WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

IE10 browser & Outlook.com erratic [Solved]

Started by kangaroo , Jan 19 2014 11:13 PM

This topic is locked

35 replies to this topic

#16 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 26 January 2014 - 07:53 PM

Hi Tomk,

I've run the TDSSKiller scan but it didn't go quite according to directions. In Step 6, the three options offered were Skip, Copy to Quarantine, and Delete. There was no option to Cure!

I've left the option on Skip and it just completed the scan. No offer to reboot but just returned to the first screen to Start Scan with found objects as in screen snip.

By the way, Change Parameters screen was a little different. Objects to Scan gave 4 options, three of which were ticked (see attached screen snip); I left those parameters as default and ticked the Additional items you advised.

I've also attached screen snips of the results and completed windows.

Here is the report created:

12:07:09.0734 5000 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:07:09.0754 5000 ============================================================
12:07:09.0754 5000 Current date / time: 2014/01/27 12:07:09.0754
12:07:09.0754 5000 SystemInfo:
12:07:09.0754 5000
12:07:09.0754 5000 OS Version: 6.1.7601 ServicePack: 1.0
12:07:09.0754 5000 Product type: Workstation
12:07:09.0754 5000 ComputerName: HEATHER-PC
12:07:09.0754 5000 UserName: Heather
12:07:09.0754 5000 Windows directory: C:\Windows
12:07:09.0754 5000 System windows directory: C:\Windows
12:07:09.0754 5000 Running under WOW64
12:07:09.0754 5000 Processor architecture: Intel x64
12:07:09.0754 5000 Number of processors: 2
12:07:09.0754 5000 Page size: 0x1000
12:07:09.0754 5000 Boot type: Normal boot
12:07:09.0754 5000 ============================================================
12:07:10.0094 5000 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:07:10.0114 5000 Drive \Device\Harddisk2\DR2 - Size: 0x1EF80000 (0.48 Gb), SectorSize: 0x200, Cylinders: 0x3F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:07:10.0124 5000 ============================================================
12:07:10.0124 5000 \Device\Harddisk0\DR0:
12:07:10.0124 5000 MBR partitions:
12:07:10.0124 5000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
12:07:10.0124 5000 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x38625830
12:07:10.0124 5000 \Device\Harddisk2\DR2:
12:07:10.0124 5000 MBR partitions:
12:07:10.0124 5000 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x4, StartLBA 0x20, BlocksNum 0xF7BE0
12:07:10.0124 5000 ============================================================
12:07:10.0154 5000 C: <-> \Device\Harddisk0\DR0\Partition2
12:07:10.0154 5000 ============================================================
12:07:10.0154 5000 Initialize success
12:07:10.0154 5000 ============================================================
12:08:08.0388 4804 ============================================================
12:08:08.0388 4804 Scan started
12:08:08.0388 4804 Mode: Manual; SigCheck; TDLFS;
12:08:08.0388 4804 ============================================================
12:08:08.0528 4804 ================ Scan system memory ========================
12:08:08.0528 4804 System memory - ok
12:08:08.0528 4804 ================ Scan services =============================
12:08:08.0728 4804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
12:08:08.0838 4804 1394ohci - ok
12:08:08.0878 4804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:08:08.0918 4804 ACPI - ok
12:08:08.0958 4804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:08:09.0038 4804 AcpiPmi - ok
12:08:09.0178 4804 [ B362181ED3771DC03B4141927C80F801 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:08:09.0198 4804 AdobeARMservice - ok
12:08:09.0348 4804 [ 1BA1AB4141A92EB34DA99F1249CA2D4D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:08:09.0378 4804 AdobeFlashPlayerUpdateSvc - ok
12:08:09.0448 4804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
12:08:09.0478 4804 adp94xx - ok
12:08:09.0518 4804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
12:08:09.0548 4804 adpahci - ok
12:08:09.0598 4804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
12:08:09.0628 4804 adpu320 - ok
12:08:09.0658 4804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:08:09.0818 4804 AeLookupSvc - ok
12:08:09.0868 4804 [ 79059559E89D06E8B80CE2944BE20228 ] AFD             C:\Windows\system32\drivers\afd.sys
12:08:09.0948 4804 AFD - ok
12:08:09.0988 4804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:08:10.0018 4804 agp440 - ok
12:08:10.0060 4804 [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
12:08:10.0110 4804 ALG - ok
12:08:10.0180 4804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:08:10.0200 4804 aliide - ok
12:08:10.0240 4804 [ 9A5495EDEBE7D6B3F7E9A86EBE5EA248 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:08:10.0300 4804 AMD External Events Utility - ok
12:08:10.0340 4804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:08:10.0360 4804 amdide - ok
12:08:10.0400 4804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:08:10.0460 4804 AmdK8 - ok
12:08:10.0480 4804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
12:08:10.0520 4804 AmdPPM - ok
12:08:10.0570 4804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:08:10.0590 4804 amdsata - ok
12:08:10.0620 4804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
12:08:10.0650 4804 amdsbs - ok
12:08:10.0680 4804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:08:10.0700 4804 amdxata - ok
12:08:10.0730 4804 [ 98449A2957778A6F025C418438A380F4 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
12:08:10.0770 4804 ApfiltrService - ok
12:08:10.0840 4804 [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
12:08:11.0010 4804 AppID - ok
12:08:11.0030 4804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:08:11.0120 4804 AppIDSvc - ok
12:08:11.0190 4804 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
12:08:11.0250 4804 Appinfo - ok
12:08:11.0320 4804 [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
12:08:11.0350 4804 arc - ok
12:08:11.0370 4804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
12:08:11.0390 4804 arcsas - ok
12:08:11.0480 4804 [ 57483E691D635510533E081EC4CB81EC ] aswKbd          C:\Windows\system32\drivers\aswKbd.sys
12:08:11.0510 4804 aswKbd - ok
12:08:11.0570 4804 [ 9C2BEA3957EFFD45F352F0938DFB3721 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
12:08:11.0600 4804 aswMonFlt - ok
12:08:11.0670 4804 [ 679712B7A353EE665B9301592164A172 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
12:08:11.0700 4804 aswRdr - ok
12:08:11.0760 4804 [ C04F7B373881009D7994D9BF55D24AB4 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
12:08:11.0790 4804 aswRvrt - ok
12:08:11.0850 4804 [ 52B5F8FAF7E78C02D26B0B6E3A05F596 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
12:08:11.0900 4804 aswSnx - ok
12:08:11.0980 4804 [ 251360C2FCA22BAFE0583314B3262F98 ] aswSP           C:\Windows\system32\drivers\aswSP.sys
12:08:12.0020 4804 aswSP - ok
12:08:12.0060 4804 [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F ] aswStm          C:\Windows\system32\drivers\aswStm.sys
12:08:12.0090 4804 aswStm - ok
12:08:12.0140 4804 [ 90399625F341AB76BA4B85A5E860EB1F ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
12:08:12.0170 4804 aswVmm - ok
12:08:12.0210 4804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:08:12.0280 4804 AsyncMac - ok
12:08:12.0330 4804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
12:08:12.0360 4804 atapi - ok
12:08:12.0520 4804 [ A08339AE90972E268B9622C668F450E8 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
12:08:12.0700 4804 atikmdag - ok
12:08:12.0790 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:08:12.0890 4804 AudioEndpointBuilder - ok
12:08:12.0900 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:08:12.0950 4804 AudioSrv - ok
12:08:13.0060 4804 [ D74884939D53612FD84AC82C59CCFE27 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
12:08:13.0090 4804 avast! Antivirus - ok
12:08:13.0130 4804 [ 1247D6B0F35AA93774CFBFD73203D857 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
12:08:13.0170 4804 avast! Firewall - ok
12:08:13.0250 4804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:08:13.0340 4804 AxInstSV - ok
12:08:13.0380 4804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
12:08:13.0430 4804 b06bdrv - ok
12:08:13.0470 4804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:08:13.0530 4804 b57nd60a - ok
12:08:13.0570 4804 [ E001DD475A7C27EBE5A0DB45C11BAD71 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
12:08:13.0590 4804 BCM42RLY - ok
12:08:13.0690 4804 [ F4CD5F52850BF2C978DE178F256BA372 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
12:08:13.0750 4804 BCM43XX - ok
12:08:13.0800 4804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:08:13.0840 4804 BDESVC - ok
12:08:13.0890 4804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:08:13.0980 4804 Beep - ok
12:08:14.0060 4804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
12:08:14.0150 4804 BFE - ok
12:08:14.0190 4804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
12:08:14.0270 4804 BITS - ok
12:08:14.0570 4804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:08:14.0620 4804 blbdrive - ok
12:08:14.0680 4804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:08:14.0730 4804 bowser - ok
12:08:14.0760 4804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:08:14.0800 4804 BrFiltLo - ok
12:08:14.0820 4804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:08:14.0870 4804 BrFiltUp - ok
12:08:14.0940 4804 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
12:08:15.0020 4804 BridgeMP - ok
12:08:15.0060 4804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
12:08:15.0120 4804 Browser - ok
12:08:15.0150 4804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:08:15.0190 4804 Brserid - ok
12:08:15.0210 4804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:08:15.0250 4804 BrSerWdm - ok
12:08:15.0300 4804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:08:15.0370 4804 BrUsbMdm - ok
12:08:15.0380 4804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:08:15.0420 4804 BrUsbSer - ok
12:08:15.0460 4804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:08:15.0520 4804 BTHMODEM - ok
12:08:15.0560 4804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
12:08:15.0610 4804 bthserv - ok
12:08:15.0670 4804 catchme - ok
12:08:15.0740 4804 [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:08:15.0810 4804 cdfs - ok
12:08:15.0860 4804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:08:15.0890 4804 cdrom - ok
12:08:15.0930 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
12:08:16.0010 4804 CertPropSvc - ok
12:08:16.0040 4804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
12:08:16.0100 4804 circlass - ok
12:08:16.0160 4804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
12:08:16.0190 4804 CLFS - ok
12:08:16.0250 4804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:08:16.0280 4804 clr_optimization_v2.0.50727_32 - ok
12:08:16.0340 4804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:08:16.0370 4804 clr_optimization_v2.0.50727_64 - ok
12:08:16.0450 4804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:08:16.0470 4804 clr_optimization_v4.0.30319_32 - ok
12:08:16.0500 4804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:08:16.0520 4804 clr_optimization_v4.0.30319_64 - ok
12:08:16.0550 4804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:08:16.0610 4804 CmBatt - ok
12:08:16.0650 4804 [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:08:16.0680 4804 cmdide - ok
12:08:16.0730 4804 [ EBF28856F69CF094A902F884CF989706 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:08:16.0770 4804 CNG - ok
12:08:16.0810 4804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:08:16.0830 4804 Compbatt - ok
12:08:16.0880 4804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
12:08:16.0950 4804 CompositeBus - ok
12:08:16.0980 4804 COMSysApp - ok
12:08:17.0000 4804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
12:08:17.0020 4804 crcdisk - ok
12:08:17.0070 4804 [ 0D7F96AF026D7C1AFDE2A83980A65018 ] CryptOSD        C:\Windows\system32\DRIVERS\CryptOSD.sys
12:08:17.0130 4804 CryptOSD - ok
12:08:17.0170 4804 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:08:17.0250 4804 CryptSvc - ok
12:08:17.0290 4804 [ ED5CF92396A62F4C15110DCDB5E854D9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:08:17.0340 4804 CtClsFlt - ok
12:08:17.0410 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:08:17.0560 4804 DcomLaunch - ok
12:08:17.0650 4804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
12:08:17.0710 4804 defragsvc - ok
12:08:17.0800 4804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:08:17.0890 4804 DfsC - ok
12:08:17.0940 4804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:08:18.0020 4804 Dhcp - ok
12:08:18.0050 4804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
12:08:18.0120 4804 discache - ok
12:08:18.0190 4804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
12:08:18.0210 4804 Disk - ok
12:08:18.0240 4804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:08:18.0320 4804 Dnscache - ok
12:08:18.0400 4804 [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
12:08:18.0460 4804 DockLoginService ( UnsignedFile.Multi.Generic ) - warning
12:08:18.0460 4804 DockLoginService - detected UnsignedFile.Multi.Generic (1)
12:08:18.0520 4804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:08:18.0590 4804 dot3svc - ok
12:08:18.0630 4804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
12:08:18.0710 4804 DPS - ok
12:08:18.0770 4804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:08:18.0810 4804 drmkaud - ok
12:08:18.0870 4804 [ 88612F1CE3BF42256913BF6E61C70D52 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:08:18.0910 4804 DXGKrnl - ok
12:08:18.0940 4804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
12:08:19.0020 4804 EapHost - ok
12:08:19.0110 4804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
12:08:19.0210 4804 ebdrv - ok
12:08:19.0250 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] EFS             C:\Windows\System32\lsass.exe
12:08:19.0330 4804 EFS - ok
12:08:19.0400 4804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:08:19.0450 4804 ehRecvr - ok
12:08:19.0480 4804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
12:08:19.0530 4804 ehSched - ok
12:08:19.0580 4804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
12:08:19.0610 4804 elxstor - ok
12:08:19.0640 4804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:08:19.0690 4804 ErrDev - ok
12:08:19.0730 4804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
12:08:19.0770 4804 EventSystem - ok
12:08:19.0800 4804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
12:08:19.0890 4804 exfat - ok
12:08:19.0920 4804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:08:20.0010 4804 fastfat - ok
12:08:20.0070 4804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
12:08:20.0140 4804 Fax - ok
12:08:20.0180 4804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:08:20.0220 4804 fdc - ok
12:08:20.0240 4804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:08:20.0340 4804 fdPHost - ok
12:08:20.0370 4804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:08:20.0430 4804 FDResPub - ok
12:08:20.0460 4804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:08:20.0470 4804 FileInfo - ok
12:08:20.0490 4804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:08:20.0580 4804 Filetrace - ok
12:08:20.0590 4804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:08:20.0630 4804 flpydisk - ok
12:08:20.0660 4804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:08:20.0680 4804 FltMgr - ok
12:08:20.0750 4804 [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
12:08:20.0840 4804 FontCache - ok
12:08:20.0890 4804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:08:20.0920 4804 FontCache3.0.0.0 - ok
12:08:20.0940 4804 [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:08:20.0960 4804 FsDepends - ok
12:08:20.0990 4804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:08:21.0020 4804 Fs_Rec - ok
12:08:21.0070 4804 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:08:21.0100 4804 fvevol - ok
12:08:21.0120 4804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
12:08:21.0130 4804 gagp30kx - ok
12:08:21.0210 4804 [ D3316F6E3C011435F36E3D6E49B3196C ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
12:08:21.0230 4804 GoToAssist - ok
12:08:21.0280 4804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
12:08:21.0380 4804 gpsvc - ok
12:08:21.0500 4804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:21.0530 4804 gupdate - ok
12:08:21.0560 4804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:08:21.0590 4804 gupdatem - ok
12:08:21.0650 4804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:08:21.0670 4804 gusvc - ok
12:08:21.0700 4804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:08:21.0730 4804 hcw85cir - ok
12:08:21.0760 4804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
12:08:21.0810 4804 HDAudBus - ok
12:08:21.0820 4804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
12:08:21.0850 4804 HidBatt - ok
12:08:21.0870 4804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
12:08:21.0890 4804 HidBth - ok
12:08:21.0910 4804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
12:08:21.0940 4804 HidIr - ok
12:08:21.0980 4804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\System32\hidserv.dll
12:08:22.0060 4804 hidserv - ok
12:08:22.0110 4804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
12:08:22.0170 4804 HidUsb - ok
12:08:22.0190 4804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:08:22.0290 4804 hkmsvc - ok
12:08:22.0390 4804 [ 583431A6989FD8B901D1883C0299C471 ] hnmsvc          c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
12:08:22.0420 4804 hnmsvc - ok
12:08:22.0470 4804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:08:22.0520 4804 HomeGroupListener - ok
12:08:22.0560 4804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:08:22.0610 4804 HomeGroupProvider - ok
12:08:22.0650 4804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:08:22.0680 4804 HpSAMD - ok
12:08:22.0730 4804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:08:22.0790 4804 HTTP - ok
12:08:22.0830 4804 [ 8F9B0FC4EC3A8194BD4CBC5ED3E7ABEB ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
12:08:22.0870 4804 hwdatacard - ok
12:08:22.0910 4804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:08:22.0930 4804 hwpolicy - ok
12:08:22.0990 4804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:08:23.0020 4804 i8042prt - ok
12:08:23.0100 4804 [ 7548066DF68A8A1A56B043359F915F37 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:08:23.0130 4804 IAANTMON - ok
12:08:23.0170 4804 [ 4F6FB2CDBDEEFC47E7D2066E78254580 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:08:23.0190 4804 iaStor - ok
12:08:23.0230 4804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:08:23.0250 4804 iaStorV - ok
12:08:23.0310 4804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:08:23.0350 4804 idsvc - ok
12:08:23.0380 4804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
12:08:23.0410 4804 iirsp - ok
12:08:23.0480 4804 [ 344789398EC3EE5A4E00C52B31847946 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:08:23.0550 4804 IKEEXT - ok
12:08:23.0590 4804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
12:08:23.0620 4804 intelide - ok
12:08:23.0650 4804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:08:23.0700 4804 intelppm - ok
12:08:23.0740 4804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:08:23.0820 4804 IPBusEnum - ok
12:08:23.0880 4804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:08:23.0950 4804 IpFilterDriver - ok
12:08:23.0990 4804 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:08:24.0040 4804 iphlpsvc - ok
12:08:24.0080 4804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:08:24.0130 4804 IPMIDRV - ok
12:08:24.0150 4804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:08:24.0230 4804 IPNAT - ok
12:08:24.0270 4804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:08:24.0310 4804 IRENUM - ok
12:08:24.0330 4804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:08:24.0350 4804 isapnp - ok
12:08:24.0370 4804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:08:24.0410 4804 iScsiPrt - ok
12:08:24.0430 4804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:08:24.0440 4804 kbdclass - ok
12:08:24.0480 4804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:08:24.0530 4804 kbdhid - ok
12:08:24.0570 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] KeyIso          C:\Windows\system32\lsass.exe
12:08:24.0600 4804 KeyIso - ok
12:08:24.0640 4804 [ 8F489706472F7E9A06BAAA198703FA64 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:08:24.0670 4804 KSecDD - ok
12:08:24.0700 4804 [ 868A2CAAB12EFC7A021682BCA0EEC54C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:08:24.0730 4804 KSecPkg - ok
12:08:24.0750 4804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:08:24.0790 4804 ksthunk - ok
12:08:24.0830 4804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:08:24.0920 4804 KtmRm - ok
12:08:25.0000 4804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:08:25.0080 4804 LanmanServer - ok
12:08:25.0110 4804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:08:25.0190 4804 LanmanWorkstation - ok
12:08:25.0240 4804 [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:08:25.0320 4804 lltdio - ok
12:08:25.0360 4804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:08:25.0450 4804 lltdsvc - ok
12:08:25.0470 4804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:08:25.0510 4804 lmhosts - ok
12:08:25.0540 4804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
12:08:25.0560 4804 LSI_FC - ok
12:08:25.0590 4804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
12:08:25.0610 4804 LSI_SAS - ok
12:08:25.0640 4804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:08:25.0650 4804 LSI_SAS2 - ok
12:08:25.0670 4804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:08:25.0690 4804 LSI_SCSI - ok
12:08:25.0730 4804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
12:08:25.0800 4804 luafv - ok
12:08:25.0840 4804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:08:25.0870 4804 Mcx2Svc - ok
12:08:25.0890 4804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
12:08:25.0910 4804 megasas - ok
12:08:25.0940 4804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
12:08:25.0970 4804 MegaSR - ok
12:08:25.0990 4804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
12:08:26.0040 4804 MMCSS - ok
12:08:26.0060 4804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
12:08:26.0110 4804 Modem - ok
12:08:26.0150 4804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:08:26.0180 4804 monitor - ok
12:08:26.0220 4804 [ 95314C3A08589471983C2C8173F23CDA ] MonitorFunction C:\Windows\system32\DRIVERS\TVMonitor.sys
12:08:26.0250 4804 MonitorFunction - ok
12:08:26.0320 4804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:08:26.0340 4804 mouclass - ok
12:08:26.0370 4804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:08:26.0420 4804 mouhid - ok
12:08:26.0480 4804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:08:26.0510 4804 mountmgr - ok
12:08:26.0530 4804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:08:26.0540 4804 mpio - ok
12:08:26.0570 4804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:08:26.0640 4804 mpsdrv - ok
12:08:26.0690 4804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:08:26.0780 4804 MpsSvc - ok
12:08:26.0830 4804 [ 1A4F75E63C9FB84B85DFFC6B63FD5404 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:08:26.0860 4804 MRxDAV - ok
12:08:26.0900 4804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:08:26.0930 4804 mrxsmb - ok
12:08:26.0970 4804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:08:27.0020 4804 mrxsmb10 - ok
12:08:27.0050 4804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:08:27.0110 4804 mrxsmb20 - ok
12:08:27.0150 4804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:08:27.0180 4804 msahci - ok
12:08:27.0220 4804 [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:08:27.0230 4804 msdsm - ok
12:08:27.0250 4804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
12:08:27.0300 4804 MSDTC - ok
12:08:27.0340 4804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:08:27.0410 4804 Msfs - ok
12:08:27.0430 4804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:08:27.0510 4804 mshidkmdf - ok
12:08:27.0540 4804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:08:27.0560 4804 msisadrv - ok
12:08:27.0600 4804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:08:27.0670 4804 MSiSCSI - ok
12:08:27.0680 4804 msiserver - ok
12:08:27.0700 4804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:08:27.0760 4804 MSKSSRV - ok
12:08:27.0780 4804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:08:27.0830 4804 MSPCLOCK - ok
12:08:27.0860 4804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:08:27.0910 4804 MSPQM - ok
12:08:27.0960 4804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:08:28.0000 4804 MsRPC - ok
12:08:28.0030 4804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
12:08:28.0050 4804 mssmbios - ok
12:08:28.0070 4804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:08:28.0140 4804 MSTEE - ok
12:08:28.0160 4804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
12:08:28.0180 4804 MTConfig - ok
12:08:28.0200 4804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
12:08:28.0220 4804 Mup - ok
12:08:28.0260 4804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
12:08:28.0310 4804 napagent - ok
12:08:28.0360 4804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:08:28.0410 4804 NativeWifiP - ok
12:08:28.0460 4804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:08:28.0510 4804 NDIS - ok
12:08:28.0540 4804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:08:28.0600 4804 NdisCap - ok
12:08:28.0640 4804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:08:28.0720 4804 NdisTapi - ok
12:08:28.0750 4804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:08:28.0850 4804 Ndisuio - ok
12:08:28.0890 4804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:08:28.0970 4804 NdisWan - ok
12:08:29.0000 4804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:08:29.0070 4804 NDProxy - ok
12:08:29.0100 4804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:08:29.0170 4804 NetBIOS - ok
12:08:29.0190 4804 [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:08:29.0260 4804 NetBT - ok
12:08:29.0280 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] Netlogon        C:\Windows\system32\lsass.exe
12:08:29.0300 4804 Netlogon - ok
12:08:29.0350 4804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
12:08:29.0430 4804 Netman - ok
12:08:29.0460 4804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
12:08:29.0540 4804 netprofm - ok
12:08:29.0580 4804 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:08:29.0590 4804 NetTcpPortSharing - ok
12:08:29.0620 4804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
12:08:29.0660 4804 nfrd960 - ok
12:08:29.0690 4804 [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:08:29.0740 4804 NlaSvc - ok
12:08:29.0770 4804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:08:29.0810 4804 Npfs - ok
12:08:29.0840 4804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
12:08:29.0920 4804 nsi - ok
12:08:29.0930 4804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:08:29.0980 4804 nsiproxy - ok
12:08:30.0060 4804 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:08:30.0110 4804 Ntfs - ok
12:08:30.0130 4804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
12:08:30.0180 4804 Null - ok
12:08:30.0220 4804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:08:30.0240 4804 nvraid - ok
12:08:30.0270 4804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:08:30.0290 4804 nvstor - ok
12:08:30.0330 4804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:08:30.0350 4804 nv_agp - ok
12:08:30.0450 4804 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:08:30.0480 4804 odserv - ok
12:08:30.0500 4804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:08:30.0550 4804 ohci1394 - ok
12:08:30.0600 4804 [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:08:30.0620 4804 ose - ok
12:08:30.0660 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:08:30.0710 4804 p2pimsvc - ok
12:08:30.0740 4804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:08:30.0780 4804 p2psvc - ok
12:08:30.0820 4804 [ 99E6AA0AE2D05389BA7F7DFF6866B569 ] Packet          C:\Windows\system32\DRIVERS\packet.sys
12:08:30.0840 4804 Packet - ok
12:08:30.0880 4804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
12:08:30.0920 4804 Parport - ok
12:08:30.0950 4804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:08:30.0980 4804 partmgr - ok
12:08:30.0990 4804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:08:31.0050 4804 PcaSvc - ok
12:08:31.0080 4804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
12:08:31.0100 4804 pci - ok
12:08:31.0140 4804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
12:08:31.0160 4804 pciide - ok
12:08:31.0180 4804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
12:08:31.0200 4804 pcmcia - ok
12:08:31.0220 4804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:08:31.0230 4804 pcw - ok
12:08:31.0270 4804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:08:31.0340 4804 PEAUTH - ok
12:08:31.0430 4804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:08:31.0490 4804 PerfHost - ok
12:08:31.0560 4804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
12:08:31.0670 4804 pla - ok
12:08:31.0730 4804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:08:31.0800 4804 PlugPlay - ok
12:08:31.0810 4804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:08:31.0860 4804 PNRPAutoReg - ok
12:08:31.0890 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:08:31.0930 4804 PNRPsvc - ok
12:08:31.0970 4804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:08:32.0060 4804 PolicyAgent - ok
12:08:32.0110 4804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
12:08:32.0190 4804 Power - ok
12:08:32.0220 4804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:08:32.0300 4804 PptpMiniport - ok
12:08:32.0330 4804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
12:08:32.0390 4804 Processor - ok
12:08:32.0430 4804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:08:32.0500 4804 ProfSvc - ok
12:08:32.0510 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] ProtectedStorage C:\Windows\system32\lsass.exe
12:08:32.0530 4804 ProtectedStorage - ok
12:08:32.0580 4804 [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:08:32.0660 4804 Psched - ok
12:08:32.0700 4804 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
12:08:32.0720 4804 PxHlpa64 - ok
12:08:32.0770 4804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
12:08:32.0840 4804 ql2300 - ok
12:08:32.0880 4804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
12:08:32.0900 4804 ql40xx - ok
12:08:32.0940 4804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
12:08:32.0970 4804 QWAVE - ok
12:08:32.0980 4804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:08:33.0030 4804 QWAVEdrv - ok
12:08:33.0040 4804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:08:33.0120 4804 RasAcd - ok
12:08:33.0160 4804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:08:33.0230 4804 RasAgileVpn - ok
12:08:33.0260 4804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
12:08:33.0310 4804 RasAuto - ok
12:08:33.0340 4804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:08:33.0390 4804 Rasl2tp - ok
12:08:33.0440 4804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
12:08:33.0520 4804 RasMan - ok
12:08:33.0550 4804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:08:33.0630 4804 RasPppoe - ok
12:08:33.0660 4804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:08:33.0740 4804 RasSstp - ok
12:08:33.0780 4804 [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:08:33.0840 4804 rdbss - ok
12:08:33.0870 4804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
12:08:33.0920 4804 rdpbus - ok
12:08:33.0930 4804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:08:34.0010 4804 RDPCDD - ok
12:08:34.0050 4804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:08:34.0120 4804 RDPENCDD - ok
12:08:34.0140 4804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:08:34.0200 4804 RDPREFMP - ok
12:08:34.0280 4804 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:08:34.0330 4804 RdpVideoMiniport - ok
12:08:34.0370 4804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:08:34.0430 4804 RDPWD - ok
12:08:34.0490 4804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:08:34.0520 4804 rdyboost - ok
12:08:34.0550 4804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:08:34.0630 4804 RemoteAccess - ok
12:08:34.0680 4804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:08:34.0770 4804 RemoteRegistry - ok
12:08:34.0800 4804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:08:34.0870 4804 RpcEptMapper - ok
12:08:34.0890 4804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
12:08:34.0910 4804 RpcLocator - ok
12:08:34.0960 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\System32\rpcss.dll
12:08:35.0020 4804 RpcSs - ok
12:08:35.0070 4804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:08:35.0140 4804 rspndr - ok
12:08:35.0200 4804 [ 4A25DC970C58104602ED274DACAFD784 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
12:08:35.0240 4804 RSUSBSTOR - ok
12:08:35.0260 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] SamSs           C:\Windows\system32\lsass.exe
12:08:35.0280 4804 SamSs - ok
12:08:35.0310 4804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:08:35.0330 4804 sbp2port - ok
12:08:35.0372 4804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:08:35.0472 4804 SCardSvr - ok
12:08:35.0502 4804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:08:35.0582 4804 scfilter - ok
12:08:35.0642 4804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
12:08:35.0742 4804 Schedule - ok
12:08:35.0772 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:08:35.0812 4804 SCPolicySvc - ok
12:08:35.0852 4804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:08:35.0882 4804 SDRSVC - ok
12:08:35.0912 4804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:08:35.0952 4804 secdrv - ok
12:08:35.0992 4804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
12:08:36.0042 4804 seclogon - ok
12:08:36.0072 4804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
12:08:36.0152 4804 SENS - ok
12:08:36.0172 4804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:08:36.0192 4804 SensrSvc - ok
12:08:36.0222 4804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
12:08:36.0252 4804 Serenum - ok
12:08:36.0292 4804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
12:08:36.0322 4804 Serial - ok
12:08:36.0342 4804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
12:08:36.0382 4804 sermouse - ok
12:08:36.0440 4804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:08:36.0514 4804 SessionEnv - ok
12:08:36.0544 4804 [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:08:36.0594 4804 sffdisk - ok
12:08:36.0624 4804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:08:36.0674 4804 sffp_mmc - ok
12:08:36.0694 4804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:08:36.0744 4804 sffp_sd - ok
12:08:36.0774 4804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
12:08:36.0804 4804 sfloppy - ok
12:08:36.0904 4804 [ 7F475425582163602EF1589C0071E521 ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
12:08:36.0934 4804 SftService - ok
12:08:36.0974 4804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:08:37.0074 4804 SharedAccess - ok
12:08:37.0114 4804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:08:37.0174 4804 ShellHWDetection - ok
12:08:37.0204 4804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:08:37.0224 4804 SiSRaid2 - ok
12:08:37.0254 4804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
12:08:37.0284 4804 SiSRaid4 - ok
12:08:37.0474 4804 [ 9F712B26EE3B0242DE997A42FD302E2C ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:08:37.0564 4804 Skype C2C Service - ok
12:08:37.0674 4804 [ F5BBEDF602C310B00036EB2DBF4348A5 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:08:37.0704 4804 SkypeUpdate - ok
12:08:37.0734 4804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:08:37.0814 4804 Smb - ok
12:08:37.0864 4804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:08:37.0924 4804 SNMPTRAP - ok
12:08:37.0964 4804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:08:37.0984 4804 spldr - ok
12:08:38.0044 4804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
12:08:38.0114 4804 Spooler - ok
12:08:38.0224 4804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
12:08:38.0344 4804 sppsvc - ok
12:08:38.0384 4804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:08:38.0464 4804 sppuinotify - ok
12:08:38.0524 4804 [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:08:38.0544 4804 sprtsvc_DellSupportCenter - ok
12:08:38.0584 4804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:08:38.0654 4804 srv - ok
12:08:38.0704 4804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:08:38.0744 4804 srv2 - ok
12:08:38.0764 4804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:08:38.0794 4804 srvnet - ok
12:08:38.0844 4804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:08:38.0934 4804 SSDPSRV - ok
12:08:38.0954 4804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:08:38.0994 4804 SstpSvc - ok
12:08:39.0124 4804 [ 444109453A2B87E6C16BCDA5953E81A9 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
12:08:39.0184 4804 STacSV - ok
12:08:39.0214 4804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
12:08:39.0234 4804 stexstor - ok
12:08:39.0274 4804 [ 02E784FA49032F84964DB90A3ED81890 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
12:08:39.0314 4804 STHDA - ok
12:08:39.0344 4804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
12:08:39.0394 4804 stisvc - ok
12:08:39.0414 4804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
12:08:39.0434 4804 swenum - ok
12:08:39.0474 4804 [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
12:08:39.0564 4804 swprv - ok
12:08:39.0614 4804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
12:08:39.0684 4804 SysMain - ok
12:08:39.0744 4804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:08:39.0794 4804 TabletInputService - ok
12:08:39.0844 4804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:08:39.0894 4804 TapiSrv - ok
12:08:39.0934 4804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
12:08:40.0024 4804 TBS - ok
12:08:40.0104 4804 [ 40AF23633D197905F03AB5628C558C51 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:08:40.0174 4804 Tcpip - ok
12:08:40.0214 4804 [ 40AF23633D197905F03AB5628C558C51 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:08:40.0264 4804 TCPIP6 - ok
12:08:40.0304 4804 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:08:40.0344 4804 tcpipreg - ok
12:08:40.0384 4804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:08:40.0434 4804 TDPIPE - ok
12:08:40.0464 4804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:08:40.0514 4804 TDTCP - ok
12:08:40.0544 4804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:08:40.0594 4804 tdx - ok
12:08:40.0634 4804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
12:08:40.0654 4804 TermDD - ok
12:08:40.0714 4804 [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
12:08:40.0804 4804 TermService - ok
12:08:40.0834 4804 [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
12:08:40.0874 4804 Themes - ok
12:08:40.0904 4804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
12:08:40.0944 4804 THREADORDER - ok
12:08:40.0964 4804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
12:08:41.0024 4804 TrkWks - ok
12:08:41.0104 4804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:08:41.0194 4804 TrustedInstaller - ok
12:08:41.0224 4804 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:08:41.0264 4804 tssecsrv - ok
12:08:41.0324 4804 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:08:41.0364 4804 TsUsbFlt - ok
12:08:41.0404 4804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:08:41.0474 4804 tunnel - ok
12:08:41.0504 4804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
12:08:41.0524 4804 uagp35 - ok
12:08:41.0574 4804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:08:41.0624 4804 udfs - ok
12:08:41.0664 4804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:08:41.0714 4804 UI0Detect - ok
12:08:41.0754 4804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:08:41.0774 4804 uliagpkx - ok
12:08:41.0814 4804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
12:08:41.0854 4804 umbus - ok
12:08:41.0914 4804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
12:08:41.0934 4804 UmPass - ok
12:08:41.0954 4804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
12:08:42.0044 4804 upnphost - ok
12:08:42.0084 4804 [ DCA68B0943D6FA415F0C56C92158A83A ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:08:42.0144 4804 usbccgp - ok
12:08:42.0184 4804 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:08:42.0244 4804 usbcir - ok
12:08:42.0274 4804 [ 18A85013A3E0F7E1755365D287443965 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:08:42.0284 4804 usbehci - ok
12:08:42.0344 4804 [ 8D1196CFBB223621F2C67D45710F25BA ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:08:42.0374 4804 usbhub - ok
12:08:42.0394 4804 [ 765A92D428A8DB88B960DA5A8D6089DC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:08:42.0424 4804 usbohci - ok
12:08:42.0474 4804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:08:42.0524 4804 usbprint - ok
12:08:42.0574 4804 [ 9661DA76B4531B2DA272ECCE25A8AF24 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
12:08:42.0624 4804 usbscan - ok
12:08:42.0664 4804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:08:42.0694 4804 USBSTOR - ok
12:08:42.0764 4804 [ DD253AFC3BC6CBA412342DE60C3647F3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:08:42.0804 4804 usbuhci - ok
12:08:42.0864 4804 [ 1F775DA4CF1A3A1834207E975A72E9D7 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
12:08:42.0934 4804 usbvideo - ok
12:08:42.0954 4804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
12:08:43.0034 4804 UxSms - ok
12:08:43.0044 4804 [ 4D71227301DD8D09097B9E4CC6527E5A ] VaultSvc        C:\Windows\system32\lsass.exe
12:08:43.0064 4804 VaultSvc - ok
12:08:43.0094 4804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:08:43.0104 4804 vdrvroot - ok
12:08:43.0154 4804 [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
12:08:43.0214 4804 vds - ok
12:08:43.0244 4804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:08:43.0284 4804 vga - ok
12:08:43.0314 4804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:08:43.0354 4804 VgaSave - ok
12:08:43.0384 4804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:08:43.0404 4804 vhdmp - ok
12:08:43.0434 4804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:08:43.0444 4804 viaide - ok
12:08:43.0464 4804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:08:43.0484 4804 volmgr - ok
12:08:43.0534 4804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:08:43.0564 4804 volmgrx - ok
12:08:43.0574 4804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:08:43.0594 4804 volsnap - ok
12:08:43.0634 4804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
12:08:43.0664 4804 vsmraid - ok
12:08:43.0724 4804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
12:08:43.0814 4804 VSS - ok
12:08:43.0844 4804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:08:43.0884 4804 vwifibus - ok
12:08:43.0914 4804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:08:43.0934 4804 vwififlt - ok
12:08:43.0974 4804 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:08:44.0004 4804 vwifimp - ok
12:08:44.0054 4804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
12:08:44.0114 4804 W32Time - ok
12:08:44.0134 4804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
12:08:44.0184 4804 WacomPen - ok
12:08:44.0254 4804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:08:44.0314 4804 WANARP - ok
12:08:44.0324 4804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:08:44.0364 4804 Wanarpv6 - ok
12:08:44.0444 4804 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:08:44.0494 4804 WatAdminSvc - ok
12:08:44.0564 4804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
12:08:44.0894 4804 wbengine - ok
12:08:44.0934 4804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:08:44.0994 4804 WbioSrvc - ok
12:08:45.0044 4804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:08:45.0094 4804 wcncsvc - ok
12:08:45.0114 4804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:08:45.0164 4804 WcsPlugInService - ok
12:08:45.0224 4804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
12:08:45.0254 4804 Wd - ok
12:08:45.0304 4804 [ E2C933EDBC389386EBE6D2BA953F43D8 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:08:45.0344 4804 Wdf01000 - ok
12:08:45.0354 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:08:45.0464 4804 WdiServiceHost - ok
12:08:45.0474 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:08:45.0494 4804 WdiSystemHost - ok
12:08:45.0544 4804 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D ] WebClient       C:\Windows\System32\webclnt.dll
12:08:45.0594 4804 WebClient - ok
12:08:45.0634 4804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:08:45.0684 4804 Wecsvc - ok
12:08:45.0704 4804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:08:45.0784 4804 wercplsupport - ok
12:08:45.0814 4804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:08:45.0864 4804 WerSvc - ok
12:08:45.0894 4804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:08:45.0934 4804 WfpLwf - ok
12:08:45.0974 4804 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
12:08:45.0994 4804 WimFltr - ok
12:08:46.0014 4804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:08:46.0034 4804 WIMMount - ok
12:08:46.0094 4804 WinDefend - ok
12:08:46.0124 4804 WinHttpAutoProxySvc - ok
12:08:46.0194 4804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:08:46.0414 4804 Winmgmt - ok
12:08:46.0514 4804 [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
12:08:46.0604 4804 WinRM - ok
12:08:46.0684 4804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
12:08:46.0714 4804 WinUsb - ok
12:08:46.0764 4804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:08:46.0834 4804 Wlansvc - ok
12:08:46.0974 4804 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:08:47.0044 4804 wlidsvc - ok
12:08:47.0074 4804 [ 13B0A570E1AE451C92DA550085D72CF3 ] wltrysvc        C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
12:08:47.0104 4804 wltrysvc ( UnsignedFile.Multi.Generic ) - warning
12:08:47.0104 4804 wltrysvc - detected UnsignedFile.Multi.Generic (1)
12:08:47.0154 4804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
12:08:47.0194 4804 WmiAcpi - ok
12:08:47.0244 4804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:08:47.0294 4804 wmiApSrv - ok
12:08:47.0334 4804 WMPNetworkSvc - ok
12:08:47.0394 4804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:08:47.0424 4804 WPCSvc - ok
12:08:47.0464 4804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:08:47.0484 4804 WPDBusEnum - ok
12:08:47.0514 4804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:08:47.0554 4804 ws2ifsl - ok
12:08:47.0594 4804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
12:08:47.0614 4804 wscsvc - ok
12:08:47.0624 4804 WSearch - ok
12:08:47.0714 4804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:08:47.0784 4804 wuauserv - ok
12:08:47.0824 4804 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:08:47.0874 4804 WudfPf - ok
12:08:47.0894 4804 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:08:47.0934 4804 WUDFRd - ok
12:08:47.0944 4804 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:08:47.0994 4804 wudfsvc - ok
12:08:48.0024 4804 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:08:48.0054 4804 WwanSvc - ok
12:08:48.0104 4804 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
12:08:48.0154 4804 yukonw7 - ok
12:08:48.0194 4804 ================ Scan global ===============================
12:08:48.0224 4804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:08:48.0274 4804 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:08:48.0284 4804 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
12:08:48.0314 4804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:08:48.0354 4804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:08:48.0364 4804 [Global] - ok
12:08:48.0364 4804 ================ Scan MBR ==================================
12:08:48.0384 4804 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
12:08:48.0754 4804 \Device\Harddisk0\DR0 - ok
12:08:48.0754 4804 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
12:08:48.0874 4804 \Device\Harddisk2\DR2 - ok
12:08:48.0874 4804 ================ Scan VBR ==================================
12:08:48.0904 4804 [ CE1660B4A78827026EAB557BE1BFE095 ] \Device\Harddisk0\DR0\Partition1
12:08:48.0904 4804 \Device\Harddisk0\DR0\Partition1 - ok
12:08:48.0924 4804 [ AB9B8CB3F69A4BE35751DE4EB1FD0CBD ] \Device\Harddisk0\DR0\Partition2
12:08:48.0924 4804 \Device\Harddisk0\DR0\Partition2 - ok
12:08:48.0934 4804 [ A7FBC5B401414E9DF540D73A878D8B66 ] \Device\Harddisk2\DR2\Partition1
12:08:48.0934 4804 \Device\Harddisk2\DR2\Partition1 - ok
12:08:48.0934 4804 ============================================================
12:08:48.0934 4804 Scan finished
12:08:48.0934 4804 ============================================================
12:08:48.0964 5556 Detected object count: 2
12:08:48.0964 5556 Actual detected object count: 2
12:12:18.0629 5556 DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:18.0629 5556 DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:12:18.0639 5556 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user
12:12:18.0639 5556 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:16:47.0763 2472 Deinitialize success

Edited by kangaroo, 26 January 2014 - 07:56 PM.

Advertisements

Register to Remove

#17 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 January 2014 - 09:15 PM

Nothing "scary" there. The scan was just saying that those two programs are potentially "risky" because the files are unsigned. It is not unusual for 3rd party programs not to go to the expense of getting signed certificates. This becomes more of an issue with windows 8 - which will decline to run them without modification.

The important thing is not rootkits found.

Let's take a different scan for "big" nasties.

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it. If asked to download Avast's database please do so.

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#18 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 26 January 2014 - 11:20 PM

MBR.zip 572bytes 207 downloads

Hi Tomk,

I've done that with one hiccup: There didn't seem to be any progress in the scan for some time so I clicked to save the log file. No sooner had I done that than the scan progressed to another file. So I went and left it until I saw the completed message. I then created the log file again and that follows. I've also attached the mbr.zip as requested.

I hope my interference in the scanning has not corrupted the results.

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-01-27 15:28:57
-----------------------------
15:28:57.693    OS Version: Windows x64 6.1.7601 Service Pack 1
15:28:57.693    Number of processors: 2 586 0x170A
15:28:57.693    ComputerName: HEATHER-PC UserName: Heather
15:28:58.835    Initialize success
15:29:01.695    AVAST engine defs: 14011701
15:29:26.485    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:29:26.495    Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3
15:29:26.655    Disk 0 MBR read successfully
15:29:26.665    Disk 0 MBR scan
15:29:26.675    Disk 0 Windows VISTA default MBR code
15:29:26.675    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
15:29:26.685    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        15000 MB offset 81920
15:29:26.695    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       461899 MB offset 30801920
15:29:26.725    Disk 0 scanning C:\Windows\system32\drivers
15:29:38.349    Service scanning
15:30:00.824    Modules scanning
15:30:00.834    Disk 0 trace - called modules:
15:30:00.874    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:30:00.884    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004568060]
15:30:00.904    3 CLASSPNP.SYS[fffff880015ca43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80040f9050]
15:30:01.954    AVAST engine scan C:\Windows
15:30:05.486    AVAST engine scan C:\Windows\system32
15:32:57.610    AVAST engine scan C:\Windows\system32\drivers
15:33:13.778    AVAST engine scan C:\Users\Heather
15:36:14.608    Disk 0 MBR has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\MBR.dat"
15:36:14.623    The log file has been saved successfully to "C:\Users\Heather\Desktop\Clean-Up\aswMBR_Log.txt"

Edited by kangaroo, 26 January 2014 - 11:20 PM.

#19 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 26 January 2014 - 11:59 PM

I'm not certain what happened there... but the log looks right. And clean.

I'd like you to run Combofix one more time - just by double clicking like you did originally (no script) and post the log.

Then please tell me how things seem to be running.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#20 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 27 January 2014 - 01:12 AM

Hi Tomk,

I've run ComboFix and the log is at the end of this post.

I'm really stumped by the erratic behaviour of Outlook.com and don't know what could be causing it. Here is what I just tried.

When I open IE10, it opens the Outlook.com Inbox BUT:

1. It displays the folder list and the message list but never displays the top, highlighted message in the reading pane (which remains blank) just showing the waiting donut beside the mouse pointer. And I cannot open any other folder; there are just a set of white dots progressing across the top of the blue menu bar of Outlook.com (Outlook | New | Reply | etc.).

2. If I click on the stub to open a new tab, the second tab opens and displays the home page (the Outlook.com Inbox NOT a blank page as I expect); strangely, this tab displays the top, highlighted message in the reading pane and I can open other folders and display the top, highlighted messages in them in the reading pane. HOWEVER, I can click on another message in a folder and that displays in the reading pane BUT the progressing white dots across the top of the blue menu bar appear and I can do nothing else.

Once the Outlook.com tab is "locked" I can still type an URL into the address bar and browse other sites.

Once I went to another site, I used the back button to go back to Outlook.com; again strange! I had the folder list, the reading pane and the contact panel BUT no message list! I then went into settings, couldn't see any way to set the layout. So I clicked on Inbox and went back to the Inbox with the original layout: folder list, message list and reading pane.

One of the messages I had displayed in the reading pane had a link to an outside site. Originally, I couldn't get these links to open but just now, the link opened in a new window, as it should.

I don't know if all this strange and erratic behaviour in Outlook.com is down to IE10 or Outlook.com or some weird infection. Whatever, Outlook.com is essentially useless on this PC.

Here is the ComboFix log:

ComboFix 14-01-23.02 - Heather 27/01/2014 17:21:58.5.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2285 [GMT 11:00]
Running from: c:\users\Heather\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\user32.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-27 to 2014-01-27 )))))))))))))))))))))))))))))))
.
.
2014-01-27 06:28 . 2014-01-27 06:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-01-27 06:28 . 2014-01-27 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys
2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2
2014-01-25 03:48 . 2014-01-27 06:29 -------- d-----w- c:\windows\system32\wbem\repository
2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision
2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys
2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-26 04:03 . 2014-01-25 02:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll
2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr
2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-04 03:28 . 2014-01-24 09:51 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll
2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-10-30 02:32 . 2013-12-11 19:35 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 19:35 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]
.
c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
.
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]
.
2014-01-17 c:\windows\Tasks\SpeedMaxPc Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job
- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://col125.mail....64855&rru=inbox
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{19347375-B14A-4420-84B0-48E9ED1CA495}: NameServer = 123.200.191.17 123.200.191.18
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2014-01-27 17:36:13 - machine was rebooted
ComboFix-quarantined-files.txt 2014-01-27 06:36
ComboFix2.txt 2014-01-26 11:12
ComboFix3.txt 2014-01-25 07:44
ComboFix4.txt 2014-01-24 03:53
.
Pre-Run: 424,488,472,576 bytes free
Post-Run: 424,294,551,552 bytes free
.
- - End Of File - - BEA021D3997ADB69281B4179ECEA7D49

#21 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 27 January 2014 - 01:37 AM

I don't know what is causing the erratic behavior with outlook.com, but (at least in my head) I think the Tech Team might have ideas... but that must be after we know you're malware free.

Infected copy of c:\windows\SysWow64\user32.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache86\user32.dll

This still appears in your CF log (again) which indicates that the replacement file is not clean.

Let's see if we can find another one.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind

user32.dll
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#22 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 27 January 2014 - 05:19 AM

Hi Tomk,

Done. Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 21:59 on 27/01/2014 by Heather
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "user32.dll"
C:\Windows\ERDNT\cache64\user32.dll --a---- 1008128 bytes [02:48 22/07/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\ERDNT\cache86\user32.dll --a---- 833024 bytes [02:48 22/07/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\System32\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\SysWOW64\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --a---- 1008640 bytes [23:38 13/07/2009] [01:41 14/07/2009] 72D7B3EA16946E8F0CF7458150031CC6
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --a---- 1008128 bytes [04:27 08/03/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --a---- 833024 bytes [23:24 13/07/2009] [01:11 14/07/2009] E8B0FFC209E504CB7E79FC24E6C085F0
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --a---- 833024 bytes [04:27 08/03/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3

-= EOF =-

#23 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 27 January 2014 - 09:09 AM

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


FCopy::

C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll | c:\windows\SysWow64\user32.dll

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#24 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 27 January 2014 - 11:02 PM

^{Hi Tomk,}

^{I've done that and this time I had worked out how to turn off Windows Defender as well. Sorry about the delay but I had a 5.00am start to milk the goats and then get my wife into town for medical appointments and have only just now got back online.}

^{Here is the ComboFix log:}

^{ComboFix 14-01-23.02 - Heather 28/01/2014 15:35:03.6.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.61.1033.18.4092.2757 [GMT 11:00]

Running from: c:\users\Heather\Desktop\ComboFix.exe

Command switches used :: c:\users\Heather\Desktop\CFScript.txt

AV: avast! Internet Security *Disabled/Outdated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

SP: avast! Internet Security *Disabled/Outdated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected

Restored copy from - c:\windows\ERDNT\cache86\userinit.exe

.

.

--------------- FCopy ---------------

.

c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWow64\user32.dll

.

(((((((((((((((((((((((((   Files Created from 2013-12-28 to 2014-01-28 )))))))))))))))))))))))))))))))

.

.

2014-01-28 04:41 . 2014-01-28 04:41 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-01-28 04:41 . 2014-01-28 04:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-26 10:58 . 2009-07-14 01:52 24128 ----a-w- c:\windows\SysWow64\drivers\atapi.sys

2014-01-25 03:59 . 2014-01-25 04:06 -------- d-----w- c:\windows\system32\catroot2

2014-01-25 03:48 . 2014-01-28 04:42 -------- d-----w- c:\windows\system32\wbem\repository

2014-01-25 03:47 . 2014-01-25 03:47 -------- d-----w- c:\windows\SysWow64\wbem\Performance

2014-01-25 03:42 . 2014-01-25 03:54 181064 ----a-w- c:\windows\PSEXESVC.EXE

2014-01-25 02:52 . 2014-01-25 02:52 -------- d-----w- c:\program files (x86)\Tweaking.com

2014-01-25 02:44 . 2014-01-26 04:03 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\offreg.dll

2014-01-24 09:51 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BA47C84-3365-43A7-8D22-2ACAE952C5CD}\mpengine.dll

2014-01-15 23:45 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2014-01-15 23:45 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2014-01-15 23:45 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2014-01-15 23:45 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2014-01-15 23:45 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2014-01-15 23:45 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2014-01-15 23:45 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2014-01-15 23:45 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys

2014-01-15 23:40 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2014-01-12 20:14 . 2014-01-12 20:15 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-01-10 08:08 . 2013-10-25 06:17 148992 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll

2014-01-09 07:18 . 2014-01-09 07:18 -------- d-----w- c:\users\Heather\AppData\Roaming\Macrovision

2014-01-07 03:26 . 2009-09-10 04:31 117248 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys

2014-01-07 03:26 . 2009-09-04 04:13 216576 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

2014-01-07 03:26 . 2009-07-24 04:52 114560 ----a-w- c:\windows\system32\drivers\ewusbdev.sys

2014-01-07 03:26 . 2007-08-08 17:10 29696 ----a-w- c:\windows\system32\drivers\ewdcsc.sys

2014-01-07 03:26 . 2014-01-07 03:27 -------- d-----w- c:\program files (x86)\Virgin Mobile

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-15 23:55 . 2010-02-07 23:17 86054176 ----a-w- c:\windows\system32\MRT.exe

2014-01-13 08:14 . 2013-03-13 20:02 439648 ----a-w- c:\windows\system32\drivers\aswndisflt.sys

2014-01-12 20:14 . 2013-03-13 20:03 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2014-01-12 20:14 . 2011-03-05 09:40 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-01-12 20:14 . 2011-03-05 09:40 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-01-12 20:14 . 2011-03-05 09:40 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-01-12 20:14 . 2011-03-05 09:40 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-01-12 20:14 . 2011-03-05 09:40 43152 ----a-w- c:\windows\avastSS.scr

2013-12-17 19:13 . 2011-03-05 09:36 270496 ------w- c:\windows\system32\MpSigStub.exe

2013-12-10 21:48 . 2012-11-07 03:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 21:48 . 2012-11-07 03:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-11-23 18:26 . 2013-12-11 19:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-11 19:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-11-20 04:09 . 2013-03-13 20:03 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-11-20 04:09 . 2012-02-24 22:06 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-11-20 04:09 . 2012-09-06 22:32 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys

2013-11-12 02:23 . 2013-12-11 19:32 2048 ----a-w- c:\windows\system32\tzres.dll

2013-11-12 02:07 . 2013-12-11 19:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2013-10-31 06:46 . 2013-01-19 05:08 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2013-10-31 06:46 . 2013-01-19 05:08 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-22 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\11\ISUSPM.exe" [2008-09-26 210208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]

"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]

"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-19 494064]

"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-12 3764024]

.

c:\users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-22 1316192]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-22 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

.

R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S3 CryptOSD;Phoenix CryptOSD Device Driver;c:\windows\system32\DRIVERS\CryptOSD.sys;c:\windows\SYSNATIVE\DRIVERS\CryptOSD.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys;c:\windows\SYSNATIVE\DRIVERS\TVMonitor.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-16 21:32 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-07 21:48]

.

2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]

.

2014-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 08:43]

.

2014-01-27 c:\windows\Tasks\SpeedMaxPc Registration3.job

- c:\windows\system32\rundll32.exe [2009-07-13 01:14]

.

2014-01-25 c:\windows\Tasks\SpeedMaxPc Update3.job

- c:\program files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-11 22:39]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-01-12 20:14 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]

"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://col125.mail....64855&rru=inbox

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

AddRemove-{EF4F8650-7710-4CA0-831D-4AA9C1CF6D87} - c:\users\Heather\Desktop\SpeedMaxPc\uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe

.

**************************************************************************

.

Completion time: 2014-01-28 15:47:57 - machine was rebooted

ComboFix-quarantined-files.txt 2014-01-28 04:47

ComboFix2.txt 2014-01-27 06:36

ComboFix3.txt 2014-01-26 11:12

ComboFix4.txt 2014-01-25 07:44

ComboFix5.txt 2014-01-28 04:32

.

Pre-Run: 424,360,439,808 bytes free

Post-Run: 424,152,440,832 bytes free

.

- - End Of File - - 04CF0E53816D95B49AD0FDBF3D4D120A}

#25 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 27 January 2014 - 11:34 PM

I've done that and this time I had worked out how to turn off Windows Defender as well. Sorry about the delay but I had a 5.00am start to milk the goats and then get my wife into town for medical appointments and have only just now got back online.

Don't worry about it. I'm not here all day. I just check in when I'm near a computer.

I don't have any goats to feed... just cows and sheep and my wife doesn't have any medical appointments this week.

Which is good because it gave me time to remove and replace a fuel injection pump in the pickup.

Anyhow... back to your computer.

As you can see a new system file was found infected again. Not good. This seems alot like a file infector but I'm not finding any rootkits or things like that. Let's try a different scan.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

Advertisements

Register to Remove

#26 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 28 January 2014 - 12:14 AM

Hi Tomk,

It's nice to get some of those chores out of the way! I really appreciate how quickly you have responded.

Here is the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
Ran by Heather (administrator) on HEATHER-PC on 28-01-2014 16:58:32
Running from C:\Users\Heather\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dell Inc.) C:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-29] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-17] (Dell Inc.)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-06-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-25] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] - C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [494064 2009-06-19] ()
HKLM-x32\...\Run: [DellSupportCenter] - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-22] (SupportSoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-13] (AVAST Software)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-22] (Google Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKCU\...\Run: [ISUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe [210208 2008-09-27] (Acresso Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Heather\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://col125.mail....64855&rru=inbox
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchKeyword: google.com.au
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\TotalRecipeSearch_14\bar\1.bin\NP14Stub.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-03]
CHR Extension: (Google Search) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-03]
CHR Extension: (avast! Online Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-05-19]
CHR Extension: (Skype Click to Call) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-05-19]
CHR Extension: (Google Wallet) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
CHR Extension: (Gmail) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-03]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-13] (AVAST Software)
S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-13] (AVAST Software)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-29] (IDT, Inc.)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-17] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-11-20] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-13] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-13] ()
R3 CryptOSD; C:\Windows\System32\DRIVERS\CryptOSD.sys [431488 2009-06-25] (Phoenix Technologies)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U5 aswNdisFlt; C:\Windows\System32\Drivers\aswNdisFlt.sys [439648 2014-01-13] (AVAST Software)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-01-28 16:58 - 2014-01-28 16:59 - 00014676 _____ C:\Users\Heather\Desktop\FRST.txt
2014-01-28 16:58 - 2014-01-28 16:58 - 00000000 ____D C:\FRST
2014-01-28 16:58 - 2014-01-28 16:55 - 02079232 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-01-28 15:47 - 2014-01-28 15:47 - 00015618 _____ C:\ComboFix.txt
2014-01-28 15:33 - 2009-04-20 15:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 21:59 - 2014-01-27 22:02 - 00003234 _____ C:\Users\Heather\Desktop\SystemLook.txt
2014-01-27 21:58 - 2014-01-27 21:43 - 00139264 _____ C:\Users\Heather\Desktop\SystemLook.exe
2014-01-27 15:28 - 2014-01-27 15:24 - 04745728 _____ (AVAST Software) C:\Users\Heather\Desktop\aswMBR.exe
2014-01-27 12:06 - 2014-01-27 11:43 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\tdsskiller.exe
2014-01-26 21:58 - 2009-07-14 12:52 - 00024128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Drivers\atapi.sys
2014-01-26 21:55 - 2014-01-24 12:34 - 05175240 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-01-25 14:42 - 2014-01-25 14:54 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-25 13:52 - 2014-01-25 13:52 - 00002117 _____ C:\Users\Heather\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-25 13:49 - 2014-01-25 09:06 - 05048198 _____ C:\Users\Heather\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-25 13:40 - 2014-01-28 16:58 - 00000000 ____D C:\Users\Heather\Desktop\Clean-Up
2014-01-24 14:39 - 2014-01-28 15:48 - 00000000 ____D C:\Qoobox
2014-01-24 14:39 - 2011-06-26 17:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-24 14:39 - 2010-11-08 04:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-24 14:39 - 2000-08-31 11:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-20 11:54 - 2014-01-20 11:59 - 00000000 ____D C:\Users\Heather\Downloads\Avast Internet Security
2014-01-20 11:28 - 2014-01-20 11:28 - 00001737 _____ C:\Users\Heather\Desktop\License_14617881.avastlic
2014-01-16 10:45 - 2013-11-27 12:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 10:45 - 2013-11-27 12:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 10:45 - 2013-11-26 21:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-16 10:40 - 2013-11-26 22:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-13 20:05 - 2014-01-13 20:06 - 05519212 _____ C:\Users\Heather\Downloads\Master Tradesmen at Work.zip
2014-01-13 16:23 - 2014-01-13 16:23 - 01876510 _____ C:\Users\Heather\Downloads\Pas-mal-le-depanneur11.mp4
2014-01-13 07:14 - 2014-01-13 07:15 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-10 19:09 - 2013-10-25 17:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-01-10 19:09 - 2013-10-25 17:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-01-10 19:09 - 2013-10-25 17:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-01-10 19:09 - 2013-10-25 15:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-01-10 19:09 - 2013-10-25 15:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-01-10 19:09 - 2013-10-25 14:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-10 19:09 - 2013-10-25 14:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-01-10 19:09 - 2013-10-25 13:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-01-10 19:08 - 2013-10-25 17:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-01-10 19:08 - 2013-10-25 17:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-01-10 19:08 - 2013-10-25 17:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-01-10 19:08 - 2013-10-25 17:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-01-10 19:08 - 2013-10-25 17:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-01-10 19:08 - 2013-10-25 15:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-01-10 19:08 - 2013-10-25 15:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-01-10 19:08 - 2013-10-25 15:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-01-10 19:08 - 2013-10-25 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-01-09 18:21 - 2014-01-25 13:57 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-09 18:18 - 2014-01-09 18:18 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Macrovision
2014-01-07 16:06 - 2014-01-07 16:06 - 00002262 _____ C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
2014-01-07 14:26 - 2014-01-07 14:27 - 00000000 ____D C:\Program Files (x86)\Virgin Mobile
2014-01-07 14:26 - 2014-01-07 14:26 - 00001025 _____ C:\Users\Public\Desktop\Virgin Mobile.lnk
2014-01-07 14:26 - 2009-09-10 15:31 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-01-07 14:26 - 2009-09-04 15:13 - 00216576 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbnet.sys
2014-01-07 14:26 - 2009-07-24 15:52 - 00114560 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbdev.sys
2014-01-07 14:26 - 2007-08-09 04:10 - 00029696 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-01-07 10:29 - 2014-01-28 15:42 - 00065536 _____ C:\Windows\system32\Ikeext.etl

==================== One Month Modified Files and Folders =======

2014-01-28 16:59 - 2014-01-28 16:58 - 00014676 _____ C:\Users\Heather\Desktop\FRST.txt
2014-01-28 16:58 - 2014-01-28 16:58 - 00000000 ____D C:\FRST
2014-01-28 16:58 - 2014-01-25 13:40 - 00000000 ____D C:\Users\Heather\Desktop\Clean-Up
2014-01-28 16:55 - 2014-01-28 16:58 - 02079232 _____ (Farbar) C:\Users\Heather\Desktop\FRST64.exe
2014-01-28 16:47 - 2012-11-07 14:23 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-28 16:31 - 2010-07-20 19:43 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-28 15:48 - 2014-01-24 14:39 - 00000000 ____D C:\Qoobox
2014-01-28 15:48 - 2009-07-14 16:10 - 01958086 _____ C:\Windows\WindowsUpdate.log
2014-01-28 15:48 - 2009-07-14 15:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 15:48 - 2009-07-14 15:45 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-28 15:47 - 2014-01-28 15:47 - 00015618 _____ C:\ComboFix.txt
2014-01-28 15:47 - 2009-07-14 16:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-28 15:43 - 2011-07-22 13:36 - 00000000 ____D C:\Windows\ERDNT
2014-01-28 15:43 - 2010-07-20 19:43 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-28 15:43 - 2009-07-14 13:34 - 00000215 _____ C:\Windows\system.ini
2014-01-28 15:42 - 2014-01-07 10:29 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2014-01-28 15:42 - 2013-06-12 12:23 - 00022468 _____ C:\Windows\setupact.log
2014-01-28 15:42 - 2009-12-02 01:59 - 00618478 _____ C:\Windows\PFRO.log
2014-01-28 15:42 - 2009-07-14 16:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 15:24 - 2010-02-08 16:56 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Skype
2014-01-28 15:23 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\tracing
2014-01-27 22:02 - 2014-01-27 21:59 - 00003234 _____ C:\Users\Heather\Desktop\SystemLook.txt
2014-01-27 21:43 - 2014-01-27 21:58 - 00139264 _____ C:\Users\Heather\Desktop\SystemLook.exe
2014-01-27 18:00 - 2013-10-06 18:13 - 00000468 _____ C:\Windows\Tasks\SpeedMaxPc Registration3.job
2014-01-27 15:24 - 2014-01-27 15:28 - 04745728 _____ (AVAST Software) C:\Users\Heather\Desktop\aswMBR.exe
2014-01-27 11:50 - 2010-02-08 08:00 - 00000000 ____D C:\Users\Heather\AppData\Local\SoftThinks
2014-01-27 11:43 - 2014-01-27 12:06 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Heather\Desktop\tdsskiller.exe
2014-01-25 14:58 - 2010-02-08 08:00 - 00068328 _____ C:\Users\Heather\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-25 14:57 - 2009-07-14 15:45 - 00310896 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-25 14:54 - 2014-01-25 14:42 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-25 14:51 - 2009-07-14 13:34 - 00000439 _____ C:\Windows\win.ini
2014-01-25 13:57 - 2014-01-09 18:21 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 13:57 - 2011-12-27 11:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 13:52 - 2014-01-25 13:52 - 00002117 _____ C:\Users\Heather\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-01-25 13:52 - 2014-01-25 13:52 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2014-01-25 13:39 - 2013-10-06 18:13 - 00000426 _____ C:\Windows\Tasks\SpeedMaxPc Update3.job
2014-01-25 13:39 - 2012-07-08 14:45 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2014-01-25 09:06 - 2014-01-25 13:49 - 05048198 _____ C:\Users\Heather\Desktop\tweaking.com_windows_repair_aio_setup.exe
2014-01-24 14:50 - 2009-07-14 13:34 - 00000027 _____ C:\Windows\system32\Drivers\etc\hosts_bak_798
2014-01-24 12:34 - 2014-01-26 21:55 - 05175240 ____R (Swearware) C:\Users\Heather\Desktop\ComboFix.exe
2014-01-20 11:59 - 2014-01-20 11:54 - 00000000 ____D C:\Users\Heather\Downloads\Avast Internet Security
2014-01-20 11:28 - 2014-01-20 11:28 - 00001737 _____ C:\Users\Heather\Desktop\License_14617881.avastlic
2014-01-20 11:26 - 2012-12-28 23:37 - 00000000 ____D C:\Users\Heather\Downloads\maintenance
2014-01-16 10:57 - 2009-12-02 00:14 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 10:56 - 2013-07-25 18:47 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 10:55 - 2010-02-08 10:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 20:06 - 2014-01-13 20:05 - 05519212 _____ C:\Users\Heather\Downloads\Master Tradesmen at Work.zip
2014-01-13 19:14 - 2013-03-14 07:02 - 00439648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswndisflt.sys
2014-01-13 16:23 - 2014-01-13 16:23 - 01876510 _____ C:\Users\Heather\Downloads\Pas-mal-le-depanneur11.mp4
2014-01-13 13:40 - 2009-07-14 16:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-13 07:15 - 2014-01-13 07:14 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-13 07:15 - 2013-11-20 15:10 - 00002034 _____ C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-01-13 07:15 - 2013-01-19 16:02 - 00001974 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2014-01-13 07:14 - 2013-03-14 07:03 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-13 07:14 - 2011-03-05 20:40 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-13 07:14 - 2011-03-05 20:40 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-09 18:18 - 2014-01-09 18:18 - 00000000 ____D C:\Users\Heather\AppData\Roaming\Macrovision
2014-01-08 08:17 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\system32\NDF
2014-01-07 18:50 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\rescache
2014-01-07 16:18 - 2009-07-14 14:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-07 16:06 - 2014-01-07 16:06 - 00002262 _____ C:\Users\Heather\Desktop\HP Deskjet 3050 J610 series.lnk
2014-01-07 14:27 - 2014-01-07 14:26 - 00000000 ____D C:\Program Files (x86)\Virgin Mobile
2014-01-07 14:26 - 2014-01-07 14:26 - 00001025 _____ C:\Users\Public\Desktop\Virgin Mobile.lnk
2013-12-31 08:50 - 2010-02-08 16:53 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-12-30 11:25 - 2009-07-14 16:08 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-01-20 10:17

==================== End Of Log ============================

And here is the Addition Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
Ran by Heather at 2014-01-28 16:59:42
Running from C:\Users\Heather\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: avast! Internet Security (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Advanced Audio FX Engine (x32 Version: 1.12.05 - Creative Technology Ltd)
ATI Catalyst Control Center (x32 Version: 2.009.0625.1811 - )
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0625.1812.30825 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help English (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help French (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help German (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0625.1811.30825 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
ccc-utility64 (Version: 2009.0625.1812.30825 - ATI) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
CutePDF Writer 2.8 (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (x32 Version: 2.31 - Dell)
Dell DataSafe Local Backup (x32 Version: 9.3.44 - Dell)
Dell DataSafe Online (x32 Version: 1.2.0009 - Dell, Inc.)
Dell Dock (Version: 2.0.0 - Dell)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (x32 Version: 1.00.0000 - Dell Inc.)
Dell Remote Access (x32 Version: 1.3.0.0 - Dell Inc.)
Dell Support Center (Support Software) (x32 Version: 2.5.09100 - Dell)
Dell Touchpad (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (x32 Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (Version: 5.30.21.0 - Dell Inc.)
ESET Online Scanner v3 (x32 Version: - )
Eureka's Jigsaw Mania (x32 Version: 2.00.000 - )
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (x32 Version: - )
HP Deskjet 3050 J610 series Basic Device Software (Version: 22.50.231.0 - Hewlett-Packard Co.)
Intel® Rapid Storage Technology (x32 Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (x32 Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (Version: 9.6.6 - Dell Inc.)
Roxio Burn (x32 Version: 1.0 - Roxio)
Roxio Burn (x32 Version: 1.0.0 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
Skins (x32 Version: 2009.0625.1812.30825 - ATI) Hidden
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
SpeedMaxPc (x32 Version: 3.1.8.0 - SpeedMaxPc)
Tweaking.com - Windows Repair (All in One) (x32 Version: 2.1.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
Virgin Mobile (x32 Version: 13.001.07.01.261 - Huawei Technologies Co.,Ltd)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points =========================

09-01-2014 07:23:24 Windows Update
10-01-2014 08:07:52 Windows Update
12-01-2014 20:11:55 avast! antivirus system restore point
12-01-2014 20:15:19 Device Driver Package Install: Avast Network Service
14-01-2014 06:07:38 Windows Update
15-01-2014 23:54:52 Windows Update
19-01-2014 22:33:20 OTL Restore Point - 1/20/2014 9:33:15 AM
24-01-2014 03:39:56 ComboFix created restore point
24-01-2014 09:51:28 Windows Update
25-01-2014 03:40:41 Tweaking.com - Windows Repair
27-01-2014 06:20:15 ComboFix created restore point

==================== Hosts content: ==========================

2009-07-14 13:34 - 2014-01-28 15:43 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {232B918B-4658-4C45-B84D-55A663236425} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {5ED5CE0E-7740-4F3D-ACEF-26BA7A04FB28} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-13] (AVAST Software)
Task: {6ABA36F1-EF9C-4958-9A72-489A00CAB572} - System32\Tasks\{B2E300FB-7D68-48E7-A389-4F102881EDCA} => Iexplore.exe http://ui.skype.com/...all?page=tsBing
Task: {7755D4C7-BAAE-4109-846D-3209222FE9F8} - System32\Tasks\{F54107BC-3680-4B09-A598-02ECE796B436} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {91312BE9-0128-4EC8-BEE7-00258E8B408D} - System32\Tasks\{2236765F-459C-4767-80C7-584ED9EAAE47} => Iexplore.exe http://ui.skype.com/...all?page=tsBing
Task: {9C63010B-64BA-4C4D-AB07-D44CB107C020} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {B8D7B697-E3E2-41F6-95FC-CD08CEE701B5} - System32\Tasks\SpeedMaxPc Update3 => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe [2013-09-12] (SpeedMaxPc)
Task: {C0EA7AB7-E282-466D-AD6F-AF3871106211} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20] (Google Inc.)
Task: {C988EE6E-E1AB-4CA4-8069-27F00CA8FBA2} - System32\Tasks\SpeedMaxPc Registration3 => Rundll32.exe "C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll" RunUns
Task: {DC506885-2474-454B-B038-20AF9C5387CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {EEAD91E1-F935-4A0E-BA96-6AF76D570BED} - System32\Tasks\DGTFM1K1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-17] (Dell Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SpeedMaxPc Registration3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SpeedMaxPc Update3.job => C:\Program Files (x86)\Common Files\SpeedMaxPc\UUS3\Update3.exe

==================== Loaded Modules (whitelisted) =============

2014-01-18 11:45 - 2014-01-18 08:22 - 02155008 _____ () C:\Program Files\AVAST Software\Avast\defs\14011701\algo.dll
2009-12-02 00:19 - 2009-09-18 06:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2009-12-02 00:19 - 2009-09-18 06:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/28/2014 04:12:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/28/2014 03:24:49 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/27/2014 09:55:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/27/2014 01:10:55 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/27/2014 11:50:57 AM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 10:38:13 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 09:50:21 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/26/2014 03:30:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (01/26/2014 02:33:17 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

Error: (01/25/2014 06:05:24 PM) (Source: Swapdrive Backup) (User: )
Description: Swapdrive Backup: Web Service Error: System.Net.WebException: The remote name could not be resolved: 'wsvcdell.backup.com'
   at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context)
   at System.Net.HttpWebRequest.GetRequestStream()
   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)
   at Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest req)
   at Swapdrive.Shared.ActivationWsvcs.GetInfo()

System errors:
=============
Error: (01/28/2014 04:57:34 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 04:57:33 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 04:57:32 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (01/28/2014 03:49:44 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/28/2014 03:41:54 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/28/2014 03:38:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (01/28/2014 03:31:42 PM) (Source: Service Control Manager) (User: )
Description: The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

Error: (01/28/2014 03:24:39 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/28/2014 03:24:38 PM) (Source: VDS Basic Provider) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (01/27/2014 05:40:52 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2014-01-25 18:40:48.453
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-25 18:40:47.813
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-25 18:40:47.236
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-25 18:40:46.659
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-24 14:49:13.149
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-01-24 14:49:12.469
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 29%
Total physical RAM: 4092.36 MB
Available physical RAM: 2903.52 MB
Total Pagefile: 8182.89 MB
Available Pagefile: 6932.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:395.01 GB) NTFS
Drive e: (Virgin Mobile) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
Drive g: (USB DISK) (Removable) (Total:0.48 GB) (Free:0.42 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 75349890)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 496 MB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=495 MB) - (Type=04)

==================== End Of Log ============================

#27 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 28 January 2014 - 10:35 AM

There are some minor issues but the system files look good.

Let's take care of what this tool found:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

start
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}
SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty
end

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Also, let's find a replacement file,

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefinduserinit.exe
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#28 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 28 January 2014 - 04:19 PM

^{Hi Tomk,}

^{Done that and logs follow. I noticed that SystemLook advised running a 64-bit version; is that necessary and where would I get that?}

^{Here is the FRST log:}

^{Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02

Ran by Heather at 2014-01-29 09:10:23 Run:1

Running from C:\Users\Heather\Desktop

Boot Mode: Normal

==============================================}

^{Content of fixlist:

*****************

start

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}

SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.mywebs...or={searchTerms}

SearchScopes: HKCU - {F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} URL =}

^{Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

AlternateDataStreams: C:\Users\Heather\Downloads\Your Garden.eml:OECustomProperty

end

*****************}

^{^{HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510} => Key deleted successfully.

HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} => Key deleted successfully.

HKCR\CLSID\{F9CE3CC5-4B23-4E0E-96A6-C27341BE6028} => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.

HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.

C:\Users\Heather\Downloads\Your Garden.eml => ":OECustomProperty" ADS removed successfully.}}

^{^{==== End of Fixlog ====}}

^{And here is the SystemLook log:}

^{SystemLook 30.07.11 by jpshortstuff

Log created at 09:11 on 29/01/2014 by Heather

Administrator - Elevation successful

WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.}

^{Invalid Context: filefinduserinit.exe}

^{-= EOF =-}

^{Here is the parameter file contents I used:}

^{:filefinduserinit.exe}

Edited by kangaroo, 28 January 2014 - 07:02 PM.

#29 Tomk

Beguilement Monitor

Global Moderator
20,451 posts

Posted 28 January 2014 - 04:35 PM

Unfortunately, I missed that the forum software scrambled the script and made two lines into one - so it didn't work.

Here is link for 64 bit version: http://jpshortstuff.247fixes.com/SystemLook_x64.exe

And the corrected script

:filefind
userinit.exe

Tomk
------------------------------------------------------------
Microsoft MVP 2010-2014

#30 kangaroo

Authentic Member

Authentic Member
212 posts

Posted 28 January 2014 - 07:01 PM

Hi Tomk,

Done with 64-bit version of SystemLook. Here is the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:38 on 29/01/2014 by Heather
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe"
C:\Windows\ERDNT\cache64\userinit.exe --a---- 30720 bytes [02:48 22/07/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\ERDNT\cache86\userinit.exe --a---- 26624 bytes [02:48 22/07/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223
C:\Windows\System32\userinit.exe --a---- 30720 bytes [04:26 08/03/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\SysWOW64\userinit.exe --a---- 26624 bytes [04:26 08/03/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe --a---- 30208 bytes [23:50 13/07/2009] [01:39 14/07/2009] 6F8F1376A13114CC10C0E69274F5A4DE
C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe --a---- 30720 bytes [04:26 08/03/2011] [13:25 20/11/2010] BAFE84E637BF7388C96EF48D4D3FDD53
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe --a---- 26112 bytes [23:34 13/07/2009] [01:14 14/07/2009] 6DE80F60D7DE9CE6B8C2DDFDF79EF175
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe --a---- 26624 bytes [04:26 08/03/2011] [12:17 20/11/2010] 61AC3EFDFACFDD3F0F11DD4FD4044223

-= EOF =-

Body Background

skin color theme

IE10 browser & Outlook.com erratic [Solved]

#16 kangaroo

Advertisements

Register to Remove

#17 Tomk

#18 kangaroo

#19 Tomk

#20 kangaroo

#21 Tomk

#22 kangaroo

#23 Tomk

#24 kangaroo

#25 Tomk

Advertisements

Register to Remove

#26 kangaroo

#27 Tomk

#28 kangaroo

#29 Tomk

#30 kangaroo

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Body Background

skin color theme

IE10 browser & Outlook.com erratic [Solved]

#16 kangaroo

Advertisements Register to Remove

#17 Tomk

#18 kangaroo

#19 Tomk

#20 kangaroo

#21 Tomk

#22 kangaroo

#23 Tomk

#24 kangaroo

#25 Tomk

Advertisements Register to Remove

#26 kangaroo

#27 Tomk

#28 kangaroo

#29 Tomk

#30 kangaroo

Related Topics

0 user(s) are reading this topic

About What the Tech

Follow Us

Sign In

Advertisements

Register to Remove

Advertisements

Register to Remove