Author Topic: Three day old laptop has bios malware. (Read 34091 times)

Valorus · « **on:** November 26, 2012, 08:29:46 PM »

This has been a bad month for me. I had a Dell N7010 that became infected with BIOS mal ware that disabled
most functions, shut off the wireless adaptor and shut off USB ports. Unable to repair it, I decided to buy a
replacement, a Dell N7110. In only three days, I managed to find a site that advertised drivers for SM bus drivers
that I was missing. It was infected with mal ware that changed my BIOS security settings and caused IE an almost everything that has to load to slow to a crawl, restore won't restore and the mal ware tools I downloaded were
erased. I haven't had any external devices in it and can't think of any other source of this bug. I hope someone
Here can figure out how to clean this. I'd really appreciate any help you might come up with..

DaveLembke · « **Reply #1 on:** November 27, 2012, 12:51:48 AM »

I'd get a replacement laptop under Dell's Warranty if its brand new and now broken 3 days later. If you tell them you infected it they wont cover it, but of you tell them there is a Bios issue and you dont know why, they might accept it as a hardware failure and give you a replacement. The last replacement with Dell, they sent a replacement over night, but I had to give them my credit card to bill me for 2nd computer, and then be credited in full on receipt of the defective laptop. Otherwise they have a policy in which you can have a replacement in 6-10 business days, or at least thats what it was 4 years ago when dealing with them with a cooked GPU that I had to play dumb on cooking the GPU playing video games.

Bios issues on laptops are harder to fix than desktop computers!

( I am not suppose to answer in this forum in regards to malware, and am only answering from a hardware standpoint which is my specialty. Tried to get credited through one of the free malware training sites and no response... will try the next one on the list so that I can get the training/testing/cert credentials and be able to reply and help here without being in violation in the future

)

Allan · « **Reply #2 on:** November 27, 2012, 05:52:43 AM »

Laptop drivers should ALWAYS and ONLY be downloaded from the website of the laptop manufacturer.

For now, please wait for a malware specialist to respond.

BC_Programmer · « **Reply #3 on:** November 27, 2012, 06:46:27 AM »

BIOS malware wouldn't change IE security settings. It was likely just your everyday malware.

That doesn't mean it's not something to be concerned about, of course.

Valorus · « **Reply #4 on:** November 27, 2012, 07:06:58 AM »

Thanks to everyone for your comments, does anyone have any idea where to go from here? As you can imagine,
this has made for a very unhappy week.

Allan · « **Reply #5 on:** November 27, 2012, 07:17:17 AM »

Please follow the instructions in the following link and post your logs:
http://www.computerhope.com/forum/index.php/topic,46313.0.html

Valorus · « **Reply #6 on:** November 27, 2012, 08:22:46 AM »

This bug won't allow me to connect. Are there any tools that would allow me to connect? Thanks for your reply.

Allan · « **Reply #7 on:** November 27, 2012, 08:25:01 AM »

Connect to what - the Internet? You seem to be online now - just download the required tools / apps on a different system and copy them to the one in question.

Valorus · « **Reply #8 on:** November 27, 2012, 08:31:50 AM »

I'm on a tablet now.

Allan · « **Reply #9 on:** November 27, 2012, 08:32:45 AM »

You'll need access to a computer that can get online. Download what you need, copy them to a flash drive or cd and transfer them to your system.

Valorus · « **Reply #10 on:** November 27, 2012, 09:43:09 AM »

This is what I could get. I'll post it and explain in another post.

[year+ old attachment deleted by admin]

Valorus · « **Reply #11 on:** November 27, 2012, 09:50:31 AM »

I wanted to post those logs before this thing quit. I was able to D/L Chrome and it
began somewhat normally, but won't let awdCleaner to run. I think the rest worked OK.
Explorer doesn't load usually, it freezes and takes three or four minutes to recover.
It's different every time I use it. Right It's acting almost normally.

Thanks for your help, I obviously can't do much on my own.

SuperDave · « **Reply #12 on:** November 27, 2012, 01:15:48 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Valorus · « **Reply #13 on:** November 27, 2012, 05:33:50 PM »

Hi Dave,

I have to do this one at a time. Two, I guess. These took all afternoon.

Norm

[year+ old attachment deleted by admin]

Valorus · « **Reply #14 on:** November 27, 2012, 05:37:50 PM »

Here's one more.

[year+ old attachment deleted by admin]

SuperDave · « **Reply #15 on:** November 28, 2012, 12:13:30 PM »

Please do not attach your logs unless absolutely necessary. Copy and paste them in your reply(ies)

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

*****************************************
Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

Valorus · « **Reply #16 on:** November 28, 2012, 01:37:16 PM »

Dave, look at this:Dave, look at this site: http://forum.avast.com/index.php?topic=105063.5;wap2

Valorus · « **Reply #17 on:** November 28, 2012, 01:46:28 PM »

That last post was being erased as quickly as I could type, but it referenced a similar problem.
I tried to PM you, but the messages disappeared before I could post them.

[year+ old attachment deleted by admin]

Valorus · « **Reply #18 on:** November 28, 2012, 02:09:35 PM »

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Norm 2 [Admin rights]
Mode : Scan -- Date : 11/26/2012 14:10:11

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST750LM022 HN-M750MBB ATA Device +++++
--- User ---
[MBR] 504535c314bed6c5671ab8d03fe7a455
[BSP] 1c236b4c746ecb35a0082aa9470abaac : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 701402 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 1436473344 | Size: 14000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11262012_02d1410.txt >>
RKreport[1]_S_11262012_02d1410.txt

Valorus · « **Reply #19 on:** November 28, 2012, 02:11:50 PM »

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows 7 Home Edition (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
.
C:\ [Fixed-NTFS] .. ( Total:684 Go - Free:562 Go )
D:\ [CD_Rom]
E:\ [Removable]
.
Scan : 12:20.29
Path : C:\Users\Norm 2\Downloads\Rooter.exe
User : Norm 2 ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (296)
Locked csrss.exe (548)
Locked wininit.exe (592)
Locked csrss.exe (616)
Locked services.exe (676)
Locked winlogon.exe (684)
Locked lsass.exe (712)
Locked lsm.exe (724)
Locked svchost.exe (816)
Locked vsserv.exe (876)
Locked svchost.exe (776)
Locked svchost.exe (1136)
Locked svchost.exe (1196)
Locked svchost.exe (1224)
Locked svchost.exe (1384)
Locked hmpsched.exe (1460)
Locked svchost.exe (1524)
______

?

?? (1796)
______

?

?? (1820)
Locked wlanext.exe (1860)
Locked conhost.exe (1868)
Locked spoolsv.exe (1944)
Locked svchost.exe (1988)
______

?

?? (2016)
Locked EvtEng.exe (2068)
Locked mbamscheduler.exe (2212)
Locked mbamservice.exe (2396)
______

?

?? (2428)
______

?

?? (2444)
______

?

?? (2452)
______

?

?? (2460)
Locked GoogleToolbarNotifier.exe (2468)
______ C:\Users\Norm 2\AppData\Local\Akamai\netsession_win.exe (2488)
______ C:\Users\Norm 2\AppData\Local\Akamai\netsession_win.exe (2720)
______

?

?? (2880)
Locked NvtlSrvr.exe (2916)
______ C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (2964)
Locked RegSrvc.exe (1912)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (2764)
Locked updatesrv.exe (3044)
Locked WLIDSVC.EXE (1584)
Locked WLIDSVCM.EXE (3148)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (3852)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4048)
Locked unsecapp.exe (3256)
Locked WmiPrvSE.exe (3504)
Locked SearchIndexer.exe (3908)
Locked svchost.exe (4792)
Locked WUDFHost.exe (5088)
Locked svchost.exe (4700)
Locked WSED.exe (4304)
Locked BTHSAmpPalService.exe (3940)
Locked BTHSSecurityMgr.exe (3448)
Locked svchost.exe (3564)
Locked GoogleUpdate.exe (3648)
Locked sprtsvc.exe (3296)
______

?

?? (1316)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4148)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (1476)
Locked taskeng.exe (1664)
Locked audiodg.exe (2308)
______ C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (1724)
______ C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (4028)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4924)
Locked SearchProtocolHost.exe (4848)
Locked SearchFilterHost.exe (3596)
______ C:\Users\Norm 2\Downloads\Rooter.exe (1004)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:1048576 | Length:735473303552)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:735474352128 | Length:14680064000)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\Adobe Flash Player Updater.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 12:20.31
.
C:\Rooter$\Rooter_1.txt - (28/11/2012 | 12:20.31)

SuperDave · « **Reply #20 on:** November 28, 2012, 07:38:33 PM »

Good. How's your computer running now?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Valorus · « **Reply #21 on:** November 29, 2012, 08:33:44 AM »

Dave,

Here's the Eset file. All these scanners have shown that this computer is clean-NOT!
This Eset scanner took an hour to go from 99% to finish. If I try to examine the Add-on
utility, it opens but the window is blocked. Utilities like RogueKiller are deleted from the
desktop in about an hour. Windows firewall is open each time I bootup.
There is malware in this computer that the scanners just can't see.
I appreciate your help and hope this isn't as far as we go. I open to any ideas Dave.

Thanks, Norm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ed2c4bd5ed701448527160359c46c2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 05:47:02
# local_time=2012-11-28 09:47:02 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 0 9344346 0 0
# compatibility_mode=5893 16776574 100 94 0 105704994 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=365000
# found=0
# cleaned=0
# scan_time=6479
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4ed2c4bd5ed701448527160359c46c2b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-29 03:23:04
# local_time=2012-11-29 07:23:04 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3073 16777213 80 71 0 9378932 0 0
# compatibility_mode=5893 16776574 100 94 0 105739580 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=365134
# found=0
# cleaned=0
# scan_time=6453

Valorus · « **Reply #22 on:** November 29, 2012, 08:55:39 AM »

Here's a screenshot of the addon box.

[year+ old attachment deleted by admin]

SuperDave · « **Reply #23 on:** November 29, 2012, 12:32:00 PM »

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Valorus · « **Reply #24 on:** November 29, 2012, 01:26:04 PM »

Here's the tdsskiller report:

12:27:09.0671 4288 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:27:10.0591 4288 ============================================================
12:27:10.0591 4288 Current date / time: 2012/11/29 12:27:10.0591
12:27:10.0591 4288 SystemInfo:
12:27:10.0591 4288
12:27:10.0591 4288 OS Version: 6.1.7601 ServicePack: 1.0
12:27:10.0591 4288 Product type: Workstation
12:27:10.0591 4288 ComputerName: NORM2-PC
12:27:10.0591 4288 UserName: Norm 2
12:27:10.0591 4288 Windows directory: C:\Windows
12:27:10.0591 4288 System windows directory: C:\Windows
12:27:10.0591 4288 Running under WOW64
12:27:10.0591 4288 Processor architecture: Intel x64
12:27:10.0591 4288 Number of processors: 4
12:27:10.0591 4288 Page size: 0x1000
12:27:10.0591 4288 Boot type: Normal boot
12:27:10.0591 4288 ============================================================
12:27:12.0089 4288 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:27:12.0120 4288 ============================================================
12:27:12.0120 4288 \Device\Harddisk0\DR0:
12:27:12.0120 4288 MBR partitions:
12:27:12.0120 4288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x559ED000
12:27:12.0120 4288 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x559ED800, BlocksNum 0x1B58000
12:27:12.0120 4288 ============================================================
12:27:12.0167 4288 C: <-> \Device\Harddisk0\DR0\Partition1
12:27:12.0167 4288 ============================================================
12:27:12.0167 4288 Initialize success
12:27:12.0167 4288 ============================================================
12:27:19.0951 5292 ============================================================
12:27:19.0951 5292 Scan started
12:27:19.0951 5292 Mode: Manual; SigCheck; TDLFS;
12:27:19.0951 5292 ============================================================
12:27:20.0591 5292 ================ Scan system memory ========================
12:27:20.0591 5292 System memory - ok
12:27:20.0591 5292 ================ Scan services =============================
12:27:20.0825 5292 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:27:20.0903 5292 1394ohci - ok
12:27:20.0919 5292 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:27:20.0934 5292 ACPI - ok
12:27:20.0965 5292 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:27:21.0012 5292 AcpiPmi - ok
12:27:21.0121 5292 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:27:21.0153 5292 AdobeFlashPlayerUpdateSvc - ok
12:27:21.0262 5292 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
12:27:21.0293 5292 adp94xx - ok
12:27:21.0309 5292 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
12:27:21.0324 5292 adpahci - ok
12:27:21.0324 5292 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
12:27:21.0340 5292 adpu320 - ok
12:27:21.0371 5292 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:27:21.0402 5292 AeLookupSvc - ok
12:27:21.0465 5292 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:27:21.0511 5292 AFD - ok
12:27:21.0543 5292 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:27:21.0558 5292 agp440 - ok
12:27:21.0589 5292 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:27:21.0605 5292 ALG - ok
12:27:21.0636 5292 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:27:21.0636 5292 aliide - ok
12:27:21.0652 5292 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:27:21.0667 5292 amdide - ok
12:27:21.0683 5292 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
12:27:21.0699 5292 AmdK8 - ok
12:27:21.0714 5292 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
12:27:21.0730 5292 AmdPPM - ok
12:27:21.0777 5292 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:27:21.0808 5292 amdsata - ok
12:27:21.0823 5292 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
12:27:21.0839 5292 amdsbs - ok
12:27:21.0886 5292 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:27:21.0917 5292 amdxata - ok
12:27:21.0964 5292 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
12:27:22.0011 5292 AMPPAL - ok
12:27:22.0011 5292 [ D46391F209DE0A98A97D1D1765F53438 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys
12:27:22.0026 5292 AMPPALP - ok
12:27:22.0120 5292 [ EDFB061F7D553B84731B8263077FD520 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
12:27:22.0167 5292 AMPPALR3 - ok
12:27:22.0213 5292 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:27:22.0276 5292 AppID - ok
12:27:22.0307 5292 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:27:22.0338 5292 AppIDSvc - ok
12:27:22.0385 5292 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:27:22.0416 5292 Appinfo - ok
12:27:22.0510 5292 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
12:27:22.0541 5292 arc - ok
12:27:22.0541 5292 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
12:27:22.0572 5292 arcsas - ok
12:27:22.0837 5292 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:27:22.0869 5292 aspnet_state - ok
12:27:22.0900 5292 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:27:22.0931 5292 AsyncMac - ok
12:27:22.0962 5292 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:27:22.0978 5292 atapi - ok
12:27:23.0040 5292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:27:23.0087 5292 AudioEndpointBuilder - ok
12:27:23.0103 5292 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:27:23.0134 5292 AudioSrv - ok
12:27:23.0321 5292 [ E7433C0C2505D8DEE6CA2A446C355595 ] avc3 C:\Windows\system32\DRIVERS\avc3.sys
12:27:23.0368 5292 avc3 - ok
12:27:23.0399 5292 [ 4C6BCC638798ABE1F70AFCA70D889C3F ] avchv C:\Windows\system32\DRIVERS\avchv.sys
12:27:23.0415 5292 avchv - ok
12:27:23.0555 5292 [ 3CA0BD46B2FC65393A9B1DCAF6E2F7E7 ] avckf C:\Windows\system32\DRIVERS\avckf.sys
12:27:23.0617 5292 avckf - ok
12:27:23.0695 5292 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:27:23.0742 5292 AxInstSV - ok
12:27:23.0805 5292 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
12:27:23.0836 5292 b06bdrv - ok
12:27:23.0883 5292 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:27:23.0898 5292 b57nd60a - ok
12:27:23.0945 5292 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:27:23.0961 5292 BDESVC - ok
12:27:24.0117 5292 [ 4CE4B0098FC315C237FA8867F07886C4 ] bdfwfpf C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys
12:27:24.0148 5292 bdfwfpf - ok
12:27:24.0241 5292 [ F4683F14A40B05438A8B6E3B4EE765AC ] BDSandBox C:\Windows\system32\drivers\bdsandbox.sys
12:27:24.0273 5292 BDSandBox - ok
12:27:24.0319 5292 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:27:24.0382 5292 Beep - ok
12:27:24.0460 5292 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:27:24.0522 5292 BFE - ok
12:27:24.0709 5292 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:27:24.0772 5292 BITS - ok
12:27:24.0787 5292 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:27:24.0803 5292 blbdrive - ok
12:27:24.0834 5292 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:27:24.0865 5292 bowser - ok
12:27:24.0912 5292 [ 597FFFAC47605337B1C719B4975238F0 ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
12:27:24.0943 5292 bpenum - ok
12:27:24.0975 5292 [ F66C6AD105EF5A899207F4907366E2E2 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
12:27:24.0990 5292 bpmp - ok
12:27:25.0021 5292 [ AE6751F004DFEBE0A7548265CCF432CE ] bpusb C:\Windows\system32\Drivers\bpusb.sys
12:27:25.0037 5292 bpusb - ok
12:27:25.0068 5292 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
12:27:25.0115 5292 BrFiltLo - ok
12:27:25.0115 5292 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
12:27:25.0131 5292 BrFiltUp - ok
12:27:25.0209 5292 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:27:25.0271 5292 BridgeMP - ok
12:27:25.0334 5292 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:27:25.0365 5292 Browser - ok
12:27:25.0380 5292 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:27:25.0412 5292 Brserid - ok
12:27:25.0412 5292 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:27:25.0427 5292 BrSerWdm - ok
12:27:25.0443 5292 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:27:25.0443 5292 BrUsbMdm - ok
12:27:25.0443 5292 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:27:25.0458 5292 BrUsbSer - ok
12:27:25.0505 5292 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
12:27:25.0536 5292 BthEnum - ok
12:27:25.0552 5292 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
12:27:25.0568 5292 BTHMODEM - ok
12:27:25.0599 5292 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
12:27:25.0614 5292 BthPan - ok
12:27:25.0677 5292 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
12:27:25.0708 5292 BTHPORT - ok
12:27:25.0770 5292 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:27:25.0833 5292 bthserv - ok
12:27:25.0864 5292 [ A3BC030FC526643DFDCA27299F75544B ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
12:27:25.0864 5292 BTHSSecurityMgr - ok
12:27:25.0895 5292 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
12:27:25.0911 5292 BTHUSB - ok
12:27:25.0958 5292 catchme - ok
12:27:25.0989 5292 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:27:26.0036 5292 cdfs - ok
12:27:26.0098 5292 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
12:27:26.0129 5292 cdrom - ok
12:27:26.0176 5292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:27:26.0238 5292 CertPropSvc - ok
12:27:26.0270 5292 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
12:27:26.0285 5292 circlass - ok
12:27:26.0332 5292 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:27:26.0363 5292 CLFS - ok
12:27:26.0488 5292 [ 5724D9ECBF2A378EBF85FDC3BDA01F98 ] CLPSLauncher C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe
12:27:26.0535 5292 CLPSLauncher - ok
12:27:26.0628 5292 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:27:26.0660 5292 clr_optimization_v2.0.50727_32 - ok
12:27:26.0706 5292 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:27:26.0738 5292 clr_optimization_v2.0.50727_64 - ok
12:27:26.0894 5292 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:27:26.0925 5292 clr_optimization_v4.0.30319_32 - ok
12:27:26.0956 5292 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:27:26.0987 5292 clr_optimization_v4.0.30319_64 - ok
12:27:27.0034 5292 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:27:27.0065 5292 CmBatt - ok
12:27:27.0221 5292 [ 65FB5097D9EE7E3A99E932CFA0E4B344 ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
12:27:27.0268 5292 cmdAgent - ok
12:27:27.0315 5292 [ 919ACCC22ABDC1C3CA68326C0E5DEAF9 ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
12:27:27.0362 5292 cmdGuard - ok
12:27:27.0377 5292 [ F8FECE0F1D44C4A58778083B00EEADAC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
12:27:27.0393 5292 cmdHlp - ok
12:27:27.0424 5292 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:27:27.0440 5292 cmdide - ok
12:27:27.0486 5292 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:27:27.0533 5292 CNG - ok
12:27:27.0549 5292 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:27:27.0564 5292 Compbatt - ok
12:27:27.0580 5292 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
12:27:27.0596 5292 CompositeBus - ok
12:27:27.0596 5292 COMSysApp - ok
12:27:27.0705 5292 [ 78AF1C499BF02F9814DF959A04A4F9C9 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
12:27:27.0752 5292 cphs - ok
12:27:27.0798 5292 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
12:27:27.0830 5292 crcdisk - ok
12:27:27.0892 5292 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:27:27.0923 5292 CryptSvc - ok
12:27:27.0986 5292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:27:28.0064 5292 DcomLaunch - ok
12:27:28.0110 5292 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:27:28.0173 5292 defragsvc - ok
12:27:28.0204 5292 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:27:28.0220 5292 DfsC - ok
12:27:28.0251 5292 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:27:28.0266 5292 Dhcp - ok
12:27:28.0282 5292 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:27:28.0313 5292 discache - ok
12:27:28.0344 5292 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
12:27:28.0344 5292 Disk - ok
12:27:28.0391 5292 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:27:28.0422 5292 Dnscache - ok
12:27:28.0454 5292 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:27:28.0485 5292 dot3svc - ok
12:27:28.0516 5292 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:27:28.0532 5292 DPS - ok
12:27:28.0859 5292 [ 7D78A1AE39A95A22A8184907898EE019 ] DragonUpdater C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
12:27:28.0922 5292 DragonUpdater - ok
12:27:28.0953 5292 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:27:28.0984 5292 drmkaud - ok
12:27:29.0031 5292 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:27:29.0062 5292 DXGKrnl - ok
12:27:29.0093 5292 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:27:29.0140 5292 EapHost - ok
12:27:29.0234 5292 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
12:27:29.0280 5292 ebdrv - ok
12:27:29.0343 5292 efavdrv - ok
12:27:29.0390 5292 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:27:29.0421 5292 EFS - ok
12:27:29.0514 5292 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:27:29.0546 5292 ehRecvr - ok
12:27:29.0546 5292 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:27:29.0561 5292 ehSched - ok
12:27:29.0624 5292 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
12:27:29.0655 5292 elxstor - ok
12:27:29.0670 5292 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:27:29.0686 5292 ErrDev - ok
12:27:29.0748 5292 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:27:29.0811 5292 EventSystem - ok
12:27:29.0951 5292 [ 6EB16C7286FBCD3AB206743BA813EC48 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
12:27:29.0982 5292 EvtEng - ok
12:27:30.0045 5292 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:27:30.0107 5292 exfat - ok
12:27:30.0107 5292 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:27:30.0138 5292 fastfat - ok
12:27:30.0185 5292 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:27:30.0216 5292 Fax - ok
12:27:30.0216 5292 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
12:27:30.0232 5292 fdc - ok
12:27:30.0263 5292 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:27:30.0294 5292 fdPHost - ok
12:27:30.0341 5292 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:27:30.0388 5292 FDResPub - ok
12:27:30.0404 5292 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:27:30.0419 5292 FileInfo - ok
12:27:30.0419 5292 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:27:30.0450 5292 Filetrace - ok
12:27:30.0450 5292 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
12:27:30.0466 5292 flpydisk - ok
12:27:30.0466 5292 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:27:30.0482 5292 FltMgr - ok
12:27:30.0544 5292 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
12:27:30.0591 5292 FontCache - ok
12:27:30.0669 5292 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:27:30.0684 5292 FontCache3.0.0.0 - ok
12:27:30.0716 5292 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:27:30.0747 5292 FsDepends - ok
12:27:30.0794 5292 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:27:30.0809 5292 Fs_Rec - ok
12:27:30.0840 5292 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:27:30.0856 5292 fvevol - ok
12:27:30.0887 5292 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
12:27:30.0903 5292 gagp30kx - ok
12:27:31.0043 5292 [ 31B5C233933CAF0FB1499F458F04FD9A ] GeekBuddyRSP C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe
12:27:31.0090 5292 GeekBuddyRSP - ok
12:27:31.0168 5292 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:27:31.0230 5292 gpsvc - ok
12:27:31.0340 5292 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:31.0386 5292 gupdate - ok
12:27:31.0402 5292 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:27:31.0418 5292 gupdatem - ok
12:27:31.0449 5292 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:27:31.0464 5292 gusvc - ok
12:27:31.0496 5292 [ BF2763FEA9704B1D9AA2C7719423251A ] gzflt C:\Windows\system32\DRIVERS\gzflt.sys
12:27:31.0496 5292 gzflt - ok
12:27:31.0527 5292 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:27:31.0527 5292 hcw85cir - ok
12:27:31.0574 5292 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:27:31.0605 5292 HdAudAddService - ok
12:27:31.0652 5292 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
12:27:31.0667 5292 HDAudBus - ok
12:27:31.0667 5292 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
12:27:31.0683 5292 HidBatt - ok
12:27:31.0730 5292 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
12:27:31.0761 5292 HidBth - ok
12:27:31.0792 5292 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
12:27:31.0808 5292 HidIr - ok
12:27:31.0823 5292 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:27:31.0854 5292 hidserv - ok
12:27:31.0886 5292 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:27:31.0901 5292 HidUsb - ok
12:27:31.0948 5292 [ 874073073B79FF7161AA66F809B05137 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
12:27:31.0995 5292 HitmanProScheduler - ok
12:27:32.0042 5292 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:27:32.0088 5292 hkmsvc - ok
12:27:32.0135 5292 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:27:32.0166 5292 HomeGroupListener - ok
12:27:32.0198 5292 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:27:32.0213 5292 HomeGroupProvider - ok
12:27:32.0244 5292 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:27:32.0244 5292 HpSAMD - ok
12:27:32.0276 5292 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:27:32.0307 5292 HTTP - ok
12:27:32.0338 5292 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:27:32.0338 5292 hwpolicy - ok
12:27:32.0369 5292 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
12:27:32.0385 5292 i8042prt - ok
12:27:32.0432 5292 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:27:32.0478 5292 iaStorV - ok
12:27:32.0525 5292 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
12:27:32.0556 5292 IDriverT ( UnsignedFile.Multi.Generic ) - warning
12:27:32.0556 5292 IDriverT - detected UnsignedFile.Multi.Generic (1)
12:27:32.0634 5292 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:27:32.0681 5292 idsvc - ok
12:27:32.0822 5292 [ A1CF07D24EDCDC6870535471654D957C ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
12:27:32.0884 5292 igfx - ok
12:27:32.0946 5292 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
12:27:32.0978 5292 iirsp - ok
12:27:33.0024 5292 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:27:33.0071 5292 IKEEXT - ok
12:27:33.0118 5292 [ C4E67D3037DC79E39D7136581A947F50 ] inspect C:\Windows\system32\DRIVERS\inspect.sys
12:27:33.0149 5292 inspect - ok
12:27:33.0227 5292 [ 314285071F7117263BD246E35C17FD82 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
12:27:33.0258 5292 intaud_WaveExtensible - ok
12:27:33.0352 5292 [ D45DD81112A179255A06E030F818BAE8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:27:33.0399 5292 IntcAzAudAddService - ok
12:27:33.0446 5292 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:27:33.0446 5292 intelide - ok
12:27:33.0461 5292 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:27:33.0461 5292 intelppm - ok
12:27:33.0508 5292 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:27:33.0539 5292 IPBusEnum - ok
12:27:33.0555 5292 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:27:33.0586 5292 IpFilterDriver - ok
12:27:33.0648 5292 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:27:33.0695 5292 iphlpsvc - ok
12:27:33.0695 5292 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:27:33.0711 5292 IPMIDRV - ok
12:27:33.0711 5292 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:27:33.0742 5292 IPNAT - ok
12:27:33.0773 5292 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:27:33.0789 5292 IRENUM - ok
12:27:33.0820 5292 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:27:33.0820 5292 isapnp - ok
12:27:33.0867 5292 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:27:33.0882 5292 iScsiPrt - ok
12:27:33.0929 5292 [ 4487AD9C070D3973FE28AB4406555FC6 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
12:27:33.0945 5292 iwdbus - ok
12:27:33.0976 5292 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:27:34.0007 5292 kbdclass - ok
12:27:34.0023 5292 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:27:34.0023 5292 kbdhid - ok
12:27:34.0054 5292 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:27:34.0070 5292 KeyIso - ok
12:27:34.0101 5292 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:27:34.0116 5292 KSecDD - ok
12:27:34.0116 5292 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:27:34.0132 5292 KSecPkg - ok
12:27:34.0163 5292 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:27:34.0210 5292 ksthunk - ok
12:27:34.0257 5292 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:27:34.0288 5292 KtmRm - ok
12:27:34.0335 5292 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:27:34.0413 5292 LanmanServer - ok
12:27:34.0444 5292 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:27:34.0475 5292 LanmanWorkstation - ok
12:27:34.0522 5292 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:27:34.0584 5292 lltdio - ok
12:27:34.0616 5292 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:27:34.0647 5292 lltdsvc - ok
12:27:34.0694 5292 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:27:34.0756 5292 lmhosts - ok
12:27:34.0772 5292 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
12:27:34.0787 5292 LSI_FC - ok
12:27:34.0787 5292 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
12:27:34.0803 5292 LSI_SAS - ok
12:27:34.0803 5292 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
12:27:34.0803 5292 LSI_SAS2 - ok
12:27:34.0818 5292 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
12:27:34.0818 5292 LSI_SCSI - ok
12:27:34.0850 5292 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:27:34.0881 5292 luafv - ok
12:27:34.0943 5292 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
12:27:34.0974 5292 MBAMProtector - ok
12:27:35.0037 5292 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
12:27:35.0084 5292 MBAMScheduler - ok
12:27:35.0099 5292 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:27:35.0130 5292 MBAMService - ok
12:27:35.0162 5292 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:27:35.0208 5292 Mcx2Svc - ok
12:27:35.0224 5292 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
12:27:35.0240 5292 megasas - ok
12:27:35.0271 5292 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
12:27:35.0286 5292 MegaSR - ok
12:27:35.0318 5292 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
12:27:35.0349 5292 MEIx64 - ok
12:27:35.0364 5292 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:27:35.0427 5292 MMCSS - ok
12:27:35.0442 5292 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:27:35.0474 5292 Modem - ok
12:27:35.0520 5292 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:27:35.0536 5292 monitor - ok
12:27:35.0536 5292 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:27:35.0552 5292 mouclass - ok
12:27:35.0552 5292 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:27:35.0567 5292 mouhid - ok
12:27:35.0583 5292 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:27:35.0598 5292 mountmgr - ok
12:27:35.0598 5292 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:27:35.0614 5292 mpio - ok
12:27:35.0630 5292 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:27:35.0661 5292 mpsdrv - ok
12:27:35.0692 5292 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:27:35.0723 5292 MpsSvc - ok
12:27:35.0739 5292 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:27:35.0754 5292 MRxDAV - ok
12:27:35.0801 5292 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:27:35.0832 5292 mrxsmb - ok
12:27:35.0864 5292 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:27:35.0879 5292 mrxsmb10 - ok
12:27:35.0910 5292 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:27:35.0926 5292 mrxsmb20 - ok
12:27:35.0957 5292 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:27:35.0973 5292 msahci - ok
12:27:35.0973 5292 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:27:35.0988 5292 msdsm - ok
12:27:36.0020 5292 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:27:36.0035 5292 MSDTC - ok
12:27:36.0035 5292 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:27:36.0066 5292 Msfs - ok
12:27:36.0098 5292 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:27:36.0129 5292 mshidkmdf - ok
12:27:36.0129 5292 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:27:36.0129 5292 msisadrv - ok
12:27:36.0176 5292 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:27:36.0238 5292 MSiSCSI - ok
12:27:36.0254 5292 msiserver - ok
12:27:36.0285 5292 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:27:36.0316 5292 MSKSSRV - ok
12:27:36.0347 5292 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:27:36.0378 5292 MSPCLOCK - ok
12:27:36.0378 5292 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:27:36.0410 5292 MSPQM - ok
12:27:36.0425 5292 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:27:36.0441 5292 MsRPC - ok
12:27:36.0441 5292 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
12:27:36.0456 5292 mssmbios - ok
12:27:36.0472 5292 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:27:36.0503 5292 MSTEE - ok
12:27:36.0519 5292 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
12:27:36.0534 5292 MTConfig - ok
12:27:36.0534 5292 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:27:36.0534 5292 Mup - ok
12:27:36.0597 5292 [ 7E11D1788F5B531D49EF0AF97202437B ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
12:27:36.0628 5292 MyWiFiDHCPDNS - ok
12:27:36.0690 5292 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:27:36.0753 5292 napagent - ok
12:27:36.0784 5292 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:27:36.0800 5292 NativeWifiP - ok
12:27:36.0862 5292 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
12:27:36.0909 5292 NDIS - ok
12:27:36.0987 5292 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:27:37.0049 5292 NdisCap - ok
12:27:37.0096 5292 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:27:37.0158 5292 NdisTapi - ok
12:27:37.0158 5292 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:27:37.0174 5292 Ndisuio - ok
12:27:37.0190 5292 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:27:37.0205 5292 NdisWan - ok
12:27:37.0221 5292 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:27:37.0236 5292 NDProxy - ok
12:27:37.0252 5292 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:27:37.0268 5292 NetBIOS - ok
12:27:37.0299 5292 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:27:37.0330 5292 NetBT - ok
12:27:37.0361 5292 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:27:37.0377 5292 Netlogon - ok
12:27:37.0424 5292 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:27:37.0486 5292 Netman - ok
12:27:37.0704 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:37.0736 5292 NetMsmqActivator - ok
12:27:37.0751 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:37.0767 5292 NetPipeActivator - ok
12:27:37.0798 5292 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:27:37.0845 5292 netprofm - ok
12:27:37.0876 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:37.0876 5292 NetTcpActivator - ok
12:27:37.0876 5292 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:27:37.0892 5292 NetTcpPortSharing - ok
12:27:38.0188 5292 [ 219A40EEEA50D638BA9D08680C354A0C ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw00.sys
12:27:38.0282 5292 NETwNs64 - ok
12:27:38.0344 5292 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
12:27:38.0375 5292 nfrd960 - ok
12:27:38.0438 5292 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:27:38.0469 5292 NlaSvc - ok
12:27:38.0469 5292 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:27:38.0516 5292 Npfs - ok
12:27:38.0562 5292 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:27:38.0625 5292 nsi - ok
12:27:38.0625 5292 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:27:38.0656 5292 nsiproxy - ok
12:27:38.0718 5292 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:27:38.0765 5292 Ntfs - ok
12:27:38.0796 5292 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:27:38.0812 5292 Null - ok
12:27:38.0843 5292 [ D584ABB6A308933A5F72B46C9E5A783F ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
12:27:38.0874 5292 nusb3hub - ok
12:27:38.0937 5292 [ 345B9C04E2036DA4346E3249A5BDFD06 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
12:27:38.0968 5292 nusb3xhc - ok
12:27:39.0046 5292 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:27:39.0077 5292 nvraid - ok
12:27:39.0093 5292 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:27:39.0108 5292 nvstor - ok
12:27:39.0186 5292 [ B9D293D8106AC02BAAAD293E7469F77D ] NvtlService C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
12:27:39.0218 5292 NvtlService ( UnsignedFile.Multi.Generic ) - warning
12:27:39.0218 5292 NvtlService - detected UnsignedFile.Multi.Generic (1)
12:27:39.0233 5292 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:27:39.0264 5292 nv_agp - ok
12:27:39.0296 5292 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:27:39.0327 5292 ohci1394 - ok
12:27:39.0374 5292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:27:39.0405 5292 p2pimsvc - ok
12:27:39.0452 5292 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:27:39.0483 5292 p2psvc - ok
12:27:39.0498 5292 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
12:27:39.0514 5292 Parport - ok
12:27:39.0561 5292 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:27:39.0576 5292 partmgr - ok
12:27:39.0623 5292 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:27:39.0639 5292 PcaSvc - ok
12:27:39.0654 5292 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:27:39.0670 5292 pci - ok
12:27:39.0686 5292 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:27:39.0701 5292 pciide - ok
12:27:39.0717 5292 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
12:27:39.0732 5292 pcmcia - ok
12:27:39.0764 5292 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:27:39.0779 5292 pcw - ok
12:27:39.0810 5292 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:27:39.0842 5292 PEAUTH - ok
12:27:39.0920 5292 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:27:39.0951 5292 PerfHost - ok
12:27:40.0013 5292 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:27:40.0044 5292 pla - ok
12:27:40.0107 5292 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:27:40.0154 5292 PlugPlay - ok
12:27:40.0169 5292 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:27:40.0200 5292 PNRPAutoReg - ok
12:27:40.0216 5292 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:27:40.0232 5292 PNRPsvc - ok
12:27:40.0263 5292 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:27:40.0294 5292 PolicyAgent - ok
12:27:40.0341 5292 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:27:40.0403 5292 Power - ok
12:27:40.0434 5292 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:27:40.0466 5292 PptpMiniport - ok
12:27:40.0497 5292 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
12:27:40.0497 5292 Processor - ok
12:27:40.0559 5292 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
12:27:40.0590 5292 ProfSvc - ok
12:27:40.0606 5292 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:27:40.0622 5292 ProtectedStorage - ok
12:27:40.0653 5292 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:27:40.0700 5292 Psched - ok
12:27:40.0762 5292 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
12:27:40.0793 5292 ql2300 - ok
12:27:40.0809 5292 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
12:27:40.0824 5292 ql40xx - ok
12:27:40.0856 5292 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:27:40.0871 5292 QWAVE - ok
12:27:40.0887 5292 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:27:40.0902 5292 QWAVEdrv - ok
12:27:40.0902 5292 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:27:40.0934 5292 RasAcd - ok
12:27:40.0980 5292 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:27:41.0012 5292 RasAgileVpn - ok
12:27:41.0027 5292 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:27:41.0058 5292 RasAuto - ok
12:27:41.0090 5292 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:27:41.0105 5292 Rasl2tp - ok
12:27:41.0152 5292 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:27:41.0183 5292 RasMan - ok
12:27:41.0183 5292 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:27:41.0214 5292 RasPppoe - ok
12:27:41.0214 5292 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:27:41.0246 5292 RasSstp - ok
12:27:41.0277 5292 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:27:41.0292 5292 rdbss - ok
12:27:41.0308 5292 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
12:27:41.0324 5292 rdpbus - ok
12:27:41.0355 5292 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:27:41.0386 5292 RDPCDD - ok
12:27:41.0402 5292 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:27:41.0417 5292 RDPENCDD - ok
12:27:41.0433 5292 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:27:41.0464 5292 RDPREFMP - ok
12:27:41.0511 5292 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:27:41.0526 5292 RDPWD - ok
12:27:41.0558 5292 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:27:41.0573 5292 rdyboost - ok
12:27:41.0682 5292 [ F09087C51C6AE42AE7DABE1EB3E44C17 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
12:27:41.0714 5292 RegSrvc - ok
12:27:41.0776 5292 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:27:41.0838 5292 RemoteAccess - ok
12:27:41.0870 5292 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:27:41.0901 5292 RemoteRegistry - ok
12:27:41.0948 5292 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
12:27:41.0994 5292 RFCOMM - ok
12:27:42.0010 5292 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:27:42.0041 5292 RpcEptMapper - ok
12:27:42.0057 5292 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:27:42.0072 5292 RpcLocator - ok
12:27:42.0119 5292 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:27:42.0150 5292 RpcSs - ok
12:27:42.0197 5292 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:27:42.0260 5292 rspndr - ok
12:27:42.0322 5292 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
12:27:42.0369 5292 RTL8167 - ok
12:27:42.0400 5292 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:27:42.0416 5292 SamSs - ok
12:27:42.0416 5292 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:27:42.0431 5292 sbp2port - ok
12:27:42.0462 5292 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:27:42.0478 5292 SCardSvr - ok
12:27:42.0494 5292 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:27:42.0525 5292 scfilter - ok
12:27:42.0556 5292 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:27:42.0603 5292 Schedule - ok
12:27:42.0634 5292 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:27:42.0665 5292 SCPolicySvc - ok
12:27:42.0681 5292 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:27:42.0696 5292 SDRSVC - ok
12:27:42.0743 5292 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:27:42.0806 5292 secdrv - ok
12:27:42.0806 5292 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:27:42.0837 5292 seclogon - ok
12:27:42.0852 5292 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:27:42.0884 5292 SENS - ok
12:27:42.0899 5292 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:27:42.0899 5292 SensrSvc - ok
12:27:42.0915 5292 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
12:27:42.0915 5292 Serenum - ok
12:27:42.0930 5292 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
12:27:42.0946 5292 Serial - ok
12:27:42.0962 5292 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
12:27:42.0977 5292 sermouse - ok
12:27:43.0024 5292 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:27:43.0055 5292 SessionEnv - ok
12:27:43.0055 5292 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:27:43.0071 5292 sffdisk - ok
12:27:43.0071 5292 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:27:43.0086 5292 sffp_mmc - ok
12:27:43.0086 5292 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:27:43.0102 5292 sffp_sd - ok
12:27:43.0102 5292 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
12:27:43.0102 5292 sfloppy - ok
12:27:43.0164 5292 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:27:43.0227 5292 SharedAccess - ok
12:27:43.0274 5292 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:27:43.0336 5292 ShellHWDetection - ok
12:27:43.0336 5292 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
12:27:43.0352 5292 SiSRaid2 - ok
12:27:43.0352 5292 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
12:27:43.0367 5292 SiSRaid4 - ok
12:27:43.0383 5292 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:27:43.0414 5292 Smb - ok
12:27:43.0430 5292 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:27:43.0445 5292 SNMPTRAP - ok
12:27:43.0445 5292 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:27:43.0461 5292 spldr - ok
12:27:43.0508 5292 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
12:27:43.0539 5292 Spooler - ok
12:27:43.0648 5292 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:27:43.0695 5292 sppsvc - ok
12:27:43.0726 5292 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:27:43.0742 5292 sppuinotify - ok
12:27:43.0788 5292 [ 777115C9CC675BD98127660712D2F784 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
12:27:43.0851 5292 sprtsvc_DellSupportCenter - ok
12:27:43.0898 5292 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:27:43.0944 5292 srv - ok
12:27:43.0976 5292 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:27:44.0007 5292 srv2 - ok
12:27:44.0022 5292 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:27:44.0038 5292 srvnet - ok
12:27:44.0085 5292 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:27:44.0147 5292 SSDPSRV - ok
12:27:44.0147 5292 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:27:44.0178 5292 SstpSvc - ok
12:27:44.0210 5292 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
12:27:44.0225 5292 stexstor - ok
12:27:44.0288 5292 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:27:44.0319 5292 stisvc - ok
12:27:44.0319 5292 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windo

Valorus · « **Reply #25 on:** November 29, 2012, 03:04:55 PM »

Hi Dave,

Let me list the problems I'm still having. The bios security settings are all locked, the Windows
welcome screen blinks halfway through, I know that's no major problem, but to me, it's an indication
something's wrong. When I was rebooting earlier a page flashed that said "You're dead Jack"
and text that was gone before I could read it. When I was trying to run ComboFix, 5 instances
of Midas3 were reported by BitDefender. The addon manager is blocked and random reboots
occur. Every time I try to answer you the page disappears (I'm typing on Notepad) then a dialog
box appears with several choices, reboot, print, several others, probably not a real windows
message. Antivirus tools on the desktop disappear after a short time. I know all this isn't
a computer malfunction, and if anyone has an idea what's going on, I'd sure like to hear it.
I really appreciate your help Dave and hope you have more ideas for me. This all began when
I went to a web page, SM-bus.driver manager.com, a tool bar of some sort loaded and I can't
open the add-on manager to remove it. Help!

SuperDave · « **Reply #26 on:** November 29, 2012, 04:31:37 PM »

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

Valorus · « **Reply #27 on:** November 29, 2012, 09:48:46 PM »

Here they are Dave:

OTL Extras logfile created on: 11/29/2012 8:42:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norm 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 69.28% Memory free
15.79 Gb Paging File | 13.24 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.96 Gb Total Space | 559.56 Gb Free Space | 81.69% Space Free | Partition Type: NTFS

Computer Name: NORM2-PC | User Name: Norm 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F92F80-CF78-43EB-A287-170EA6034E71}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9080C328-E6E6-4C62-9143-9AB278287452}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E264C30-2967-4FA4-8615-23F7C0CB4FDC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{80DA7B1D-4185-4CCA-A166-6822AF9F825E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{B4DD8B99-0AA4-4A58-8A97-B5EA18D6B667}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BAAD24E7-1B3E-450B-99C9-BD00839D4250}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{E70D66C1-D0CD-4DCA-9448-752CC6396BEF}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"TCP Query User{DF3A0A7B-0D18-4F81-AB93-197C28BA8862}C:\users\norm 2\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\norm 2\appdata\local\akamai\netsession_win.exe |
"UDP Query User{4801D4A9-DBC2-4C1A-A97B-E4BC92D982FD}C:\users\norm 2\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\norm 2\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Intel® PROSet/Wireless WiFi Software
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E62381A7-B1C1-4121-8262-84D38C77786C}" = COMODO Internet Security
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}" = Intel(R) WiDi
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Bitdefender" = Bitdefender Antivirus Plus 2013
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Dell Mobile Broadband Utility
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21161DD-05A2-42ED-A0EC-9C1393F51A64}" = GeekBuddy
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Comodo Dragon" = Comodo Dragon
"Dell Mobile Broadband Utility" = Dell Mobile Broadband Utility
"Google Chrome" = Google Chrome
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2012 11:54:07 PM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 9:33:49 AM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 9:33:49 AM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 9:33:57 AM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Desktop\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 9:45:55 AM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Downloads\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 11:24:29 AM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 11:54:19 AM | Computer Name = Norm2-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/29/2012 10:27:23 PM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\Documents\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 10:30:58 PM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Norm 2\AppData\Local\Microsoft\Windows\Burn\Burn\esetsmartinstaller_enu.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 11/29/2012 10:36:49 PM | Computer Name = Norm2-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\$RECYCLE.BIN\S-1-5-21-800581336-4103718171-1207583122-1000\$RNNIJK7.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 11/27/2012 7:48:50 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/27/2012 7:56:03 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/27/2012 8:01:49 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 11/27/2012 8:11:46 PM | Computer Name = Norm2-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:10:07 PM on ?11/?27/?2012 was unexpected.

Error - 11/27/2012 8:28:25 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/27/2012 8:29:58 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/28/2012 1:06:45 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7034
Description = The Intel(R) PROSet/Wireless Zero Configuration Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 11/28/2012 7:44:21 PM | Computer Name = Norm2-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll
Error
Code: 21

Error - 11/28/2012 7:51:11 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/28/2012 7:52:52 PM | Computer Name = Norm2-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

< End of report >

Valorus · « **Reply #28 on:** November 29, 2012, 09:59:42 PM »

And here:

OTL logfile created on: 11/29/2012 8:42:32 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norm 2\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.90 Gb Total Physical Memory | 5.47 Gb Available Physical Memory | 69.28% Memory free
15.79 Gb Paging File | 13.24 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.96 Gb Total Space | 559.56 Gb Free Space | 81.69% Space Free | Partition Type: NTFS

Computer Name: NORM2-PC | User Name: Norm 2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Norm 2\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Users\Norm 2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\WSED\WSED.exe (Dell)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c07aa49ffd41a39bffaf653289f44038\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\SysWOW64\EMSC.DLL ()

========== Services (SafeList) ==========

SRV:64bit: - (HitmanProScheduler) -- C:\Program Files\HitmanPro\hmpsched.exe (SurfRight B.V.)
SRV:64bit: - (UPDATESRV) -- C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (Bitdefender)
SRV:64bit: - (VSSERV) -- C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (Bitdefender)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (ZeroConfigService) -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (DragonUpdater) -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NvtlService) -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (sprtsvc_DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (BDSandBox) -- C:\Windows\SysNative\drivers\bdsandbox.sys (BitDefender SRL)
DRV:64bit: - (trufos) -- C:\Windows\SysNative\drivers\trufos.sys (BitDefender S.R.L.)
DRV:64bit: - (avckf) -- C:\Windows\SysNative\drivers\avckf.sys (BitDefender)
DRV:64bit: - (avc3) -- C:\Windows\SysNative\drivers\avc3.sys (BitDefender)
DRV:64bit: - (gzflt) -- C:\Windows\SysNative\drivers\gzflt.sys (BitDefender LLC)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (XHCIPort) -- C:\Windows\SysNative\drivers\xHCIPort.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (usb3Hub) -- C:\Windows\SysNative\drivers\usb3Hub.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (avchv) -- C:\Windows\SysNative\drivers\avchv.sys (BitDefender)
DRV:64bit: - (bdfwfpf) -- C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 91 F5 77 2C CC CD 01 [binary data]
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS511
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.91\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Norm 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Norm 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Norm 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Norm 2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/26 12:45:23 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe (Bitdefender)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [WSED] C:\Program Files (x86)\WSED\WSED.exe (Dell)
O4 - HKU\S-1-5-21-800581336-4103718171-1207583122-1000..\Run: [Akamai NetSession Interface] C:\Users\Norm 2\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-800581336-4103718171-1207583122-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30861252-112E-48F6-8630-6E25E8AA6A2C}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/29 18:13:39 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\Desktop\httpdownload.comodo.comlps4lps-gb-x86.msi
[2012/11/29 18:12:38 | 000,000,000 | ---D | C] -- C:\AV Tools
[2012/11/29 18:12:02 | 000,000,000 | ---D | C] -- C:\httpdownload.comodo.comlps4lps-gb-x86.msi
[2012/11/28 19:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/11/28 16:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/11/28 16:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/11/28 16:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/11/28 16:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/11/28 16:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/11/28 16:27:00 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Comodo
[2012/11/28 16:26:43 | 000,054,024 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysNative\certsentry.dll
[2012/11/28 16:26:43 | 000,045,832 | ---- | C] (COMODO CA Limited) -- C:\Windows\SysWow64\certsentry.dll
[2012/11/28 16:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/11/28 16:26:38 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/11/28 16:26:38 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012/11/28 16:21:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/28 16:02:21 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/11/28 12:20:31 | 000,000,000 | ---D | C] -- C:\Rooter$
[2012/11/27 10:53:47 | 000,309,320 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysWow64\drivers\TrufosAlt.sys
[2012/11/27 10:53:47 | 000,287,304 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\TrufosAlt.sys
[2012/11/27 09:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/11/27 07:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/27 07:24:19 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/27 07:24:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/26 22:44:27 | 000,000,000 | ---D | C] -- C:\bd_logs
[2012/11/26 18:42:51 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/11/26 18:42:51 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/11/26 18:42:18 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/11/26 18:42:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/11/26 18:42:12 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/11/26 18:42:10 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/11/26 18:42:09 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/11/26 18:42:07 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/11/26 18:42:01 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/11/26 14:34:36 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Malwarebytes
[2012/11/26 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/26 14:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/26 14:34:26 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/26 14:34:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/26 13:00:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/26 12:40:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/26 12:40:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/26 12:40:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/26 12:36:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/26 12:36:18 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/26 11:42:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/11/26 11:42:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/11/26 11:09:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/11/26 11:09:28 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/11/26 11:09:28 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/26 11:09:28 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/26 11:09:28 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/26 11:09:28 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/26 11:09:28 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/26 11:09:28 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/26 11:09:28 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/26 11:09:28 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/11/26 11:09:28 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/11/26 11:09:28 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/11/26 11:09:28 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/11/26 11:09:28 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/11/26 11:09:28 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/11/26 11:09:28 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/11/26 11:09:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/26 11:09:28 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/26 11:09:28 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/26 11:09:28 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/11/26 11:09:28 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/11/26 11:09:28 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/11/26 11:09:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/26 11:09:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/26 11:09:28 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/11/26 11:09:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/11/26 11:09:28 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/11/26 11:09:28 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/11/26 11:09:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/11/26 11:09:28 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/11/26 11:09:28 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/11/26 11:09:28 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/11/26 11:09:28 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/11/26 11:09:28 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/11/26 11:09:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/26 11:09:28 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/11/26 11:09:28 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/11/26 11:09:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/11/26 11:09:28 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/11/26 11:09:28 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/11/26 11:09:28 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/11/26 11:09:28 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/11/26 11:09:28 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/11/26 11:09:28 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/11/26 11:09:28 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/26 11:09:28 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/11/26 11:09:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/11/26 11:09:28 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/11/26 11:09:28 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/11/26 11:09:28 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/11/26 11:09:28 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/11/26 11:09:28 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/11/26 11:09:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/11/26 11:09:28 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/11/26 11:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/11/26 11:09:28 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/11/26 11:09:28 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/11/26 11:09:28 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/26 11:09:28 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/11/26 11:09:28 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/11/26 11:09:28 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/11/26 11:09:28 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/11/26 11:09:28 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/11/26 11:09:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/11/26 11:09:28 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/11/26 11:09:28 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/11/26 11:09:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/11/26 11:09:28 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/11/26 11:09:28 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/11/26 11:09:28 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/11/26 11:09:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/11/26 11:09:28 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/11/26 08:31:07 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/26 08:31:07 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/26 08:31:07 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/26 08:31:07 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/26 08:22:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/11/26 08:22:50 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/11/25 17:26:38 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Intel
[2012/11/25 17:25:45 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Intel WiDi
[2012/11/25 17:25:44 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Intel WiDi
[2012/11/25 17:23:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2012/11/25 17:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2012/11/25 09:42:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/11/25 09:42:07 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/11/25 09:41:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/11/25 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Windows Live Writer
[2012/11/25 08:49:45 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Windows Live Writer
[2012/11/25 08:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/11/25 08:44:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/11/25 08:44:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/11/25 08:36:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/11/25 08:26:26 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Windows Live
[2012/11/25 08:25:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/11/25 07:40:59 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/25 07:40:59 | 000,073,656 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/25 07:40:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/11/25 07:40:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/11/25 07:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/11/25 07:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/11/25 07:22:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/11/25 07:22:39 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/11/25 07:22:39 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/11/25 07:22:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/11/25 07:22:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/11/25 07:22:39 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/11/25 07:22:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/11/25 07:22:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/11/25 07:22:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/11/25 07:22:39 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/11/25 07:22:38 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/11/25 07:22:36 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/11/25 07:22:35 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/11/25 07:22:34 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/25 07:22:34 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/25 07:22:34 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/25 07:22:31 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/11/25 07:22:31 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/11/25 07:22:29 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/11/25 07:22:29 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/11/25 07:22:29 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/11/25 07:22:29 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/11/25 07:22:29 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/11/25 07:22:29 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/11/25 07:22:27 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/11/25 07:22:27 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/11/25 07:22:27 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/11/25 07:22:26 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/11/25 07:22:18 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/11/25 07:22:17 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/11/25 07:22:16 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/11/25 07:22:16 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/11/25 07:22:16 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/11/25 07:22:16 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/11/25 07:22:16 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/11/25 07:22:16 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/11/25 07:22:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/11/25 07:22:16 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/11/25 07:22:16 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/11/25 07:22:16 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/11/25 07:22:16 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/11/25 07:22:16 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/11/25 07:22:13 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/11/25 07:22:13 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/11/25 07:22:13 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/11/25 07:22:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/11/25 07:22:13 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/11/25 07:22:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/11/25 07:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/11/25 07:22:11 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/11/25 07:22:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/11/25 07:22:09 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/11/25 07:22:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/11/25 07:22:08 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/11/25 07:22:08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/11/25 07:22:02 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/11/25 07:22:02 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/11/25 07:22:00 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/11/25 07:22:00 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/11/25 07:22:00 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/11/25 07:21:53 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/11/25 07:21:52 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/11/25 07:21:52 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/11/25 07:21:52 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/11/25 07:21:48 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/11/25 07:21:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/11/25 07:21:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/11/25 07:21:48 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/11/25 07:21:48 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/11/25 07:21:48 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/11/25 07:21:47 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/11/25 07:21:47 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/11/25 07:21:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/11/25 07:21:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/11/25 07:21:47 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/11/25 07:21:47 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/11/25 07:21:47 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/11/25 07:21:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/11/25 07:21:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/11/25 07:21:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/11/25 07:21:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/11/25 07:21:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/11/25 07:21:46 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/11/25 07:21:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/25 07:21:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/25 07:21:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/11/25 07:21:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/11/25 07:21:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/11/25 07:21:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/25 07:21:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/11/25 07:21:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/11/25 07:21:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/11/25 07:21:41 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/11/25 07:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/11/25 07:21:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/11/25 07:21:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/11/25 07:21:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/11/25 07:21:07 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/11/25 07:21:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/11/25 07:21:05 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/11/25 07:21:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/11/25 07:21:03 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/11/25 07:21:02 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/11/25 07:21:02 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/11/25 07:21:02 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/11/25 07:21:02 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/11/25 07:21:02 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/11/25 07:21:02 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/11/25 07:20:59 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/11/25 07:20:59 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/11/25 07:20:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/25 07:20:59 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/25 07:20:59 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/25 07:20:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/25 07:20:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/25 07:20:58 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/25 07:20:55 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/11/25 07:19:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/11/25 07:19:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/11/25 07:19:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/11/25 07:19:55 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/11/25 07:19:54 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/11/25 07:19:43 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/11/25 07:19:10 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/11/25 07:19:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/11/25 07:19:10 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/11/25 07:19:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/11/25 07:19:02 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/25 07:19:02 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/25 07:18:55 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/11/25 07:18:48 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/11/25 07:18:48 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/11/25 07:18:47 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/11/25 07:18:47 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/11/25 07:18:47 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/11/25 07:18:47 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/11/25 07:18:47 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/11/25 07:18:26 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/11/25 07:18:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/11/25 07:18:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/11/25 07:18:25 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/11/25 07:18:25 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/11/25 07:18:24 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/11/25 07:18:23 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/11/25 07:18:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/11/25 07:18:22 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/11/25 07:18:17 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/11/25 07:17:59 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/11/25 07:17:59 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/11/25 07:17:47 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/11/25 07:17:46 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/11/25 07:17:46 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/11/25 07:17:42 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/11/25 07:17:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/11/25 07:11:21 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Akamai
[2012/11/25 07:09:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/11/25 07:09:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/11/25 07:06:24 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/11/25 07:06:23 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/11/25 07:06:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/11/25 07:05:39 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/11/25 07:05:25 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/11/25 07:05:25 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/11/25 07:03:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/11/25 07:03:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/11/25 07:02:19 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2012/11/25 07:01:36 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Apps
[2012/11/25 07:01:34 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Deployment
[2012/11/25 06:54:15 | 000,082,384 | ---- | C] (BitDefender SRL) -- C:\Windows\SysNative\drivers\bdsandbox.sys
[2012/11/25 06:54:09 | 000,350,160 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\SysNative\drivers\trufos.sys
[2012/11/25 06:53:56 | 000,587,024 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\avckf.sys
[2012/11/25 06:53:44 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Google
[2012/11/25 06:53:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/11/25 06:52:18 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Local\Google
[2012/11/25 06:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/11/25 06:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/11/25 06:51:24 | 000,076,944 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdvedisk.sys
[2012/11/25 06:46:34 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/11/25 06:46:34 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/11/25 06:46:34 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/11/25 06:46:22 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/11/25 06:46:22 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/11/25 06:46:22 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/11/25 06:46:10 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/11/25 06:46:10 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/11/25 06:03:43 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\WLANProfiles
[2012/11/25 06:03:32 | 000,000,000 | ---D | C] -- C:\Users\Norm 2\AppData\Roaming\Intel
[2012/11/25 06:03:19 | 000,000,000 | ---D | C] -- C:\Users\No

SuperDave · « **Reply #29 on:** November 30, 2012, 04:44:32 PM »

Ok. We'll have to try something drastic.

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Choose your language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[/list]

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64 and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to the disclaimer.
Place a check next to List Drivers MD5 as well as the default check marks that are already there
Press Scan button.
type exit and reboot the computer normally
FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

Valorus · « **Reply #30 on:** December 01, 2012, 10:23:19 AM »

It was a disaster, Dave. repair was slooow, system restore gave error msg 0800700b7, it rebooted
in the middle of restore, then would't recognize the flash drive. I did do a scan in windows, if that
would do any good.

Valorus · « **Reply #31 on:** December 01, 2012, 10:44:28 AM »

Here's a new ComboFix file FWIW:ComboFix 12-11-27.01 - Norm 2 12/01/2012 9:35.10.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8086.6429 [GMT -8:00]
Running from: c:\users\Norm 2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1354379020.bdinstall.bin
c:\users\Norm 2\GoToAssistDownloadHelper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 17:40 . 2012-12-01 17:40   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-12-01 17:14 . 2010-10-04 21:02   53248   ----a-w-   c:\windows\SysWow64\CSVer.dll
2012-12-01 16:52 . 2012-12-01 16:51   972264   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5BA8C9AF-6C65-4D17-9847-45A30348F0BF}\gapaengine.dll
2012-12-01 16:51 . 2012-11-08 17:24   9125352   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FF7B37FF-777F-4996-ABAB-34DE0061EAC1}\mpengine.dll
2012-12-01 16:45 . 2012-12-01 16:45   --------   d-----w-   c:\program files (x86)\Microsoft Security Client
2012-12-01 16:45 . 2012-12-01 16:46   --------   d-----w-   c:\program files\Microsoft Security Client
2012-12-01 16:37 . 2012-11-19 09:01   9125352   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{06F992C3-3D7B-45EC-A587-B0F1E84849D2}\mpengine.dll
2012-12-01 16:07 . 2012-12-01 16:07   --------   d-----w-   c:\programdata\Citrix
2012-12-01 16:06 . 2012-12-01 16:06   --------   d-----w-   c:\program files (x86)\Citrix
2012-12-01 05:46 . 2012-12-01 06:00   4096000   ----a-w-   c:\program files (x86)\GUTAF42.tmp
2012-12-01 04:56 . 2012-12-01 05:05   --------   d-----w-   C:\FRST
2012-11-30 02:12 . 2012-11-30 02:12   --------   d-----w-   C:\AV Tools
2012-11-30 02:12 . 2012-11-30 02:12   --------   d-----w-   C:\httpdownload.comodo.comlps4lps-gb-x86.msi
2012-11-29 00:35 . 2012-11-29 00:35   --------   d-----w-   c:\programdata\CPA_VA
2012-11-29 00:27 . 2012-12-01 16:31   --------   d-----w-   c:\programdata\Comodo
2012-11-29 00:26 . 2012-12-01 16:43   --------   d-----w-   c:\program files (x86)\Comodo
2012-11-29 00:26 . 2012-11-29 00:26   348160   ----a-w-   c:\windows\SysWow64\msvcr71.dll
2012-11-29 00:26 . 2012-11-29 00:26   1700352   ----a-w-   c:\windows\SysWow64\gdiplus.dll
2012-11-29 00:26 . 2012-11-29 00:26   1060864   ----a-w-   c:\windows\SysWow64\mfc71.dll
2012-11-28 20:20 . 2012-11-28 20:24   --------   d-----w-   C:\Rooter$
2012-11-27 18:53 . 2012-11-27 18:54   309320   ----a-w-   c:\windows\SysWow64\drivers\TrufosAlt.sys
2012-11-27 18:53 . 2012-11-27 18:54   287304   ----a-w-   c:\windows\system32\drivers\TrufosAlt.sys
2012-11-27 15:58 . 2012-12-01 15:53   --------   d-----w-   c:\program files\CCleaner
2012-11-27 15:24 . 2012-07-26 04:47   2560   ----a-w-   c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-27 15:24 . 2012-07-26 04:55   785512   ----a-w-   c:\windows\system32\drivers\Wdf01000.sys
2012-11-27 15:24 . 2012-07-26 04:55   54376   ----a-w-   c:\windows\system32\drivers\WdfLdr.sys
2012-11-27 15:24 . 2012-07-26 02:36   9728   ----a-w-   c:\windows\system32\Wdfres.dll
2012-11-27 06:44 . 2012-11-27 07:02   --------   d-----w-   C:\bd_logs
2012-11-27 02:43 . 2012-07-06 20:07   552960   ----a-w-   c:\windows\system32\drivers\bthport.sys
2012-11-27 02:43 . 2011-04-28 03:54   80384   ----a-w-   c:\windows\system32\drivers\BTHUSB.SYS
2012-11-27 02:41 . 2011-03-11 04:37   91648   ----a-w-   c:\windows\system32\drivers\USBSTOR.SYS
2012-11-26 23:12 . 2012-11-26 23:12   27136   ----a-w-   c:\windows\system32\bddel.exe
2012-11-26 22:34 . 2012-12-01 15:39   --------   d-----w-   c:\programdata\Malwarebytes
2012-11-26 21:00 . 2012-12-01 15:39   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-11-26 19:42 . 2012-12-01 15:54   --------   d-----w-   c:\windows\SysWow64\Wat
2012-11-26 19:42 . 2012-12-01 15:54   --------   d-----w-   c:\windows\system32\Wat
2012-11-26 16:31 . 2012-07-26 03:08   84992   ----a-w-   c:\windows\system32\WUDFSvc.dll
2012-11-26 16:31 . 2012-07-26 02:26   87040   ----a-w-   c:\windows\system32\drivers\WUDFPf.sys
2012-11-26 16:31 . 2012-07-26 02:26   198656   ----a-w-   c:\windows\system32\drivers\WUDFRd.sys
2012-11-26 16:31 . 2012-07-26 03:08   229888   ----a-w-   c:\windows\system32\WUDFHost.exe
2012-11-26 16:31 . 2012-07-26 03:08   744448   ----a-w-   c:\windows\system32\WUDFx.dll
2012-11-26 16:31 . 2012-07-26 03:08   45056   ----a-w-   c:\windows\system32\WUDFCoinstaller.dll
2012-11-26 16:31 . 2012-07-26 03:08   194048   ----a-w-   c:\windows\system32\WUDFPlatform.dll
2012-11-26 16:22 . 2012-03-01 06:46   23408   ----a-w-   c:\windows\system32\drivers\fs_rec.sys
2012-11-26 16:22 . 2012-03-01 06:33   81408   ----a-w-   c:\windows\system32\imagehlp.dll
2012-11-26 16:22 . 2012-03-01 06:28   5120   ----a-w-   c:\windows\system32\wmi.dll
2012-11-26 16:22 . 2012-03-01 05:33   159232   ----a-w-   c:\windows\SysWow64\imagehlp.dll
2012-11-26 16:22 . 2012-03-01 05:29   5120   ----a-w-   c:\windows\SysWow64\wmi.dll
2012-11-26 01:23 . 2012-12-01 15:38   --------   d-----w-   c:\program files\Intel Corporation
2012-11-25 17:41 . 2012-11-25 18:00   --------   d-----w-   c:\programdata\HitmanPro
2012-11-25 16:45 . 2012-11-25 16:45   --------   d-----w-   c:\program files\Windows Live
2012-11-25 16:44 . 2012-11-25 16:44   --------   d-----w-   c:\windows\PCHEALTH
2012-11-25 16:44 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Windows Live
2012-11-25 16:36 . 2012-11-25 16:36   --------   d-----w-   c:\program files (x86)\Microsoft.NET
2012-11-25 16:25 . 2012-12-01 15:35   --------   d-----w-   c:\program files (x86)\Common Files\Windows Live
2012-11-25 15:40 . 2012-11-25 15:40   73656   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-25 15:40 . 2012-11-25 15:40   697272   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 15:40 . 2012-11-25 15:40   --------   d-----w-   c:\windows\SysWow64\Macromed
2012-11-25 15:40 . 2012-11-25 15:40   --------   d-----w-   c:\windows\system32\Macromed
2012-11-25 15:29 . 2012-11-25 15:29   --------   d-----w-   c:\program files (x86)\Microsoft Silverlight
2012-11-25 15:21 . 2011-03-11 06:34   1359872   ----a-w-   c:\windows\system32\mfc42u.dll
2012-11-25 15:20 . 2012-10-03 17:56   1914248   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2012-11-25 15:19 . 2012-05-01 05:40   209920   ----a-w-   c:\windows\system32\profsvc.dll
2012-11-25 15:18 . 2012-03-17 07:58   75120   ----a-w-   c:\windows\system32\drivers\partmgr.sys
2012-11-25 15:17 . 2011-10-15 06:31   723456   ----a-w-   c:\windows\system32\EncDec.dll
2012-11-25 15:09 . 2012-02-17 06:38   1031680   ----a-w-   c:\windows\system32\rdpcore.dll
2012-11-25 15:09 . 2012-02-17 05:34   826880   ----a-w-   c:\windows\SysWow64\rdpcore.dll
2012-11-25 15:09 . 2012-02-17 04:57   23552   ----a-w-   c:\windows\system32\drivers\tdtcp.sys
2012-11-25 15:06 . 2012-02-11 06:43   751104   ----a-w-   c:\windows\system32\win32spl.dll
2012-11-25 15:06 . 2012-02-11 06:36   559104   ----a-w-   c:\windows\system32\spoolsv.exe
2012-11-25 15:06 . 2012-02-11 06:36   67072   ----a-w-   c:\windows\splwow64.exe
2012-11-25 15:06 . 2012-02-11 05:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2012-11-25 15:05 . 2011-11-17 06:41   1731920   ----a-w-   c:\windows\system32\ntdll.dll
2012-11-25 15:05 . 2011-11-17 05:38   1292080   ----a-w-   c:\windows\SysWow64\ntdll.dll
2012-11-25 15:05 . 2012-06-02 05:41   184320   ----a-w-   c:\windows\system32\cryptsvc.dll
2012-11-25 15:05 . 2012-06-02 05:41   140288   ----a-w-   c:\windows\system32\cryptnet.dll
2012-11-25 15:05 . 2012-06-02 05:41   1464320   ----a-w-   c:\windows\system32\crypt32.dll
2012-11-25 15:05 . 2012-06-02 04:36   1159680   ----a-w-   c:\windows\SysWow64\crypt32.dll
2012-11-25 15:05 . 2012-06-02 04:36   140288   ----a-w-   c:\windows\SysWow64\cryptsvc.dll
2012-11-25 15:05 . 2012-06-02 04:36   103936   ----a-w-   c:\windows\SysWow64\cryptnet.dll
2012-11-25 15:03 . 2011-11-19 14:58   77312   ----a-w-   c:\windows\system32\packager.dll
2012-11-25 15:03 . 2011-11-19 14:01   67072   ----a-w-   c:\windows\SysWow64\packager.dll
2012-11-25 15:01 . 2012-11-25 15:01   --------   d-----w-   c:\program files (x86)\GUMED0C.tmp
2012-11-25 14:53 . 2012-12-01 15:53   --------   d-----w-   c:\program files\Google
2012-11-25 14:52 . 2012-11-25 14:52   --------   d-----w-   c:\program files (x86)\GUM3F2D.tmp
2012-11-25 14:52 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Google
2012-11-25 14:46 . 2012-06-02 22:19   2428952   ----a-w-   c:\windows\system32\wuaueng.dll
2012-11-25 14:46 . 2012-06-02 22:19   57880   ----a-w-   c:\windows\system32\wuauclt.exe
2012-11-25 14:46 . 2012-06-02 22:19   44056   ----a-w-   c:\windows\system32\wups2.dll
2012-11-25 14:46 . 2012-06-02 22:15   2622464   ----a-w-   c:\windows\system32\wucltux.dll
2012-11-25 14:46 . 2012-06-02 22:19   38424   ----a-w-   c:\windows\system32\wups.dll
2012-11-25 14:46 . 2012-06-02 22:19   701976   ----a-w-   c:\windows\system32\wuapi.dll
2012-11-25 14:46 . 2012-06-02 22:15   99840   ----a-w-   c:\windows\system32\wudriver.dll
2012-11-25 14:46 . 2012-06-02 23:19   186752   ----a-w-   c:\windows\system32\wuwebv.dll
2012-11-25 14:46 . 2012-06-02 23:15   36864   ----a-w-   c:\windows\system32\wuapp.exe
2012-11-25 14:03 . 2012-12-01 15:54   --------   d--h--w-   c:\windows\system32\WLANProfiles
2012-11-25 14:03 . 2012-11-25 14:03   --------   d-----w-   c:\users\Public\Roaming
2012-11-25 14:03 . 2012-11-25 14:03   --------   d-----w-   c:\users\Default\Roaming
2012-11-25 14:01 . 2012-12-01 15:53   --------   d-----w-   c:\program files\Common Files\Intel
2012-11-25 14:01 . 2012-11-25 14:01   --------   d-----w-   c:\program files (x86)\Cisco
2012-11-25 13:59 . 2012-11-25 13:59   --------   d-----w-   c:\program files\Dell
2012-11-25 03:48 . 2012-12-01 15:53   --------   d-----w-   C:\System Recovery
2012-11-25 03:47 . 2012-12-01 15:53   --------   d-----w-   C:\Emergency
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\programdata\SupportSoft
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\programdata\PCDr
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\program files (x86)\Dell Support Center
2012-11-25 02:12 . 2012-11-25 02:12   --------   d-----w-   c:\program files (x86)\Common Files\supportsoft
2012-11-25 02:12 . 2012-11-25 13:59   --------   d-----w-   c:\programdata\Dell
2012-11-25 02:09 . 2009-09-04 17:24   41280   ----a-w-   c:\windows\system32\drivers\PCASp50a64.sys
2012-11-25 02:09 . 2012-12-01 15:53   --------   d-----w-   c:\program files (x86)\Common Files\Telespree
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Verizon Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Telespree
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\programdata\Novatel Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\programdata\AT&T
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\Novatel Wireless
2012-11-25 02:09 . 2012-11-25 02:09   --------   d-----w-   c:\program files (x86)\AT&T
2012-11-25 02:05 . 2012-12-01 17:14   --------   d-----w-   c:\program files (x86)\Intel
2012-11-25 02:00 . 2012-11-25 02:00   --------   d-----w-   c:\windows\SysWow64\RTCOM
2012-11-25 02:00 . 2012-11-25 02:00   --------   d-----w-   c:\program files\Realtek
2012-11-25 00:58 . 2012-12-01 15:39   --------   d-----w-   c:\programdata\Intel
2012-11-25 00:57 . 2012-11-25 14:04   --------   d-----w-   c:\program files\Intel
2012-11-24 23:57 . 2012-11-25 02:08   --------   d-----w-   c:\program files (x86)\Dell
2012-11-24 23:57 . 2012-11-24 23:57   --------   d-----w-   c:\windows\SysWow64\vmm32
2012-11-24 22:45 . 2012-11-24 22:45   --------   d-----w-   c:\programdata\BDLogging
2012-11-24 22:45 . 2009-07-15 00:21   1721576   ----a-w-   c:\windows\system32\WdfCoInstaller01009.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-11-27 23:29   135168   ----a-w-   c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:29   350208   ----a-w-   c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:29   561664   ----a-w-   c:\windows\apppatch\AcLayers.dll
2012-10-10 10:22 . 2012-10-10 10:22   80384   ----a-w-   c:\windows\system32\igdde64.dll
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrtrk.lrc
2012-10-10 10:22 . 2012-10-10 10:22   216064   ----a-w-   c:\windows\system32\iglhcp64.dll
2012-10-10 10:22 . 2012-10-10 10:22   180224   ----a-w-   c:\windows\SysWow64\iglhcp32.dll
2012-10-10 10:22 . 2012-10-10 10:22   5903392   ----a-w-   c:\windows\system32\GfxUI.exe
2012-10-10 10:22 . 2012-10-10 10:22   519680   ----a-w-   c:\windows\SysWow64\iglhsip32.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrdeu.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrhun.lrc
2012-10-10 10:22 . 2012-10-10 10:22   3776512   ----a-w-   c:\windows\SysWow64\igfxcmjit32.dll
2012-10-10 10:22 . 2012-10-10 10:22   10673664   ----a-w-   c:\windows\SysWow64\ig4icd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   64512   ----a-w-   c:\windows\SysWow64\igdde32.dll
2012-10-10 10:22 . 2012-10-10 10:22   501760   ----a-w-   c:\windows\system32\igfxcmrt64.dll
2012-10-10 10:22 . 2012-10-10 10:22   439296   ----a-w-   c:\windows\system32\igfxrrus.lrc
2012-10-10 10:22 . 2012-10-10 10:22   431104   ----a-w-   c:\windows\system32\igfxrkor.lrc
2012-10-10 10:22 . 2012-10-10 10:22   410624   ----a-w-   c:\windows\system32\igfxTMM.dll
2012-10-10 10:22 . 2012-10-10 10:22   12836864   ----a-w-   c:\windows\system32\igd10umd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   110592   ----a-w-   c:\windows\system32\hccutils.dll
2012-10-10 10:22 . 2012-10-10 10:22   330240   ----a-w-   c:\windows\SysWow64\igfxdv32.dll
2012-10-10 10:22 . 2012-10-10 10:22   12604416   ----a-w-   c:\windows\system32\igdumd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   441888   ----a-w-   c:\windows\system32\igfxpers.exe
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrhrv.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrcsy.lrc
2012-10-10 10:22 . 2012-10-10 10:22   25088   ----a-w-   c:\windows\SysWow64\igfxexps32.dll
2012-10-10 10:22 . 2012-10-10 10:22   9007616   ----a-w-   c:\windows\system32\igfxress.dll
2012-10-10 10:22 . 2012-10-10 10:22   63488   ----a-w-   c:\windows\system32\igfxsrvc.dll
2012-10-10 10:22 . 2012-10-10 10:22   5343584   ----a-w-   c:\windows\system32\drivers\igdkmd64.sys
2012-10-10 10:22 . 2012-10-10 10:22   448512   ----a-w-   c:\windows\SysWow64\igfx11cmrt32.dll
2012-10-10 10:22 . 2012-10-10 10:22   441856   ----a-w-   c:\windows\system32\igfxdev.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrnld.lrc
2012-10-10 10:22 . 2012-10-10 10:22   399392   ----a-w-   c:\windows\system32\hkcmd.exe
2012-10-10 10:22 . 2012-10-10 10:22   272928   ----a-w-   c:\windows\system32\igvpkrng600.bin
2012-10-10 10:22 . 2012-10-10 10:22   126976   ----a-w-   c:\windows\system32\igfxcpl.cpl
2012-10-10 10:22 . 2012-10-10 10:22   116224   ----a-w-   c:\windows\system32\igfxCoIn_v2867.dll
2012-10-10 10:22 . 2012-10-10 10:22   604160   ----a-w-   c:\windows\SysWow64\igfxcmrt32.dll
2012-10-10 10:22 . 2012-10-10 10:22   4571136   ----a-w-   c:\windows\system32\igfxcmjit64.dll
2012-10-10 10:22 . 2012-10-10 10:22   439808   ----a-w-   c:\windows\system32\igfxresn.lrc
2012-10-10 10:22 . 2012-10-10 10:22   439296   ----a-w-   c:\windows\system32\igfxrrom.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrsve.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrslv.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrnor.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437248   ----a-w-   c:\windows\system32\igfxrdan.lrc
2012-10-10 10:22 . 2012-10-10 10:22   277024   ----a-w-   c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-10-10 10:22 . 2012-10-10 10:22   185376   ----a-w-   c:\windows\system32\difx64.exe
2012-10-10 10:22 . 2012-10-10 10:22   173568   ----a-w-   c:\windows\system32\gfxSrvc.dll
2012-10-10 10:22 . 2012-10-10 10:22   12887040   ----a-w-   c:\windows\system32\ig4icd64.dll
2012-10-10 10:22 . 2012-10-10 10:22   435712   ----a-w-   c:\windows\system32\igfxrheb.lrc
2012-10-10 10:22 . 2012-10-10 10:22   429056   ----a-w-   c:\windows\system32\igfxrcht.lrc
2012-10-10 10:22 . 2012-10-10 10:22   171040   ----a-w-   c:\windows\system32\igfxtray.exe
2012-10-10 10:22 . 2012-10-10 10:22   11158528   ----a-w-   c:\windows\SysWow64\igd10umd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   94208   ----a-w-   c:\windows\system32\IccLibDll_x64.dll
2012-10-10 10:22 . 2012-10-10 10:22   509984   ----a-w-   c:\windows\system32\igfxsrvc.exe
2012-10-10 10:22 . 2012-10-10 10:22   440320   ----a-w-   c:\windows\system32\igfxrell.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrptg.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrplk.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrita.lrc
2012-10-10 10:22 . 2012-10-10 10:22   438272   ----a-w-   c:\windows\system32\igfxrfin.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437248   ----a-w-   c:\windows\system32\igfxrtha.lrc
2012-10-10 10:22 . 2012-10-10 10:22   428544   ----a-w-   c:\windows\system32\igfxrchs.lrc
2012-10-10 10:22 . 2012-10-10 10:22   286208   ----a-w-   c:\windows\system32\igfxrenu.lrc
2012-10-10 10:22 . 2012-10-10 10:22   142336   ----a-w-   c:\windows\system32\igfxdo.dll
2012-10-10 10:22 . 2012-10-10 10:22   963452   ----a-w-   c:\windows\system32\igcodeckrng600.bin
2012-10-10 10:22 . 2012-10-10 10:22   482304   ----a-w-   c:\windows\system32\igfx11cmrt64.dll
2012-10-10 10:22 . 2012-10-10 10:22   386048   ----a-w-   c:\windows\system32\igfxpph.dll
2012-10-10 10:22 . 2012-10-10 10:22   524800   ----a-w-   c:\windows\system32\iglhsip64.dll
2012-10-10 10:22 . 2012-10-10 10:22   438784   ----a-w-   c:\windows\system32\igfxrsky.lrc
2012-10-10 10:22 . 2012-10-10 10:22   435712   ----a-w-   c:\windows\system32\igfxrara.lrc
2012-10-10 10:22 . 2012-10-10 10:22   432128   ----a-w-   c:\windows\system32\igfxrjpn.lrc
2012-10-10 10:22 . 2012-10-10 10:22   28672   ----a-w-   c:\windows\system32\igfxexps.dll
2012-10-10 10:22 . 2012-10-10 10:22   252448   ----a-w-   c:\windows\system32\igfxext.exe
2012-10-10 10:22 . 2012-10-10 10:22   11040256   ----a-w-   c:\windows\SysWow64\igdumd32.dll
2012-10-10 10:22 . 2012-10-10 10:22   9728   ----a-w-   c:\windows\system32\IGFXDEVLib.dll
2012-10-10 10:22 . 2012-10-10 10:22   439808   ----a-w-   c:\windows\system32\igfxrfra.lrc
2012-10-10 10:22 . 2012-10-10 10:22   437760   ----a-w-   c:\windows\system32\igfxrptb.lrc
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-25 39408]
"Akamai NetSession Interface"="c:\users\Norm 2\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WSED"="c:\program files (x86)\WSED\WSED.exe" [2009-05-27 247080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-15 198144]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2012-08-10 35256]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-06-26 272688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-26 1255736]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-15 659976]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-04-24 135952]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-09-04 82432]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-06-26 3325232]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-15 198144]
S3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2010-10-26 75264]
S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-10-26 173568]
S3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2010-10-26 81408]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2012-08-10 25528]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-09-14 95744]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-09-14 212992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys [2012-08-10 48096]
S3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys [2012-08-10 188384]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 15:40]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30861252-112E-48F6-8630-6E25E8AA6A2C}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{394E9F84-92E2-4F00-B847-65EB4B9B8137}: NameServer = 8.26.56.26,156.154.70.22
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-800581336-4103718171-1207583122-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-01 09:41:54
ComboFix-quarantined-files.txt 2012-12-01 17:41
ComboFix2.txt 2012-11-28 23:54
ComboFix3.txt 2012-11-28 00:31
ComboFix4.txt 2012-11-27 18:17
ComboFix5.txt 2012-12-01 17:34
.
Pre-Run: 595,053,076,480 bytes free
Post-Run: 594,967,019,520 bytes free
.
- - End Of File - - F6D68AD5A4BC977D1AB10D9C2FC5C7A5

SuperDave · « **Reply #32 on:** December 01, 2012, 04:39:23 PM »

Well, that sucks. The only thing I can think of doing is what Dave Lembke suggested; go back to Dell and tell them the computer is malfunctioning.

Valorus · « **Reply #33 on:** December 01, 2012, 05:36:57 PM »

OK Dave. Well it's been fun. Thanks a lot for all your time and effort.

SuperDave · « **Reply #34 on:** December 02, 2012, 12:00:15 PM »

Quote from: Valorus on December 01, 2012, 05:36:57 PM

OK Dave. Well it's been fun. Thanks a lot for all your time and effort.

Please let me know how it turns out?

Valorus · « **Reply #35 on:** December 13, 2012, 04:21:05 PM »

Hi Dave;

I got a new computer from Dell and a healthy dose of paranoia. I still have the old one that has malware imbedded in flash memory? I replaced the hard drive
with a new one, replaced the ram and still have the virus. If you or anyone else has any ideas on how to begin, I'd sure appreciate it. Replacing the motherboard
wouldn't really be cost effective and I hate to throw it away or strip it for parts. Any ideas, let me know. This is a Dell N7010, Win 7, i5 w/4GB ram.
Thanks for all your help,

Norm

SuperDave · « **Reply #36 on:** December 14, 2012, 12:17:32 PM »

Quote

I still have the old one that has malware imbedded in flash memory? I replaced the hard drive
with a new one, replaced the ram and still have the virus.

What makes you think you have malware? None of the scans indicate that possibility.

Valorus · « **Reply #37 on:** December 14, 2012, 07:30:17 PM »

Hi Dave;

Well, to begin with, I'm unable to reinstall Win 7. It starts normally then slows gradually until it stops completely. Any USB or SD cards, no matter what's on
them read as though they're empty. The drivers associated with the wireless adapter are missing and any attempts to reinstall them fail. I'm not sure this
is in the bios, but it must be in flash memory somewhere. HDD reformatting, or even a new hard drive didn't get rid of whatever this is. I've tried Bitdefender,
Comodo and Avast (not at the same time), and they all fail during a scan. This isn't the three day old computer, Dell kindly took care of that, it's the one it replaced.
Disk wiping programs won't run on this machine, I have to use a clean one. I eventually used a new 200GB HDD with brand new memory and the virus was
still there, so I'm really at a loss. I don't want to take any more of your time and patience, from what we've done earlier I know enough to get myself
in serious trouble, Dell techs in India recommended I replace the motherboard but I don't know if it's worth it.

Thanks for listening;

Norm

SuperDave · « **Reply #38 on:** December 15, 2012, 12:32:37 PM »

If it is, indeed, a BIOS infection, it's the first time I've run up against it. Please try running this scanner and post the log. Also, you can read more about such a problem as this here. They recommend downloading and installing a new BIOS.

Valorus · « **Reply #39 on:** December 15, 2012, 12:52:05 PM »

I only called it a bios infection because it locked the security settings. I can't find a scanner.

SuperDave · « **Reply #40 on:** December 15, 2012, 05:04:46 PM »

Sorry.
Malwarebytes' Anti-Rootkit

Please download Malwarebytes' Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page for performing a scan.
Caution: This is a beta version so also read the disclaimer and back up all your data before using.
When the scan completes, click on the Cleanup button to remove any threats found and reboot the computer if prompted to do so.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If there are problems with Internet access, Windows Update, Windows Firewall or other system issues, run the fixdamage tool located in the folder Malwarebytes Anti-Rootkit was run from and reboot your computer.
Two files (mbar-log-YYYY-MM-DD, system-log.txt) will be created and saved within that same folder.
Copy and paste the contents of these two log files in your next reply.

Valorus · « **Reply #41 on:** December 15, 2012, 07:22:43 PM »

I replaced the bios and everything is "normal" now. Malwarebytes found nothing so I guess
this computer will be for the grandkids when they come, I won't be able to trust it for quite a while,
but at least it's running.
I can't thank you enough for all the time you put into this project, Dave. I can see how many
folks you're helping and don't know how you do it. I don't suppose you do plumbing?

Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org

Database version: v2012.12.16.02

Windows 7 x64 FAT32
Internet Explorer 8.0.7600.16385
Norm orig :: NORMORIG-PC [administrator]

12/15/2012 6:22:10 PM
mbar-log-2012-12-15 (18-22-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 41332
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

SuperDave · « **Reply #42 on:** December 16, 2012, 12:11:53 PM »

Quote

I replaced the bios and everything is "normal" now. Malwarebytes found nothing so I guess
this computer will be for the grandkids when they come, I won't be able to trust it for quite a while,
but at least it's running.

Good job. Congrats. You now have a new BIOS and new hard drive so it should be just like a new computer. I will provide some information about keeping your computer safe while on-line below. As you may have read there was a very good chance that your BIOS was infected in-house.

Quote

Dave. I can see how many
folks you're helping and don't know how you do it. I don't suppose you do plumbing?

Yup, plumbing, carpentry, electrical, new floors, ceramics and I'll provide some background music if you need it.

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Computer Hope Forum

News:

Author Topic: Three day old laptop has bios malware. (Read 34091 times)

Valorus

DaveLembke

Allan

BC_Programmer

Valorus

Allan

Valorus

Allan

Valorus

Allan

Valorus

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

Valorus

Valorus

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave

Valorus

SuperDave