWS\system32\drivers\Serial.sys
08:57:21.0312 0x00b8  Serial - ok
08:57:21.0343 0x00b8  [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy         C:\WINDOWS\system32\drivers\Sfloppy.sys
08:57:21.0343 0x00b8  Sfloppy - ok
08:57:21.0390 0x00b8  [ 83F41D0D89645D7235C051AB1D9523AC, B681F33EEAA511D6A2DCB9FBAA407B739184C9FF6067C6B7E51F1FC37E9D4DD7 ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
08:57:21.0390 0x00b8  SharedAccess - ok
08:57:21.0421 0x00b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:57:21.0421 0x00b8  ShellHWDetection - ok
08:57:21.0437 0x00b8  Simbad - ok
08:57:21.0453 0x00b8  [ 6B33D0EBD30DB32E27D1D78FE946A754, CDA3D082D370B079C06D943DA124D76BAF0C5DB264FB0C893148EF6322D2FABE ] sisagp          C:\WINDOWS\system32\DRIVERS\sisagp.sys
08:57:21.0453 0x00b8  sisagp - ok
08:57:21.0468 0x00b8  [ 83C0F71F86D3BDAF915685F3D568B20E, 10B24723914A5A9E27A592FD58DAE2207B6E49F13A17CD2B1477C51D2D609D2E ] Sparrow         C:\WINDOWS\system32\DRIVERS\sparrow.sys
08:57:21.0484 0x00b8  Sparrow - ok
08:57:21.0500 0x00b8  [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
08:57:21.0500 0x00b8  splitter - ok
08:57:21.0531 0x00b8  [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler         C:\WINDOWS\system32\spoolsv.exe
08:57:21.0531 0x00b8  Spooler - ok
08:57:21.0562 0x00b8  sprtsvc_dellsupportcenter - ok
08:57:21.0593 0x00b8  [ 76BB022C2FB6902FD5BDD4F78FC13A5D, 6031CB2344D7277FC703480EB43CF856A0F8F818EA98FF26A2CA532336CD2DFA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
08:57:21.0593 0x00b8  sr - ok
08:57:21.0640 0x00b8  [ 3805DF0AC4296A34BA4BF93B346CC378, B57A14F1B7B0997E619DDD62B73157AA2399A9852166FB58139CBB358A88F6F3 ] srservice       C:\WINDOWS\system32\srsvc.dll
08:57:21.0640 0x00b8  srservice - ok
08:57:21.0671 0x00b8  [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
08:57:21.0687 0x00b8  Srv - ok
08:57:21.0703 0x00b8  [ 0A5679B3714EDAB99E357057EE88FCA6, 01E1A101FFF48402C77E385A78FEF27876E04533B60EB1C18558A737E57E5FA8 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
08:57:21.0703 0x00b8  SSDPSRV - ok
08:57:21.0750 0x00b8  [ 8BAD69CBAC032D4BBACFCE0306174C30, 2AA0DA710FCBFF38FE8DA91EE02E7A4503269347E61F8D3246FCA3384BBA2305 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
08:57:21.0765 0x00b8  stisvc - ok
08:57:21.0796 0x00b8  [ DE3E7A2345EBAA3CE8E6957DFB55FB15, DEFA772F7B08ADE3FCC4FDEDE14FD388E32E7395F44E67E3DAB2CD26E417D5C9 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
08:57:21.0796 0x00b8  stllssvr - ok
08:57:21.0812 0x00b8  [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
08:57:21.0812 0x00b8  swenum - ok
08:57:21.0843 0x00b8  [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
08:57:21.0843 0x00b8  swmidi - ok
08:57:21.0859 0x00b8  SwPrv - ok
08:57:21.0890 0x00b8  [ 1FF3217614018630D0A6758630FC698C, 78A3075BBFF5D7ADEAC1527E65ACA8527BFC509DF124D44410BB46C4D96C96BB ] symc810         C:\WINDOWS\system32\DRIVERS\symc810.sys
08:57:21.0890 0x00b8  symc810 - ok
08:57:21.0906 0x00b8  [ 070E001D95CF725186EF8B20335F933C, B98B29FB01741AF3B4BB02C76A4D117EA04FE4CC4F8CDB491F9216931704A6D8 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
08:57:21.0906 0x00b8  symc8xx - ok
08:57:21.0906 0x00b8  [ 80AC1C4ABBE2DF3B738BF15517A51F2C, CCF82D09C63F4FA98BCBEF3A1DC8C02D4269B78256D0B6213E815D9BBE174432 ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
08:57:21.0921 0x00b8  sym_hi - ok
08:57:21.0921 0x00b8  [ BF4FAB949A382A8E105F46EBB4937058, FE7C114A19D50E37463CDD3605C26105A779EEA79CB92BF98267C7BE809D853B ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
08:57:21.0921 0x00b8  sym_u3 - ok
08:57:21.0937 0x00b8  [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
08:57:21.0937 0x00b8  sysaudio - ok
08:57:22.0000 0x00b8  [ C7ABBC59B43274B1109DF6B24D617051, 4384CA0AA6CE9B603CF7DB775A3C721E46715D5B120B94FB57DEADAADE18535B ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
08:57:22.0000 0x00b8  SysmonLog - ok
08:57:22.0031 0x00b8  [ 3CB78C17BB664637787C9A1C98F79C38, F35C31F6B7F366CB949D1044B357C76DEC9170441C5E559802794F62B72FD255 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
08:57:22.0062 0x00b8  TapiSrv - ok
08:57:22.0109 0x00b8  [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:57:22.0140 0x00b8  Tcpip - ok
08:57:22.0171 0x00b8  [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
08:57:22.0187 0x00b8  TDPIPE - ok
08:57:22.0218 0x00b8  [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
08:57:22.0218 0x00b8  TDTCP - ok
08:57:22.0234 0x00b8  [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
08:57:22.0250 0x00b8  TermDD - ok
08:57:22.0281 0x00b8  [ FF3477C03BE7201C294C35F684B3479F, D6246521539BA4ACD022D26983182F5E323D2EF1EA7C54265A248C43A1CE5202 ] TermService     C:\WINDOWS\System32\termsrv.dll
08:57:22.0296 0x00b8  TermService - ok
08:57:22.0312 0x00b8  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] Themes          C:\WINDOWS\System32\shsvcs.dll
08:57:22.0312 0x00b8  Themes - ok
08:57:22.0328 0x00b8  [ DB7205804759FF62C34E3EFD8A4CC76A, 13A4248F528CE98ACA66898E56822E4FC49B11F491FF1F61A687BA601BF0A802 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
08:57:22.0328 0x00b8  TlntSvr - ok
08:57:22.0359 0x00b8  [ F2790F6AF01321B172AA62F8E1E187D9, 5644B5EFA0065C0CC9DB28E5520AAD2F4B3BCE48337F165BF9F166ECC164630C ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
08:57:22.0359 0x00b8  TosIde - ok
08:57:22.0375 0x00b8  [ 55BCA12F7F523D35CA3CB833C725F54E, 849FB1AE31B143B14B298BBC0D91230693D41DEB95F46516878F53A7F4186C38 ] TrkWks          C:\WINDOWS\system32\trkwks.dll
08:57:22.0375 0x00b8  TrkWks - ok
08:57:22.0390 0x00b8  [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
08:57:22.0390 0x00b8  Udfs - ok
08:57:22.0437 0x00b8  [ 1B698A51CD528D8DA4FFAED66DFC51B9, FC3F12D25EE0E99AFE056502FCCFC052854699C21B99D559FAF1244F206DFB4F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
08:57:22.0437 0x00b8  ultra - ok
08:57:22.0468 0x00b8  [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
08:57:22.0468 0x00b8  Update - ok
08:57:22.0515 0x00b8  [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91, 7746916DB48E3F5B243B63C066596AD9037A494BF1AD935946DD04AC85D983DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
08:57:22.0515 0x00b8  upnphost - ok
08:57:22.0531 0x00b8  [ 05365FB38FCA1E98F7A566AAAF5D1815, 16843048CEEC3DAA3B953A12FF1EE339E86783A08F2A56DA7F94AD9F9717D77D ] UPS             C:\WINDOWS\System32\ups.exe
08:57:22.0531 0x00b8  UPS - ok
08:57:22.0562 0x00b8  [ 1B611611C28D2DF25BC057D79C6F13FC, B0D86F63E44B40413BBAE6402CC088046CFAE082D41BBC2ED5A916293356B846 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:57:22.0562 0x00b8  usbccgp - ok
08:57:22.0593 0x00b8  [ 4BAC8DF07F1D8434FC640E677A62204E, 76C1351AF6752224BF59DEEE0F8665FE699F3DFD679F5BCD01C7D9383E6402A4 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:57:22.0593 0x00b8  usbehci - ok
08:57:22.0609 0x00b8  [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:57:22.0609 0x00b8  usbhub - ok
08:57:22.0640 0x00b8  [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:57:22.0640 0x00b8  USBSTOR - ok
08:57:22.0640 0x00b8  [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:57:22.0640 0x00b8  usbuhci - ok
08:57:22.0671 0x00b8  [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
08:57:22.0671 0x00b8  VgaSave - ok
08:57:22.0687 0x00b8  [ 754292CE5848B3738281B4F3607EAEF4, B0DCC9E9F8F78671FF878B493264C3B1DD2ED4A7167E3F5495F66ABF5FACB86C ] viaagp          C:\WINDOWS\system32\DRIVERS\viaagp.sys
08:57:22.0687 0x00b8  viaagp - ok
08:57:22.0703 0x00b8  [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E, FC7FFD53FCC0F81587EFF26A43C141D25C43DBC68311520CE2BCDD739CA58CA9 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
08:57:22.0703 0x00b8  ViaIde - ok
08:57:22.0718 0x00b8  [ 4C8FCB5CC53AAB716D810740FE59D025, 010EAC43DBED700B73E4FC908FAAF9F6A0168EBBD5D86751E49BC33AAA18BFA4 ] VolSnap         C:\WINDOWS\system32\drivers\VolSnap.sys
08:57:22.0718 0x00b8  VolSnap - ok
08:57:22.0765 0x00b8  [ 7A9DB3A67C333BF0BD42E42B8596854B, D31A9A3B1AAAB373EDD73B674102395212FCB616F829E938B7B2B7BE7D4752C5 ] VSS             C:\WINDOWS\System32\vssvc.exe
08:57:22.0765 0x00b8  VSS - ok
08:57:22.0796 0x00b8  [ 54AF4B1D5459500EF0937F6D33B1914F, FA1876888BCB9C72A92369DBED4FF1A8666784523FB41E618FA0919490FCDDB9 ] w32time         C:\WINDOWS\system32\w32time.dll
08:57:22.0812 0x00b8  w32time - ok
08:57:22.0812 0x00b8  [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:57:22.0828 0x00b8  Wanarp - ok
08:57:22.0875 0x00b8  [ FD47474BD21794508AF449D9D91AF6E6, 2AD586390824F673B5DC5D86FC2423ED9252413D221E1C7EC3A760782DB6436A ] Wdf01000        C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:57:22.0890 0x00b8  Wdf01000 - ok
08:57:22.0890 0x00b8  WDICA - ok
08:57:22.0937 0x00b8  [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
08:57:22.0937 0x00b8  wdmaud - ok
08:57:22.0953 0x00b8  [ 77A354E28153AD2D5E120A5A8687BC06, 8B2D37A4443501C0A8E70BC2079BE27F0A36FD07B561E6F68B40A72EABBC2DFE ] WebClient       C:\WINDOWS\System32\webclnt.dll
08:57:22.0953 0x00b8  WebClient - ok
08:57:22.0984 0x00b8  [ 2D0E4ED081963804CCC196A0929275B5, E1D75C7D7233D81DFDE13160B0C80138DF8B35230D04FB79B367A52FACF69BF8 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
08:57:23.0000 0x00b8  winmgmt - ok
08:57:23.0000 0x00b8  wltrysvc - ok
08:57:23.0062 0x00b8  [ C7E39EA41233E9F5B86C8DA3A9F1E4A8, 98C21DEEB7124426D749FACDAD06EBD7F500AE5C465A98D558919C2A51C08554 ] WmdmPmSN        C:\WINDOWS\system32\mspmsnsv.dll
08:57:23.0062 0x00b8  WmdmPmSN - ok
08:57:23.0171 0x00b8  [ E76F8807070ED04E7408A86D6D3A6137, BFCF5361B7335760A7AE4B6958DE516A27AC60AA09135A46F0B49F588FAFE3A0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
08:57:23.0250 0x00b8  Wmi - ok
08:57:23.0281 0x00b8  [ C42584FD66CE9E17403AEBCA199F7BDB, E3F2E1066F36AE5D33D4482239B2E556BE0C137923C9A120DFB36EC82F2E77B0 ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
08:57:23.0281 0x00b8  WmiAcpi - ok
08:57:23.0312 0x00b8  [ E0673F1106E62A68D2257E376079F821, 12992F18C9653050B10DC61D12988067933FCFDF02123D3A7EF5DE607A785DDC ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:57:23.0312 0x00b8  WmiApSrv - ok
08:57:23.0328 0x00b8  [ 6ABE6E225ADB5A751622A9CC3BC19CE8, 4061C5D0F051DFF1730E2A3BFC1CCA97B29602FC50F10F6B44D93B0D28F42024 ] WS2IFSL         C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:57:23.0328 0x00b8  WS2IFSL - ok
08:57:23.0359 0x00b8  [ 7C278E6408D1DCE642230C0585A854D5, DA46079A04F6E8E3441E4AE454AEAC02B3E935DE29CE7F6D4476F57867FCC12A ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
08:57:23.0359 0x00b8  wscsvc - ok
08:57:23.0390 0x00b8  [ 35321FB577CDC98CE3EB3A3EB9E4610A, C9A6F5CF282D8FCB3CDFCC4B306013480E78E1B664E1A60A4E27B161F9FFD4CD ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
08:57:23.0390 0x00b8  wuauserv - ok
08:57:23.0437 0x00b8  [ 81DC3F549F44B1C1FFF022DEC9ECF30B, 3D14BFEA539F9CEB16555BD56C5E3C7C8F6692FC62C2789F8AAEA1C042E63940 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
08:57:23.0468 0x00b8  WZCSVC - ok
08:57:23.0500 0x00b8  [ 295D21F14C335B53CB8154E5B1F892B9, 9418477C2E3EA93E93D931A4EDD4500DA568FAD6040204B5201D1080203B0BBC ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
08:57:23.0500 0x00b8  xmlprov - ok
08:57:23.0578 0x00b8  [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService  C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
08:57:23.0593 0x00b8  YahooAUService - ok
08:57:23.0609 0x00b8  ================ Scan global ===============================
08:57:23.0640 0x00b8  [ 42F1F4C0AFB08410E5F02D4B13EBB623, 924C30587C51C0D1E1F47991969AF492A644552E15F2480EA991DCB74A3E68D5 ] C:\WINDOWS\system32\basesrv.dll
08:57:23.0671 0x00b8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:57:23.0703 0x00b8  [ 69AE2B2E6968C316536E5B10B9702E63, D9C5DA7A20DDE69D91E72400C3F06F3CB099DEF42EA6C53FCE076258A0C22391 ] C:\WINDOWS\system32\winsrv.dll
08:57:23.0718 0x00b8  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] C:\WINDOWS\system32\services.exe
08:57:23.0718 0x00b8  [ Global ] - ok
08:57:23.0718 0x00b8  ================ Scan MBR ==================================
08:57:23.0734 0x00b8  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
08:57:23.0921 0x00b8  \Device\Harddisk0\DR0 - ok
08:57:23.0921 0x00b8  ================ Scan VBR ==================================
08:57:23.0921 0x00b8  [ 8BD15E07FA6C30ED688C893C34679773 ] \Device\Harddisk0\DR0\Partition1
08:57:23.0921 0x00b8  \Device\Harddisk0\DR0\Partition1 - ok
08:57:23.0921 0x00b8  Waiting for KSN requests completion. In queue: 202
08:57:24.0921 0x00b8  Waiting for KSN requests completion. In queue: 202
08:57:25.0921 0x00b8  Waiting for KSN requests completion. In queue: 202
08:57:26.0953 0x00b8  AV detected via SS1: Microsoft Security Essentials, 4.4.0304.0, disabled, updated
08:57:26.0953 0x00b8  Win FW state via NFM: enabled
08:57:29.0453 0x00b8  ============================================================
08:57:29.0453 0x00b8  Scan finished
08:57:29.0453 0x00b8  ============================================================
08:57:29.0468 0x0b58  Detected object count: 0
08:57:29.0468 0x0b58  Actual detected object count: 0
09:00:35.0578 0x0bbc  Deinitialize success
 
ADWCLEANER
# AdwCleaner v3.016 - Report created 23/12/2013 at 09:01:22
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Jeff - JEFF
# Running from : C:\Documents and Settings\Jeff\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A498D792D0AD2F4DADF03B3C066122B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C697F962E048A434B8AE269E702964C8
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [842 octets] - [28/09/2013 11:10:55]
AdwCleaner[R1].txt - [1048 octets] - [31/10/2013 11:14:29]
AdwCleaner[R2].txt - [1109 octets] - [01/11/2013 06:32:19]
AdwCleaner[R3].txt - [10945 octets] - [02/11/2013 08:35:42]
AdwCleaner[R4].txt - [1488 octets] - [21/12/2013 10:20:46]
AdwCleaner[R5].txt - [1343 octets] - [21/12/2013 10:28:29]
AdwCleaner[R6].txt - [1288 octets] - [23/12/2013 09:01:22]
AdwCleaner[S0].txt - [908 octets] - [28/09/2013 11:11:48]
AdwCleaner[S1].txt - [1179 octets] - [01/11/2013 06:33:09]
AdwCleaner[S2].txt - [11107 octets] - [02/11/2013 08:36:28]
AdwCleaner[S3].txt - [1553 octets] - [21/12/2013 10:24:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R6].txt - [1588 octets] ##########
 
Thanks Vdicaprio


#4 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 25 December 2013 - 12:30 PM

Hi,
 
Sorry for any delay....not sure what happened? 
 
Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.  Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



RCUpdate1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet.  The connection is automatically restored before CF completes its run.  If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
4. If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
----------


Posted Image
 
 

#5 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 26 December 2013 - 06:58 AM

Jeff

 

thanks - here is the CF log.

 

ComboFix 13-12-26.01 - Jeff 12/26/2013   7:43.7.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2241 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LEVEL_QUALITY_WATCHER
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-26 to 2013-12-26  )))))))))))))))))))))))))))))))
.
.
2013-12-24 13:38 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8994DD20-F033-4CC9-80B2-2C856C55E393}\mpengine.dll
2013-12-23 14:05 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 16:55 . 2013-12-21 16:55 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\PDF Writer
2013-12-21 15:29 . 2013-12-21 15:30 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-12-20 22:59 . 2013-12-20 22:59 -------- d-----w- c:\program files\Enigma Software Group
2013-12-20 22:59 . 2013-12-20 23:15 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-20 22:59 . 2013-12-20 22:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-12-12 13:50 . 2013-12-12 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-11-26 20:51 . 2013-12-21 16:16 -------- d-----w- C:\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 16:22 . 2012-04-03 19:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:22 . 2011-05-19 11:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2011-06-25 15:02 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-08 12:45 . 2013-11-01 18:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-07 05:38 . 2008-04-25 16:16 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 11:59 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-04-25 16:16 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2008-04-25 16:16 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2008-04-25 16:16 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-25 16:16 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2008-04-25 16:16 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-25 16:16 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-25 16:16 603136 ----a-w- c:\windows\system32\crypt32.dll
2013-09-27 14:53 . 2010-10-25 01:25 214696 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn8\yt.dll" [2013-05-01 1500952]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 14:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 19:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21 16855552 ------w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [9/4/2008 2:25 PM 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/4/2008 2:25 PM 43480]
S2 elAPIsvc;elAPI - Service Server;c:\program files\DOS2USB\elsvc.exe [10/14/2010 4:08 PM 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-20 23:32 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:22]
.
2012-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-18 20:58]
.
2013-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-18 20:58]
.
2013-12-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
2013-12-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2013-12-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: bxcleve.com\www
Trusted Zone: bxohio.com\www
Trusted Zone: private-planroom.com\subs
Trusted Zone: private-planroom.com\www
TCP: DhcpNameServer = 192.168.254.254
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://www.ipinviewer.com/binInstall/IVSLite.CAB
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Dell QuickSet - c:\program files\Dell\QuickSet\quickset.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-26 07:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\DKabcoms.exe
c:\program files\Dell Network Assistant\hnm_svc.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2013-12-26  07:54:01 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-26 12:53
.
Pre-Run: 119,123,779,584 bytes free
Post-Run: 119,448,096,768 bytes free
.
- - End Of File - - 46ACB4E2285A6DE192FBB7D8111F37B1
8F558EB6672622401DA993E1E865C861
 
Vdicario


#6 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:09 AM

Hi,
 
ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::

    DDS::
    Trusted Zone: bxcleve.com\www
    Trusted Zone: bxohio.com\www
    Trusted Zone: private-planroom.com\subs
    Trusted Zone: private-planroom.com\www

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
 
Post the new ComboFix log and let me know how your system is running now.  :)


Posted Image
 
 

#7 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 26 December 2013 - 04:04 PM

Jeff

 

New Combofix log is below.  the computer seems to be better but i still see the "level quality watche" in the add / remove programs list.

 

ComboFix 13-12-26.01 - Jeff 12/26/2013  16:55:40.8.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2352 [GMT -5:00]
Running from: c:\documents and settings\Jeff\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jeff\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-26 to 2013-12-26  )))))))))))))))))))))))))))))))
.
.
2013-12-26 13:01 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{90DA234B-4D17-47DC-9E0B-A9B84E12D974}\mpengine.dll
2013-12-26 12:57 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-21 16:55 . 2013-12-21 16:55 -------- d-----w- c:\documents and settings\Jeff\Local Settings\Application Data\PDF Writer
2013-12-21 15:29 . 2013-12-21 15:30 -------- d-----w- c:\program files\Hosts_Anti_Adwares_PUPs
2013-12-20 22:59 . 2013-12-20 22:59 -------- d-----w- c:\program files\Enigma Software Group
2013-12-20 22:59 . 2013-12-20 23:15 -------- d-----w- c:\windows\220FB0354744483A9A0B41DF77061583.TMP
2013-12-20 22:59 . 2013-12-20 22:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-12-12 13:50 . 2013-12-12 13:50 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-11 16:22 . 2012-04-03 19:33 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:22 . 2011-05-19 11:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2011-06-25 15:02 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59 . 2008-04-25 16:16 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-08 12:45 . 2013-11-01 18:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-07 05:38 . 2008-04-25 16:16 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03 . 2009-04-17 11:59 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26 . 2008-04-25 16:16 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57 . 2008-04-25 16:16 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 07:57 . 2008-04-25 16:16 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 00:45 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2013-10-23 23:45 . 2008-04-25 16:16 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56 . 2008-04-25 16:16 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12 . 2008-04-25 16:16 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59 . 2008-04-25 16:16 603136 ----a-w- c:\windows\system32\crypt32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn8\yt.dll" [2013-05-01 1500952]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2013-10-10 20:26 1021448 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 137752]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-30 2220032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2013-10-10 1056264]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [2000-1-21 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-21 21:24 159744 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 11:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellAutomatedPCTuneUp]
2007-10-11 14:49 465136 ----a-w- c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-02-28 19:59 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 18:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-21 21:21 16855552 ------w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 dkab_device;dkab_device;c:\windows\system32\DKabcoms.exe -service --> c:\windows\system32\DKabcoms.exe -service [?]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [9/4/2008 2:25 PM 48472]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [9/4/2008 2:25 PM 43480]
S2 elAPIsvc;elAPI - Service Server;c:\program files\DOS2USB\elsvc.exe [10/14/2010 4:08 PM 45056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-20 23:32 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 16:22]
.
2012-08-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-18 20:58]
.
2013-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-18 20:58]
.
2013-12-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 20:01]
.
2013-12-23 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]
.
2013-12-26 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.254.254
DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} - hxxp://www.ipinviewer.com/binInstall/IVSLite.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-26 16:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(900)
c:\windows\System32\BCMLogon.dll
.
- - - - - - - > 'explorer.exe'(2840)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2013-12-26  17:00:46
ComboFix-quarantined-files.txt  2013-12-26 22:00
ComboFix2.txt  2013-12-26 12:54
.
Pre-Run: 119,179,964,416 bytes free
Post-Run: 118,954,209,280 bytes free
.
- - End Of File - - EB41048209D6CD8D44B46C20A777847A
8F558EB6672622401DA993E1E865C861
 

thanks  Vdicaprio



#8 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 26 December 2013 - 07:50 PM

Ok thanks for letting me know.  :)
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


Posted Image
 
 

#9 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 27 December 2013 - 06:42 AM

Jeff

 

I am unable to get / find the Extras.txt file.  The first time I ran OTL it opened two files in notepad, like it was going to create the OTL.txt and Extras.txt but both were empty.  When I ran OTL a second time it automatically opened up OTL.txt in notepad but there was no Extras.txt.  I have searched the entire harddrive and cannot find the Extras.txt log.  I ran OTL a couple of more times and all I get is the OTL.txt file so it is attached below:

 

OTL logfile created on: 12/27/2013 7:35:39 AM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jeff\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.63% Memory free
4.83 Gb Paging File | 4.50 Gb Available in Paging File | 93.19% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 111.14 Gb Free Space | 79.82% Space Free | Partition Type: NTFS
 
Computer Name: JEFF | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Jeff\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\DOS2USB\elsvc.exe ()
PRC - C:\WINDOWS\system32\dkabcoms.exe ( )
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\DOS2USB\elsvc.exe ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (elAPIsvc) -- C:\Program Files\DOS2USB\elsvc.exe ()
SRV - (dkab_device) -- C:\WINDOWS\system32\dkabcoms.exe ( )
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (DellAMBrokerService) -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe ()
SRV - (hnmsvc) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe (SingleClick Systems)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro )
DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro )
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (datunidr) -- C:\WINDOWS\system32\drivers\datunidr.sys (Gteko Ltd.)
DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (Packet) -- C:\WINDOWS\system32\drivers\packet.sys (SingleClick Systems)
DRV - (PTproct) -- C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys (Gteko Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=5080904
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6D847C66-4573-4D5D-B07B-F81C8AC872E3}: "URL" = http://delicious.com...p={searchTerms}
IE - HKCU\..\SearchScopes\{8C80695A-5A4F-4A6F-A826-183C8E3EA926}: "URL" = http://www.flickr.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{DEC54E9A-A441-4B15-8AFF-FE57F978619F}: "URL" = http://search.yahoo....f-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{FA17FB25-75B8-4665-B6AA-5F88C81D4CC4}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...={searchTerms},
CHR - Extension: Google Docs = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Jeff\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2013/12/26 07:49:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.1.cab (AlternaTIFF ActiveX)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4A769165-055C-4566-ABBB-3EA82DD4F8AE} http://www.ipinviewe...all/IVSLite.CAB (IVSLite.FastViewer)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1296769982640 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.we...ent/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1335B6E7-E3A1-4A35-B017-7332703EB27C}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/27 07:23:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/12/27 07:15:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2013/12/26 07:41:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/12/26 07:41:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/12/26 07:41:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/12/26 07:41:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/12/26 07:41:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/26 07:37:10 | 005,158,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2013/12/23 08:50:01 | 004,121,952 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeff\Desktop\tdsskiller.exe
[2013/12/23 08:48:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com
[2013/12/21 11:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Local Settings\Application Data\PDF Writer
[2013/12/21 11:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bullzip
[2013/12/21 11:52:56 | 000,227,840 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzFlRdr.dll
[2013/12/21 11:52:56 | 000,147,456 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzpdfc.dll
[2013/12/21 11:52:56 | 000,103,424 | ---- | C] (Bullzip) -- C:\WINDOWS\System32\bzDCT.dll
[2013/12/21 11:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeff\Application Data\PDF Writer
[2013/12/21 11:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2013/12/21 11:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2013/12/21 11:52:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bullzip
[2013/12/21 11:26:31 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jeff\Desktop\HijackThis.exe
[2013/12/21 10:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\Hosts_Anti_Adwares_PUPs
[2013/12/20 18:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2013/12/20 17:59:56 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/20 17:59:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/12/13 08:56:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/12/12 08:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/27 07:22:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/27 07:21:06 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/27 07:15:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeff\Desktop\OTL.exe
[2013/12/27 07:11:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/27 07:11:07 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 07:11:00 | 000,002,048 | ---- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/27 07:10:58 | 3211,186,176 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/26 16:54:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 16:01:34 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2013/12/26 14:08:10 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Microsoft Word.lnk
[2013/12/26 07:49:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/26 07:37:25 | 005,158,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
[2013/12/24 08:52:05 | 000,191,278 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\Medina Hospital Boiler Replacement RFP V1.pdf
[2013/12/23 08:51:03 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\AdwCleaner.exe
[2013/12/23 08:48:52 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Jeff\Desktop\dds.com
[2013/12/23 08:36:03 | 000,000,564 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2013/12/21 11:52:59 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Bullzip PDF Printer.lnk
[2013/12/21 11:26:35 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jeff\Desktop\HijackThis.exe
[2013/12/21 10:09:20 | 000,001,833 | ---- | M] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/20 18:32:24 | 000,001,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/20 17:38:51 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2013/12/20 14:39:22 | 000,100,386 | ---- | M] () -- C:\Documents and Settings\Jeff\My Documents\PO #2130057; C516552-2-2.pdf
[2013/12/17 12:49:21 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\Jeff\Desktop\Microsoft Excel.lnk
[2013/12/13 08:56:14 | 000,001,917 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/12/13 08:12:30 | 000,000,130 | ---- | M] () -- C:\WINDOWS\IVSLite.ini
[2013/12/12 16:56:28 | 000,409,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/12 12:02:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/11 11:22:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 11:22:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/26 07:41:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/12/26 07:41:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/12/26 07:41:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/12/26 07:41:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/12/26 07:41:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/24 08:52:05 | 000,191,278 | ---- | C] () -- C:\Documents and Settings\Jeff\My Documents\Medina Hospital Boiler Replacement RFP V1.pdf
[2013/12/21 11:52:59 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\Bullzip PDF Printer.lnk
[2013/12/21 11:52:47 | 000,476,160 | ---- | C] () -- C:\WINDOWS\System32\TabStripCtlU.ocx
[2013/12/21 11:52:46 | 001,103,872 | ---- | C] () -- C:\WINDOWS\System32\CBLCtlsU.ocx
[2013/12/21 11:52:46 | 001,061,888 | ---- | C] () -- C:\WINDOWS\System32\ExLvwU.ocx
[2013/12/21 11:52:46 | 000,805,376 | ---- | C] () -- C:\WINDOWS\System32\EditCtlsU.ocx
[2013/12/21 11:52:46 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\BtnCtlsU.ocx
[2013/12/21 11:52:46 | 000,539,648 | ---- | C] () -- C:\WINDOWS\System32\LblCtlsU.ocx
[2013/12/21 10:18:21 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\Jeff\Desktop\AdwCleaner.exe
[2013/12/20 18:32:24 | 000,001,833 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/20 18:32:24 | 000,001,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/20 14:39:22 | 000,100,386 | ---- | C] () -- C:\Documents and Settings\Jeff\My Documents\PO #2130057; C516552-2-2.pdf
[2013/12/13 08:56:14 | 000,001,917 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/10/14 13:01:27 | 000,579,008 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/10/11 11:59:29 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Jeff\Application Data\mbam.context.scan
[2013/06/10 07:13:59 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/06/10 07:13:44 | 000,413,738 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2012/02/16 10:08:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/10/14 16:08:43 | 000,010,534 | ---- | C] () -- C:\Documents and Settings\All Users\snddrv.sys
[2010/10/14 16:08:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jeff\dos2usb.spl
[2009/02/12 16:38:57 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 09:55:42 | 000,080,592 | ---- | C] () -- C:\Documents and Settings\Jeff\Gwbasic.exe
[2008/10/29 09:54:23 | 000,054,310 | -H-- | C] () -- C:\Documents and Settings\Jeff\F95dbj.bas
[2008/10/29 09:54:23 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Jeff\FWH.BAT
[2008/10/29 09:54:23 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Jeff\ccbw.bat
[2008/10/29 09:54:23 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\Jeff\cend.bat
[2008/10/17 09:19:54 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Jeff\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2008/04/25 16:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 03:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/07/30 06:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\036DFF980008AC030000EB4B7B07D287
[2010/05/03 15:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2012/09/01 12:34:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Carbonite
[2013/10/16 10:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dpWW3333
[2011/02/16 08:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2013/12/12 08:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2011/03/09 15:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2013/12/21 11:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2013/12/20 17:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/10/02 13:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008/10/09 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/09/04 11:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2009/05/05 08:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\Autodesk
[2011/03/09 15:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\PCDr
[2013/12/21 11:55:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\PDF Writer
[2010/03/24 09:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\pdf995
[2013/04/04 09:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jeff\Application Data\webex
 
========== Purity Check ==========
 
 
 
< End of report >


#10 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 07:12 AM

Ok no worries.....OTL only makes the Extras.txt on the first run of the tool.  Let's get another copy.  :)
 
ttLR1ki.jpg

Please open OTL.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)
  • In the Extra Registry section change it to All
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open 2 notepad windows, OTL.Txt and Extra.txt. Please post the Extra.txt.
----------


Posted Image
 
 

    Advertisements

Register to Remove


#11 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 27 December 2013 - 01:22 PM

Jeff

 

I got it this time.  Extras.txt posted below:

 

OTL Extras logfile created on: 12/27/2013 2:18:31 PM - Run 7
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Jeff\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.99 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 82.61% Memory free
4.83 Gb Paging File | 4.51 Gb Available in Paging File | 93.38% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.25 Gb Total Space | 111.03 Gb Free Space | 79.74% Space Free | Partition Type: NTFS
 
Computer Name: JEFF | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- "%1" %*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.scr [@ = DWGTrueViewScriptFile] -- C:\WINDOWS\System32\notepad.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0D691876-ABA3-4D11-95FA-0A2232FCE055}" = Chimney Sizer 4.1
"{0F9F2CFA-7810-49BD-B933-2E8128767960}" = IPIN Viewing System Professional
"{10AB8F68-6962-4ACA-AE28-2600828B62AE}" = Kyocera TWAIN Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{373B90E1-A28C-434C-92B6-7281AFA6115A}" = WOT for Internet Explorer
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B4D15B5-C666-490D-AF91-0EEEDE73E2E2}" = SecureQuote
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EBC0489-5E47-498D-BE31-B094484612E9}" = Autodesk Revit Building 8.1
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AudibleManager" = AudibleManager
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"BLCC5" = BLCC5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 10.1.0.1871
"Carbonite Backup" = Carbonite
"Dell Laser MFP 1600n" = Dell Laser MFP 1600n Software Uninstall
"Dell Support Center" = Dell Support Center
"Dell_HostCD" = Dell Printer Software Uninstall
"DWG TrueView 2010" = DWG TrueView 2010
"FastBidX Plugin" = FastBidX Plugin (remove only)
"Google Chrome" = Google Chrome
"Graph_is1" = Graph 4.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hurst CAD Library (Hurst)" = Hurst CAD Library 3.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{10AB8F68-6962-4ACA-AE28-2600828B62AE}" = Kyocera TWAIN Driver
"Kyocera Product Library" = Kyocera Product Library
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SpywareBlaster_is1" = SpywareBlaster 4.6
"ST6UNST #1" = Metal-Fab Pipe Sizing Program
"ST6UNST #2" = Exhaust Sizing Program
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.8.0.723
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/23/2013 7:56:59 AM | Computer Name = JEFF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10003.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 10/23/2013 7:57:03 AM | Computer Name = JEFF | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data  will not
 be returned. Error code returned is in data DWORD 0.
 
Error - 10/24/2013 7:29:25 AM | Computer Name = JEFF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10003.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 10/24/2013 7:29:27 AM | Computer Name = JEFF | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data  will not
 be returned. Error code returned is in data DWORD 0.
 
Error - 10/25/2013 7:56:40 AM | Computer Name = JEFF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
 P4 1.1.10003.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
 
Error - 10/25/2013 7:56:44 AM | Computer Name = JEFF | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data  will not
 be returned. Error code returned is in data DWORD 0.
 
Error - 10/25/2013 4:09:12 PM | Computer Name = JEFF | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
 valid source could be found for product Microsoft Office 2000 SR-1 Professional.
  The Windows installer cannot continue.
 
Error - 10/25/2013 4:22:00 PM | Computer Name = JEFF | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
 valid source could be found for product Microsoft Office 2000 SR-1 Professional.
  The Windows installer cannot continue.
 
Error - 10/25/2013 4:25:52 PM | Computer Name = JEFF | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
 valid source could be found for product Microsoft Office 2000 SR-1 Professional.
  The Windows installer cannot continue.
 
Error - 10/25/2013 4:27:24 PM | Computer Name = JEFF | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 SR-1 Professional -- Error 1706. No
 valid source could be found for product Microsoft Office 2000 SR-1 Professional.
  The Windows installer cannot continue.
 
[ System Events ]
Error - 12/27/2013 8:46:22 AM | Computer Name = JEFF | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
 to start due to the following error:   %%2
 
Error - 12/27/2013 8:46:53 AM | Computer Name = JEFF | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service CarboniteService
 with arguments ""  in order to run the server:  {36471C67-6A93-4434-92CC-4C614CD06666}
 
Error - 12/27/2013 8:46:54 AM | Computer Name = JEFF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CarboniteService service
 to connect.
 
Error - 12/27/2013 8:46:54 AM | Computer Name = JEFF | Source = Service Control Manager | ID = 7000
Description = The CarboniteService service failed to start due to the following 
error:   %%1053
 
Error - 12/27/2013 2:35:36 PM | Computer Name = JEFF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CarboniteService service
 to connect.
 
Error - 12/27/2013 2:35:36 PM | Computer Name = JEFF | Source = Service Control Manager | ID = 7000
Description = The CarboniteService service failed to start due to the following 
error:   %%1053
 
Error - 12/27/2013 2:35:36 PM | Computer Name = JEFF | Source = Service Control Manager | ID = 7000
Description = The SupportSoft Sprocket Service (dellsupportcenter) service failed
 to start due to the following error:   %%2
 
Error - 12/27/2013 2:36:07 PM | Computer Name = JEFF | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service CarboniteService
 with arguments ""  in order to run the server:  {36471C67-6A93-4434-92CC-4C614CD06666}
 
Error - 12/27/2013 2:36:07 PM | Computer Name = JEFF | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the CarboniteService service
 to connect.
 
Error - 12/27/2013 2:36:07 PM | Computer Name = JEFF | Source = Service Control Manager | ID = 7000
Description = The CarboniteService service failed to start due to the following 
error:   %%1053
 
 
< End of report >
 
Thanks Vdicaprio


#12 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 01:39 PM

Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.

C:\Documents and Settings\All Users\snddrv.sys


Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.
----------


Posted Image
 
 

#13 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 27 December 2013 - 02:06 PM

Jeff

 

I ran the virus tool - the link to the result is below:

 

https://www.virustot...sis/1388174664/

 

Vdicaproi



#14 jeffce

jeffce

    Malware Guy

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,693 posts

Posted 27 December 2013 - 02:11 PM

Out of curiosity....is this a work computer?? 


Posted Image
 
 

#15 vdicaprio

vdicaprio

    Authentic Member

  • Authentic Member
  • PipPip
  • 89 posts

Posted 27 December 2013 - 03:07 PM

Yes


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users